On 5/9/2019 5:43 PM, Andrew C Aitchison wrote:
On Thu, 9 May 2019, Rob McEwen via mailop wrote:
The documents that Paul referenced in his last message - probably
mentioned this somewhere - but I'll add that (in addition to the link
above and doing confirmed-opt-in "COI") you should strongly encourage
your customers to captcha-protect their signup forms to prevent bots
from signing up spamtrap addresses.
That has been happening OFTEN in recent years - and those who don't
do COI and don't captcha-protect their forms (or some equivalent
only-a-human-could-have-done-this protection) - are OFTEN getting
blacklisted due to spamtrap addresses sneaking into their
distribution lists.
Is this deliberate enemy action or collateral damage ?
I'm finding it difficult to see why a general spam bot
would sign spam traps up to a mailing list,
so guess that I am missing something ?
Over the past few years, I've seen a distinct uptick in mailing lists
getting blacklisted due to them sending to spamtrap address - where they
claim that the signup happened on their website. In ALL such cases, the
forms were not CAPTCHA-protected, and they weren't doing COI. I've never
seen a single example of this happening where both CAPTCHA and COI was
used. Most of these came into my system via 3rd party spam feeds. I've
gone back to them and they all claim that they are NOT feeding their
spam feeds with automated "entrapment" signups. So I'm still trying to
figure this out, too. But the results of getting blacklisted when
sending to egregious spamtrap addresses - can bring an otherwise legit
business down to its knees. Why would spammers or hackers do this? I
don't know. It could be an effort to harm blacklists by polluting their
listings with items that are more marginal/legit - in order to try to
cause false positives? Or it could be that they are spamming the form in
an effort to get their spammy content delivered to the owner of the web
site - and they are just throwing random addresses into the signup form
(which then get added to the site owner's lead list if no CAPTCHA and
COI was used?) I know this is happening - I know that those doing both
CAPTCHA and COI are generally unaffected. I don't know all the details
about how/why/who. But this is a real thing - and it happens often.
(thankfully, my own blacklist's false positive-prevention filter -
prevents the vast majority of these from becoming blacklistings - but
the sending to spamtrap addresses means that the sender has lost control
of their processes, fwiw)
--
Rob McEwen
https://www.invaluement.com
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop