Doggone it! My last post wasn’t referring to you, wolf_meister. I forgot to preview and you snuck in between my reading the thread and responding to it.
I just thought it was great that Futile Gesture pointed out why feeding bad email addresses to spambots is a…well…futile gesture.
Pardon my cynicism, but spammers haven’t backed off due to filters, mailbombing, threat calls, lawsuits, fines, or jail time. I doubt that WebPoison is suddenly going to turn them into model netizens.
Same thing happened to me.
Bastards.
Invisible Wombat
I was wondering to what you were referring. Anyway, no problem.
gazpacho
I had the same feeling that those lists were poorly tested and I share your opinion about spammers’ subterranean standards of ethics.
I was not planning to use a real domain for fooling the “bots”. (See the OP and the example address I chose: jsmith@1h2y3n6g7s8e9ko3j6n7s8q9x0a5f6.com)
Anyway, the idea seems useless and as others have said more harmful than beneficial and I’m not going to use it.
Okay, so the idea in the OP doesn’t work and it seems as if WebPoison (and other “solutions”) have their doubters. Still, as I asked in my previous posting, couldn’t there be some way to ensure that an E-Mail from a legitimate domain is being sent by that website owner and not some spam impostor?
Microsoft had proposed something like, and IIRC, AOL had said that they were going to get onboard with it, but I haven’t heard any more about it. Still, I doubt that that would even be truly effective, since it generally takes about a week or so for hackers to figure out how to beat the various copyprotection schemes companies like Sony come up with. Given that there’s plenty of good money to be made via spam, I’m sure that someone will figure out a workaround to it in a fairly short time.
Tuckerfan
Wow that is really frustrating.
So far, the only effective solution seems to be the one in posting #11.
I don’t have any up-to-date details, but there are (at least) two proposals out for methods of verifying the return address on emails. One of them involves something much like a digital signature using public-key encryption, and the other involves a “ping back” system where the receiving machine does a DNS lookup on the source email address and validates it with the sending domain.
You’re thinking of SPF (originally Sender Permitted From, but now Sender Policy Framework). In a nutshell, it makes it difficult to forge “From” addresses in email.
Broadly speaking, any computer can send email claiming to be from anyone. SPF would allow the administrators of the domain example.org to specify which machines are permitted senders from example.org, and other mailservers would check against that list to determine the trustworthiness of an email. If the administrators of example.org restricted their SPF list to “alice@example.org” and “bob@example.org”, and if your mailserver received an email from “carl@example.org”, your mailserver would flag that email as suspect.
To implement this, both the sending and receiving mailservers need to be configured.
Neither Microsoft nor AOL came up with this, and had proposed alternate implementations of it. Both aol.com and MSN/hotmail publish their own SPF records now, and filter incoming mail based on SPF.