Our largest issue with these web form mail exploits is not really spam-related (in terms of scripts causing our web servers to become spam relays); our clients are receiving these fake forms (obviously generated by a kiddie script) constantly throughout the day, and the script writer isn't accomplishing the intended task (which is to spam some random AOL account). The AOL account shows up in the form as the BCC, but shows up *only* as text, as if it were part of the form.
Here's another example of a fake form that one of our clients received: <snip> City: [EMAIL PROTECTED] Fax: [EMAIL PROTECTED] Company: [EMAIL PROTECTED] Zip: [EMAIL PROTECTED] Title: [EMAIL PROTECTED] Address1: [EMAIL PROTECTED] Address2: [EMAIL PROTECTED] Submit: [EMAIL PROTECTED] LName: [EMAIL PROTECTED] Phone: [EMAIL PROTECTED] FName: [EMAIL PROTECTED] Content-Type: multipart/mixed; boundary="===============1128226633==" MIME-Version: 1.0 Subject: 1e9c11ce To: [EMAIL PROTECTED] bcc: [EMAIL PROTECTED] From: [EMAIL PROTECTED] This is a multi-part message in MIME format. --===============1128226633== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit zecyjmgc --===============1128226633==-- How_Heard: [EMAIL PROTECTED] Email: [EMAIL PROTECTED] End of form information </snip> Now, what is emailed out is exactly as shown above, but since the recipients of the form are actually hard-coded in the formmail script, this message does NOT go out to [EMAIL PROTECTED] (shown in the bcc field), rather this is just a stupid text field that the script writer thought would go out to that AOL address somehow. The main problem is the annoyance to our clients -- they complain to us when they receive this stuff, and we just host their website, we have nothing to do with the implementation or scripts that are running (yes, we do enforce guidelines to an extent, but tell a client they can't run their mail script to send out contact forms, and you start losing business). This has been very difficult for us to trace as we are fairly confident that these scripts are interacting with the HTML forms themselves, and NOT the scripts. So, the question is how can we really stop someone from using an HTML form (and the NUMBER verification technique is not an acceptable solution for our clients)? - Chris ------------------------------------------ Chris Gauch Systems Administrator Digicon Communications, Inc. http://www.digiconcommunications.com [EMAIL PROTECTED] _______________________________________________ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
