Since forms all use different emailers, and the form content is different as
well, your only hope is content filtering based on what the spammer
submitted... like SURBL filtering or REGEX on the spammer submission.
These days, web-based form processing pages should minimally check that the
The form spammers are smarter than to go directly to the mail script.
They will hit for the form submission page with what appears to be IE
and submit the form. They even handle cookies correctly.
The trick for form spam is to take fields like your Name and E-mail and
rename the variables
Hi Matt,
Some do, some don't. I've seen both methods used on some customer sites.
Setting session variables on the form page definitely wouldn't work, as a
spammer that hits the form would receive the same session information anyone
else would.
Certainly checking data against constraints is
Thanks people for the comments.
I will stick with captchas for now but it would be great if declude could
figure a nice filter to deal with it, at the end of the day its still
incoming spam.
Kindest Regards
Craig Edmonds
123 Marbella Web Design in Spain
W: www.123marbella.net
From:
Hi Craig,
There's really nothing Declude can currently do with this. The headers will
all be different, and the format and content of the messages are all different,
based on what the web form handler does.
That only leaves the actually values in the form fields for filtering purposes.
To
Here's a filter I use:
# attack Yahoo spammers
SKIPIFWEIGHT315
MAXWEIGHT 150
#
# exclude the big emails and those with good attachments
TESTSFAILED END CONTAINSMPPT-SIZE-L
TESTSFAILED END CONTAINSMPPT-SIZE-XL
TESTSFAILED END CONTAINS
Darin,
I think you missed what I was saying exactly. If the form spammer fills
out the fields that are hidden by DIV's, the E-mail wouldn't be sent by
the mailer script and it would pretend to have been successful.
Spammers use programs to do this stuff, and although they are
intelligent
On Wednesday, April 9, 2008, 10:01:56 AM, Craig wrote:
Hi Darin,
I guess what I am looking for from Declude (or a third party) is to provide me a filter that will phrase filter the incoming form mail and determine if its a spammy one or not.
We may be able to help you.
Please
Hi Matt,
No, I understood completely. I've seen forms with fields hidden by DIVs still
filled out. Some of the less sophisticated spam form fillers I've seen used
simply filled out every field. They were not looking to see what was visible
and what wasn't.
CAPTCHA is easy as well... takes
Matt, Darin
would it possible that you both forget, that 99,9+% of all incomming
formmail spam is send from millions of webservers all around the world and
you have no control of it.
Darin:
It wouldn't be virtual impossible to keep a list af all this webservers.
Some IP-Blacklists try to do
Hi Markus,
Good points. However, we haven't had much trouble filtering outside spam from
web forms, so I wasn't thinking of it from that perspective.
The main trouble we've had is filtering spammy form submissions to customers
from their own websites. Those sites are using our internal
The PCRE for yahoo.co.uk might just be the ticket.
Thanks!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott
Fisher
Sent: Wednesday, April 09, 2008 8:58 AM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Need strategy to up score.
One thing we did on our domain is to ban pasting so that the scripts
couldn't paste their info into our fields. Also I just had an idea and
asked the webmaster if he could program the form to perform a different
action if the form page was opened for too short of a time period. Like
shoot to a
Hmmm... good idea. Though the testing/form filler tools I've seen aren't using
pasting. They are generating keystrokes and targeting them into the
appropriate fields.
With the tools I've seen, the ability exists to put pauses in, but that would
effectively restrict volume submissions for a
Note that I'm not claiming that I have the absolute best way to go about
doing this, but I do have my opinions.
If a form mail spamming software is going to go through the process of
parsing JavaScript and CSS, it wouldn't be a leap at all to see them
parsing CAPTCHA's. There is open source
15 matches
Mail list logo
