/dev/rob0 wrote:
> On Fri, Jan 21, 2011 at 09:12:32AM +0100, Mikael Bak wrote:
>> Reindl Harald wrote:
>>> Am 20.01.2011 12:29, schrieb Christian Roessner:
>>>
>>>> Why adding a contact form? If a postmaster really does
>>>> his/her job and scans the logs, finds your assistance info
>>>> and enters the website, don't you think the same admin is
>>>> also able to write a mail to you (postmaster@...)?
>>> Because if his server is rejected you will also not receive
>>> this mail
>> You can have rules on your mx letting in email for postmaster
>> and abuse addresses. I think that's quite common. We do that.
> 
> When I did that, I found that the postmaster address was receiving 
> bucketloads of spam every day, and maybe 2-3 legitimate mails per 
> YEAR. Now my postmaster address is protected by Zen and basic HELO 
> checks.
> 

Yeah, I know. It's a real pain. And the suckers are spamming those
addresses on purpose! It's plain sabotage. But still, you need to have
them up and running. The abuse address is even more sensitive because
abuse reports often comes with spam email source in the message body. We
can't have content filter delete those, can we? :-)

> But indeed, this gives me an idea: rather than a contact form, I 
> might try a form which generates a limited-use non-blocked address. 
> The next hurdle: how to present it in a way such that the end user 
> can see/use it, and yet protect it from harvesting bots?

Perhaps make them add a ticket number in the subject line, and reject if
it's absent?

HTH,
Mikael

Reply via email to