This will block the User_Agents that ignore Robots.txt.

[webmasterworld.com...]

Formail needs to be modified so that the email address is inside of it and not exposed on the page. This means one Formmail.pl form per address. Use the site search for formmail hack or ask a question in Server Side Scripting.

I did both these methods and spam has dropped off very significantly.

every so often I take a look through the spam and LART a few worthy causes...usually by complaining to their web hosts

things are getting worse though...maybe it's time to begin The War Against Spammers

There are a couple of PERL scripts that can poison spammers. Just like a kind of cloaking script, it feeds spambots with known spammers adresses, so they SPAM each other. I use SugarPlum for my Unix servers.

Also, I just love to connect two spammers together, especially when they use auto responders...

Something I saw and liked was the idea to add "NO_SPAM" to your e-mail addresses. Then just tell people to remove the "NO_SPAM" from the address. For example:

NO_SPAM_freebee@freebee.com
freebee@freebee.com_NO_SPAM

you get the idea. Keeps things nice and quiet. :)

>NO_SPAM_freebee@freebee.com

That works well for lists & newsgroups. You see it there.
I'm not sure it reads well on a commercial site.

good call Mike, definately depends on the site.

I use a javascript to "assemble" the mailto tag:

==============
<script language=javascript>
<!--
var visname = "Bob";
var recip01 = "admin";
var dom02 = "mydomain.com";
document.write("<a href=" + "mail" + "to:" + recip01 + "@" + dom02 + ">" + visname + "</a>")
//-->
</script>
===============

I'll post this in the "handy javascript" thread, too.

Thanks all. toolman, pity the snippet from your "favorite ongoing artwork.... .htaccess file" for blocking User_Agent wasn't around a few months earlier - good one. The address location in the forms and RC's "concealment" of the addresses via a javascript are on the list of work as well.

Having looked at the last few month's worth of incoming spam this afternoon, there's a pattern which suggests that some of our addresses have been included in auto-submissions by a prankster - some spam comes in waves, some of the messages relate to "thanks for inclusion in xyz directory or ffa programme" to which we've never subscribed. If that's the case then the junk will continue irrespective of what I do on the sites.

I'm sorely tempted to simply block all incoming mail from yahoo.com (and hotmail.com) addresses as that's going to resolve a massive pile of spam. The result is that any legitimate client on one of these mailservers is simply going to receive a failure notice (551 error) when he/she tries to send standard mail (no error occurs if one of our forms is used). The ideal would be to modify the outgoing notice with an html link to an alternate webmail service or another form or page on the site. The next question is naturally, how if at all possible does one modify the standard 551 error message?

Message from yahoo.com.
Unable to deliver message to the following address(es).

<our e-mail address>:
Connected to [our IP address] but sender was rejected.
Remote host said: 551 5.0.0 We don't accept mail from this
hostname/address

Incidentally, if anybody's interested in a very carefully selected list of current sources of spam for their own mail filters then sticky me.

Another idea, which takes a little work, but if done would eliminate almost all spam, is to include, at the bottom of the page in small letters:

Please do not send mail to nomorespam@mysite.com

(I wouldn't spell "spam" properly, as they may filter it out, so I would use "nomorebulkemail@mysite.com")

Then, use a filter to eliminate any messages that have the same From Subject and Body as any message that nomorebulkemail receives

(No, I haven't written such a filter yet, although there are a lot of ways to do it - if anyone writes one, please post it!)

I have used a method of dealing with spam that involves use of the ISO Latin-1 character set [webmasterworld.com] that has been pretty effective despite its detractors.

as a regular Usenetter I use nospam@mydomain.co.uk as the from address...when spammers' filters remove "nospam" they end up with an invalid address...it cut down the amount I got...the rest on that address gets filtered into the bin

there may be other usable variations on this

Hi,

I use fantomaster's sites uni-encoded converter, seems to work very well.You can find it here [fantomaster.com].

Brian

Just a had quick thought..

use flash embed all email links and forms in flash

any ideas

Daven
I had 47 Spam emails this weekend

Took the bull by the horns with yahoo.com spam and blocked the lot from 1 December.

FreeBee did you inform Yahoo first.

maybe we all should do the same and yahoo may enforce there Nospam policy.
DaveN

Nope - the risk is ours by blocking addresses. We informed 4 years worth of old clients of our intention a month in advance.

I'm in a talkative mood tnoight... so here goes. The best way to reduce spam is to prevent them getting your address in the first place. Spammers get their email addresses in bulk from many sources. They rarely look for them manually. Here's what to do about those pesky bots. (I got these ideas from a guy called "Peter" in the GetHigh forums).

mailto: links
Use a JavaScript like rcjordan's. If you know JavaScript, it's best to write your own version, so that no two email addressing JavaScripts are the same, and the Spambot programmers will never be able to keep up with all the different scripts out there. To improve user-friendliness, have an image of you email address in the <NOSCRIPT> section (without the <A HREF="mailto:..."> tag!!!).

formmail
Here's a way to modify formmail so that you don't have to put email addresses in your forms.

