[EMAIL PROTECTED] wrote on 09/07/2005 09:36:54 AM: > Our largest issue with these web form mail exploits is not really > spam-related (in terms of scripts causing our web servers to become spam > relays); our clients are receiving these fake forms (obviously generated by > a kiddie script) constantly throughout the day, and the script writer isn't > accomplishing the intended task (which is to spam some random AOL account). > The AOL account shows up in the form as the BCC, but shows up *only* as > text, as if it were part of the form.
Can the script be coded to look for bcc: in a field that shouldn't have it and drop the message? Perhaps expand that to bcc: followed by an email address. Also since the email address of the alleged sender was showing up in so many fields, that could be a test too, say an email address in the zipcode field. Real sophistication would submit the IP address to a tarpit or blocklist to prevent repeated connections. _______________________________________________ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
