Hi Darin,
I guess what I am looking for from Declude (or a third party) is to provide me a filter that will phrase filter the incoming form mail and determine if its a spammy one or not. I am not really great at creating filters myself but this is how I would imagine there would be some regex involved. 1) message comes in from the web server/domain 2) the ip address of the web server is checked, if its from a known web server that we know has forms on it then it gets run through the filter 3) the body of the message is checked with REGEX filtering 4) weight is added to the email dependant on the results This process would mean that if a client suddenly starts seeing his form being spammed, he lets us know and we add their domain to the filter and any further forms that comes in, will get checked. I am no declude/regex genius but this theory sounds pretty solid to me. The problem we have here, is that clients suddenly complain about form spam (from forms we have designed without captchas or ones others have designed) and when we say , "well you need a captcha and its going to cost you $50-$100 for us to install one of them", I get the feeling they kind of view it like some kind of scam. (I mean if I did not understand about this kind of stuff, I would think the same). The other methods ie with div tags and captchas are great but it involves someone's time to programme the pages etc but it would be nice to have some control over the incoming spams at the mail server level too. I anyone thinks they can make a filter for this, then let me know. I can spend a couple of hundred bucks on this. Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com E : [EMAIL PROTECTED] LEGAL DISCLAIMER - This message may contain confidential, proprietary or legally privileged information and is intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby informed that you must not use, disseminate, copy it in any form or take any action in reliance on it. If you have received this message in error please delete it and any copies of it and notify it to the sender. AVISO LEGAL - Este mensaje puede contener informacion confidencial, en propiedad o legalmente protegida y esta dirigida unicamente para el uso de la persona destinataria. Si usted no es la persona destinataria de este mensaje, por la presente se le comunica que no debe usar, difundir, copiar de ninguna forma, ni emprender ninguna accion en relacion con ella. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: 09 April 2008 15:34 To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] form spam filter Hi Craig, There's really nothing Declude can currently do with this. The headers will all be different, and the format and content of the messages are all different, based on what the web form handler does. That only leaves the actually values in the form fields for filtering purposes. To filter that, you need to use SURBL and REGEX phrase filtering. These are not Declude's purview. Declude is an enabler for you to script your own filters, or use those from third parties like SURBL lookups or content filtering engines. It sounds like what you're asking for is for Declude to get into the business of providing an SURBL lookup function, keeping an SURBL database updated, and implementing something like Message Sniffer's content filtering engine. Is that correct? Darin. ----- Original Message ----- From: Craig Edmonds <mailto:[EMAIL PROTECTED]> To: declude.junkmail@declude.com Sent: Wednesday, April 09, 2008 9:22 AM Subject: RE: [Declude.JunkMail] form spam filter Thanks people for the comments. I will stick with captchas for now but it would be great if declude could figure a nice filter to deal with it, at the end of the day its still incoming spam. Kindest Regards Craig Edmonds 123 Marbella Web Design in Spain W: www.123marbella.net From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: 09 April 2008 15:09 To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] form spam filter Hi Matt, Some do, some don't. I've seen both methods used on some customer sites. Setting session variables on the form page definitely wouldn't work, as a spammer that hits the form would receive the same session information anyone else would. Certainly checking data against constraints is _always_ important, whether to prevent hacking, avoid data exceptions, enforce business rules, etc. The method you outline seems like it would only work if the spammer doesn't submit to all fields. Some of the attempts we've seen populated all fields, so this wouldn't work on those. I'd stick with CAPTCHA as the best and most foolproof method to avoid these problems. It's fairly easy to implement (there are a number of free examples in public domain), is familiar to most people filling out the forms, and works well. Darin. ----- Original Message ----- From: Matt <mailto:[EMAIL PROTECTED]> To: declude.junkmail@declude.com Sent: Wednesday, April 09, 2008 8:55 AM Subject: Re: [Declude.JunkMail] form spam filter The form spammers are smarter than to go directly to the mail script. They will hit for the form submission page with what appears to be IE and submit the form. They even handle cookies correctly. The trick for form spam is to take fields like your Name and E-mail and rename the variables to something like "ignore-old-data1" and "ignore-old-data2" and adjust your mailer script for the new names. Then you insert new form fields in the form page that are hidden with a DIV and call them Name and E-mail. Your mailer script should pretend that the E-mail was successful if these fields have data in them, but you should simply 86 the actual message. This will trick their testing software into thinking that they were successful, and the DIV's with visibility hidden will not be seen by normal visitors. You might also want to put some javascript in the form submission page that looks for a URL in the form and warn the submitter that they can't send URL's, and then also have the mailer script silently reject a submission that has a URL in it. RegEx would be required in both JavaScript and the ASP or whatever code to do the URL checking. As far as I know, this seems to work perfectly, but setting session variables on the form page doesn't do a damn thing. Matt Darin Cox wrote: Since forms all use different emailers, and the form content is different as well, your only hope is content filtering based on what the spammer submitted... like SURBL filtering or REGEX on the spammer submission. These days, web-based form processing pages should minimally check that the referring page is what it is supposed to be (i.e. the form page submit button was clicked as opposed to a spammer submitting directly to the form action URL), and better yet implement CAPTCHA, require a login, or some other similar security measure. Darin. ----- Original Message ----- From: Craig Edmonds <mailto:[EMAIL PROTECTED]> To: declude.junkmail@declude.com Sent: Wednesday, April 09, 2008 3:16 AM Subject: [Declude.JunkMail] form spam filter Hi All, Is there a filter for form spam? Some clients complain that they get form spammers sending in junk via their web forms. Some clients have captchas on their forms some don't, but I would like to be able to filter out the junk at declude level. Any ideas? Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com E : [EMAIL PROTECTED] LEGAL DISCLAIMER - This message may contain confidential, proprietary or legally privileged information and is intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby informed that you must not use, disseminate, copy it in any form or take any action in reliance on it. If you have received this message in error please delete it and any copies of it and notify it to the sender. AVISO LEGAL - Este mensaje puede contener informacion confidencial, en propiedad o legalmente protegida y esta dirigida unicamente para el uso de la persona destinataria. Si usted no es la persona destinataria de este mensaje, por la presente se le comunica que no debe usar, difundir, copiar de ninguna forma, ni emprender ninguna accion en relacion con ella. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
