Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: rogerd
After looking a bit closer I noticed that spammers don't only send spam with fake sender emails, they also sign up to forums using some random email address they got from a bulk email CD. And what happens when someone with the name of WIAGRAAA signs up for our forums using the email address of firstname.lastname@example.org? Innocent Joe gets an activation email from *us*. Quite clearly, that's SPAM - the email that was sent was never requested by him (unsolicited!), and it has our mail server credentials on it. Joe reports the mail as spam, and there we are, labelled as spammers. I'd even go so far to say that using Domainkeys makes things worse, because it "proves" that we are the actual senders of this kind of forum signup spam.
Does anyone have the faintest clue how to solve this problem? Dump activation emails altogether and rely on captcha only?
Innocent Joe gets an activation email
Please clarify what you mean by "activation email".
Is this a notification that the account is set-up and ready to use, or is it a request for verification?
If it is a request for verification, (typically by clicking on a link containing a code) then it should clearly state that "somebody" signed-up at your forum with this email address, and it might have been a mistake. This should make it clear that the message is not spam. It should say that if this is not the person that signed-up, they need do nothing, and the account will not be activated, and they will receive no more email from you.
I would also make sure that there is a response address - even though you don't require a response to delete the mail. Nothing gets some users blood boiling more than an email saying "do not respond to this email, automated, blah, blah, blah".
It is is NOT a request for verification, why isn't it? Nobody should be activating accounts without a response to an email these days. If you require verification, your site is useless to spammers. (But unfortunately, spammers don't seem very concerned about wasted effort...)
@jtara: Sure, those are requests for verification. Again, here I'm only judging by my own approach: when I get spam by a site I've never been to, I don't care if it says that "someone" signed me up and that it all may be a mistake (isn't that what spam mails always say?). If it looks like spam and feels like spam, I'll tag it, no matter what the exact wording.
Today I received a real spam mail that made it past my filter. It contains the access data for a site I've never been to. Seriously, how are people supposed to tell the difference? It's really an OLD, OLD scam technique.