Disclaimer: My PERL is pretty crap, so this might not be the most elegant way to do it. However, I know it works :)

First of all in the HTML form, instead of:

<INPUT TYPE="hidden" VALUE="myname@foo.com"> 

I'd put:

<INPUT TYPE="hidden" VALUE="myname"> 

This way, the email address doesn't appear in the HTML anywhere.

The next part is to modify formmail to recognize "myname" and to swap it for a real email address. In the script, where you find:

 # Split the configuration variables into individual field names.   # 
 @Required = split(/,/,$Config{'required'}); 
 @Env_Report = split(/,/,$Config{'env_report'}); 
 @Print_Config = split(/,/,$Config{'print_config'}); 
} 

add some code after it so that it looks like:

 # Split the configuration variables into individual field names.   # 
 @Required = split(/,/,$Config{'required'}); 
 @Env_Report = split(/,/,$Config{'env_report'}); 
 @Print_Config = split(/,/,$Config{'print_config'}); 
if ($Config{'recipient'} =~ m/myname/) { 
$Config{'recipient'} =~ s/myname/myname\@foo.com/g; 
} 
if ($Config{'recipient'} =~ m/anothername/) { 
$Config{'recipient'} =~ s/anothername/fred\@bar.com/g; 
} 
} 

What the above snippet of code does is check if "myname" is one of the recipients, and if so, replaces it with "myname@foo.com". It then checks for "anothername", and replaces that with "fred@bar.com". You can add as many predefined addresses as you want. Note that if the recipient field on the HTML form is not identical to the name in the script, the mail will bounce.

Newsgroups
The foo@NOSPAMbar.com trick once worked, but many email harvesters are now programmed to remove the NOSPAM from the address. Some can also figure out things like "myname_at_foo_dot_com". So, if you want to munge your email address, get creative. I use something like myname@foo.SPAMMERS.GO.TO.HELL.com. I'm sure you could think of some others.

Subscribing to things
NEVER give out your real email address to sites you're not sure about. Get a Hotmail account for things like that. Because I have my own domain name, anthing addressed to my domain goes straight to me. So if I need to give my email addrsss to a reputable site, I can give my address as reputable-site-name@foo.com. If later down the track I get ads addressed to reputable-site-name@foo.com, I know exactly where it came from, and I can then block anything sent to that address.

Those are the most effective ideas. Hope you enjoy them. I've got a few more (probably not as good as the ones above unfortunately) so let me know if you want me to keep going!

One of the services we offer is a free email host, similar to hotmail or mail.yahoo. This spam problem for me has gotten so out of hand from users who get accounts for ffa submitters and such...you get the idea. 90% is junk.

A few months ago I did take the leap and blocked yahoo.com, hotmail.com, msn.com, excite.com, etc...

Guess what I started getting? Many emails from people who wondered why I never responded, why their accounts were never set up for other services, etc... business started dropping.

I had to allow them again $%&*$&*##.

though I still block groups.yahoo.com (the worst of the bunch)

-------------

I am debating on whether to drop the free email service. Just does not seem to be worth the 2-4 gig/day in bandwidth just to put a sig line on all outgoing email when 95% of bandwidth is incoming.

-------------

I wish free email services did not exist and ALL ISPs did not allow mass mailings. Available bandwidth on the net would triple... ;)

-------------

I can wish all I want, but email marketing is not going away anytime soon. Just look at advertising.com, they send over 500 million emails out every month, plus 850 newsletters to 20 million addresses. I wish I knew all their IPs so I could block the lot of them...

-------------

If you have a box on the internet, please use the ORBS db and close all your own relays. We have quite a few inexperienced (so-called) server admins who just put a box up with a 24 hr connection just to play with and they usually have open relays.

-------------

Basically our best option is to just continue to build our block list. Blocking individual addresses us usually a waste of time. My basic practice is block the IP or domain of the sending box, it all depends on the situation though.

Sometime I think about blocking the whole Aisa-Pacific region, or *.ru 550 go away looser ;) Then I wake up, but it would feel good for a day...

What we all need to do is share a common block list.

here's a little tip: NEVER send from hotmail to your real address (you figure it out)

Some quick feedback...blocking Yahoo.com addresses has killed nearly 200 incoming pieces of junk per day. We customised the 551 mail rejection to provide an alternate means of contact for those caught in the filter.

A more recent suggestion [webmasterworld.com] from rcj that's likely to catch a fair amount of junk is to filter based on country code.