Dear BSAC Webmasters

As you are probably aware from the press SPAM email is threatening to swamp email systems, the BSAC system is no exception. To give you an idea of the level of the problem we are experiencing : our SPAM filters at HQ are currently trapping around 20,000 SPAM emails per month, a four-fold increase in under a year, but many are still getting through.

One major problem is the harvesting of email addresses from web sites, if your web site has a mailto: HREF (a ?click here to email xxx? link) then SPAM programs can read it and add it to their lists. A private email address of mine found itself onto one little used web site (not diving) recently for just 48 hours, I now receive daily SPAM on that email address!

I am asking the webmasters of our main BSAC web sites to start ?hiding? email addresses so that the SPAM programs can?t read them, I would like to ask all of our branch, region and other webmasters to join us in this initiative. There are two ways you can do this -

1. Make your email links person but not machine readable. e.g. say something like ?email keith.lawrence at bsac dot com? rather than putting a clickable link in.

2. If you really want a clickable link then use something like Paul Greg?s encoder on <a href="http://www.pgregg.com/projects/encode/htmlemail.php," >http://www.pgregg.com/projects/encode/htmlemail.php,</a> this little program converts email addresses into Javascript code, you can still click the link but the SPAM programs can?t read it.

So I?m asking for you all to help us with this one, I?m trying to block as many SPAM emails to bsac.com as I can but if we can stop the email addresses getting onto the lists then it will help.

As a final note to anyone receiving SPAM? ==NEVER, EVER== reply to it or fall for the ?click here to remove? link, just delete it, forget it and move on. If you reply or click that link all that you do is confirm a valid email address, the SPAM just gets many times worse!

Thanks All

Keith Lawrence
BSAC IT Team

Thanks for the tips. I am plagued with everything from Russian porn to can you stop snoring.blah blah
I was toying with the idea of replying with mail bombs (large files)in order to clog up their server. Any point in doing this?
Also can spam software harvest addresses from emails with loads of none bcc copies to other people?
Stuart

Hi Stuart

Unless you REALLY know what you are doing I would strongly recommend against any such retaliation, you will end up labelled a SPAMmer yourself and most ISP?s would terminate your account. You are very unlikely to hit the right target anyway. Reply addresses are normally false or spoofed to some innocent party, the outbound mail server will either be munged/forged in the headers or be some poor innocent soul whose mail server is inadvertently open relay (the BSAC were ?used? a few years back to send SPAM, we changed our email server and left it open relay for just a couple of days by mistake).

There is very little that you as an individual can do about SPAM, just =NEVER= reply to it and if the webmasters follow the guidelines I?ve set out it should do a little to reduce it at source. If you would like more information about SPAM then try the Spamhaus Project on <a href="http://www.spamhaus.org/," >http://www.spamhaus.org/,</a> there?s a lot of detail on there.

In answer to your question about emails, it is very easy to read cc information, it?s all in the headers, bcc information is invisible. If you do a File | Properties (or similar) on an email message you will be able to see all the technical routing and recipient information about the email. The trick is don?t send the SPAMmers any email!

HTH

Keith L

Dear BSAC Webmasters

As you are probably aware from the press SPAM email is threatening to swamp email systems, the BSAC system is no exception. To give you an idea of the level of the problem we are experiencing : our SPAM filters at HQ are currently trapping around 20,000 SPAM emails per month, a four-fold increase in under a year, but many are still getting through.

One major problem is the harvesting of email addresses from web sites, if your web site has a mailto: HREF (a ?click here to email xxx? link) then SPAM programs can read it and add it to their lists. A private email address of mine found itself onto one little used web site (not diving) recently for just 48 hours, I now receive daily SPAM on that email address!

I am asking the webmasters of our main BSAC web sites to start ?hiding? email addresses so that the SPAM programs can?t read them, I would like to ask all of our branch, region and other webmasters to join us in this initiative. There are two ways you can do this -

1. Make your email links person but not machine readable. e.g. say something like ?email keith.lawrence at bsac dot com? rather than putting a clickable link in.

2. If you really want a clickable link then use something like Paul Greg?s encoder on <a href="http://www.pgregg.com/projects/encode/htmlemail.php," >http://www.pgregg.com/projects/encode/htmlemail.php,</a> this little program converts email addresses into Javascript code, you can still click the link but the SPAM programs can?t read it.

So I?m asking for you all to help us with this one, I?m trying to block as many SPAM emails to bsac.com as I can but if we can stop the email addresses getting onto the lists then it will help.

As a final note to anyone receiving SPAM? ==NEVER, EVER== reply to it or fall for the ?click here to remove? link, just delete it, forget it and move on. If you reply or click that link all that you do is confirm a valid email address, the SPAM just gets many times worse!

Thanks All

Keith Lawrence
BSAC IT Team

%40 = @ in the mailto:link which might help butI'mn ure that the harvistors will soon overcome this

a better solution is to use server side scripting to send the mail (using a form) therefore there is no way that the spamers can get your address - but you do need server side scripting asp,php etc

(the BSAC were ?used? a few years back to send SPAM, we changed our email server and left it open relay for just a couple of days by mistake).

We left ours open for about two hours - in that time we sent 40,000 emails and got black listed by loads of people.

It took us many man days to sort out

Hi Keith

This problem is driving me mad - since becoming FCD Chief Examiner (an address that is on the website) I receive up to 50 spam e-mails a day. By the time I have downloaded and deleted them all each day about 30'or more of the time I have spare to do FCD work has gone.

I am also worried that one day I will delete an important mail from someone who simply calls their message 'Hi not seen you for a while' or something equally SPAM like.

I never reply to them - I know not to do that - but can you suggest a software solution for me to have on my PC to delete them automatically?

Cheers
Clare Peddie










:=Dear BSAC Webmasters
:=
:=As you are probably aware from the press SPAM email is threatening to swamp email systems, the BSAC system is no exception. To give you an idea of the level of the problem we are experiencing : our SPAM filters at HQ are currently trapping around 20,000 SPAM emails per month, a four-fold increase in under a year, but many are still getting through.
:=
:=One major problem is the harvesting of email addresses from web sites, if your web site has a mailto: HREF (a ?click here to email xxx? link) then SPAM programs can read it and add it to their lists. A private email address of mine found itself onto one little used web site (not diving) recently for just 48 hours, I now receive daily SPAM on that email address!
:=
:=I am asking the webmasters of our main BSAC web sites to start ?hiding? email addresses so that the SPAM programs can?t read them, I would like to ask all of our branch, region and other webmasters to join us in this initiative. There are two ways you can do this -
:=
:=1. Make your email links person but not machine readable. e.g. say something like ?email keith.lawrence at bsac dot com? rather than putting a clickable link in.
:=
:=2. If you really want a clickable link then use something like Paul Greg?s encoder on <a href="http://www.pgregg.com/projects/encode/htmlemail.php," >http://www.pgregg.com/projects/encode/htmlemail.php,</a> this little program converts email addresses into Javascript code, you can still click the link but the SPAM programs can?t read it.
:=
:=So I?m asking for you all to help us with this one, I?m trying to block as many SPAM emails to bsac.com as I can but if we can stop the email addresses getting onto the lists then it will help.
:=
:=As a final note to anyone receiving SPAM? ==NEVER, EVER== reply to it or fall for the ?click here to remove? link, just delete it, forget it and move on. If you reply or click that link all that you do is confirm a valid email address, the SPAM just gets many times worse!
:=
:=Thanks All
:=
:=Keith Lawrence
:=BSAC IT Team

%40 = @ in the mailto:link which might help butI'mn ure that the harvistors will soon overcome this

a better solution is to use server side scripting to send the mail (using a form) therefore there is no way that the spamers can get your address - but you do need server side scripting asp,php etc

&gt; This problem is driving me mad - since becoming FCD Chief
&gt; Examiner (an address that is on the website) I receive up to
&gt; 50 spam e-mails a day.

50 a day isn't too bad - yet! But it already eats a big chunk of time.

Part of the solution is to realise SPAM for what it is - it isn't a harmless bit of free advertising for a friendly manufacturer/dealer/pornographer, it's a major intrusion, and should be treated as such. If there's an oportunity to stop spammers (frequently, there isn't), it should be taken.

&gt; I am also worried that one day I will delete an important
&gt; mail from someone who simply calls their message 'Hi not seen
&gt; you for a while' or something equally SPAM like.

There are certain clues to help - many of these SPAM mails have som apparently random letters/numbers at the end of the subject. Your mates would not do that - these are tracking codes. If you see them, delete the mails.

Watch for spelling errors, bad grammar, wrong use of capitalisation, etc. Many SPAM mails originate where English is not a first language, so they make mistakes. Other mails subjects may be generated automatically, so capitalisation depends on where they got the field from. Use these markers.

And, of course, delete *everything* that comes from Korea...

&gt; I never reply to them - I know not to do that - but can you
&gt; suggest a software solution for me to have on my PC to delete
&gt; them automatically?

A lot depends on how you read mails. Some clients (liek the one I'm using now!) can't be modified to resist SPAM. Others can be sorted out quite nicely. Take a look at Mailwasher for the sort of thing you can get up to...

HTH

Vic.

If you really want a clickable link then use something like Paul Greg?s encoder on <a href="http://www.pgregg.com/projects/encode/htmlemail.php," >http://www.pgregg.com/projects/encode/htmlemail.php,</a> this little program converts email addresses into Javascript code, you can still click the link but the SPAM programs can?t read it.

A similar sort of thing can be found at the link below. The pages also contain lots of useful bits and bobs about SPAM and how to avoid it.

Cheers,
T

If your just a normal internet user then one thing you can do to fight the SPAM plague is ask your ISP if they have a SPAM filtered e-mail service, and if not why not.


Regards
Matt

Hi Keith

This problem is driving me mad - since becoming FCD Chief Examiner (an address that is on the website) I receive up to 50 spam e-mails a day. By the time I have downloaded and deleted them all each day about 30'or more of the time I have spare to do FCD work has gone.

I am also worried that one day I will delete an important mail from someone who simply calls their message 'Hi not seen you for a while' or something equally SPAM like.

I never reply to them - I know not to do that - but can you suggest a software solution for me to have on my PC to delete them automatically?

try mailwasher.net used to be free but he's sold the rights so you have to pay now the trail version supports on acount though so if you've only got one account its good

it allows you to delete or bounce (not reconized address) mails form certain addresses or domain or where the from address is like an address

it cuts down the amount of junk i see by lots

Beanie

If your just a normal internet user then one thing you can do to fight the SPAM plague is ask your ISP if they have a SPAM filtered e-mail service, and if not why not.

HA most of my spam comes because my first ISP put all of its members addresses on there site in a community i'm pretty sure of this cause those addresses arn't anywhere else as far as i know

beanie

My most annoying spam is the one that offers to get rid of spam.
I really hate that one.