We have an email address enquiries@... for students etc to send in email questions rather than phone through.
I'd expect higher than usual spam due to it being posted on the website and so prob getting harvested by spambots but atm there's 223 mails, all various flavours of Delivery Failures, Mailer-Daemon and so on.
I doubt that they're real ones as we'd be on a blacklist by now (happened before) so chances are it's spammers spoofing this enquiries address?
Does that sound about right, if so what fixes have people got for securing their public facing email addresses? I don't edit the website but would start by ASCII encoding the link so it works fine for mailto: clicks but useless to spambots, any other suggestions?
Ye well I'd do that anyway but website used to be someone else's job :P
Do you agree that these Undeliverables are due to impersonation of the email address, rather than being due to spam coming out from our side (which I highly doubt seeing as it only happens with this one address?)
Hmmmm looking at the website I can't find that address anywhere, there was a web form for contact but it's dead so can't be there... only other place I know of is in the prospectus unless it's on a 3rd party site somewhere...
Last edited by gshaw; 24th April 2008 at 03:45 PM.
It's not so much Spam but Spoofing, so it appears to come from your address or domain. There's little you can do about it unfortunately.
Some staff here (only one or two thankfully) get what can only be described as 'arseloads' of mail like this. Digging through Exchange recently, i discovered she's getting 1 out of 12 emails to her actual inbox (Exchange doing its job filtering), as the rest are all nonsense. She was recently inundated with lots of these spoofed emails "bouncing back". Change of email address sorted it. Not a satisfactory solution by any means, but job done.
A solution for you might be a contact form as mentioned (with a change of target address) or do what we did - bin the address, set up an autoresponder and tell them to use an alternate address set up for the same purpose. (We went from admin@ to info@)
I got a load of those to my hotmail account not so long back - Looked the real thing but highly doubt there are because they went into the junk folder automatically. Surely if it was a real "we couldn't send this" it wouldn't be classed as junk?
Happens to me with my work e-mail. Definately spammers spoofing my address. Sometimes it looks like I'm spamming myself! Just started to happen with my private e-mail too after 5+ years of careful (I thought) use.
Oh well at least it's confirmed my theory and can be safe in the knowledge it's not the mail server, maybe there's a rule I can set up to dump anything with Mail Daemon, Undeliverable etc for that address? Being a shared mailbox the rule would have to act as mail was arriving rather than happening through Outlook.
Don't really wanna fiddle with the Exchange server too much atm as it's on its last legs and rocking the boat isn't a great idea but would be good to know what options I got...
You can do that with Exchange - not too hard from what I can remember.
Our main enquiries address gets swamped too - typically less than 10% of new mails are genuine!
My personal (GMail) address is getting hammered at the moment too, around 20 spam emails every day, but the filter is catching every one of them. I used to get hardly any, only 1 or 2 a week, so I'm wondering where I've been careless with publishing my email address...
I would advise caution setting rules on inbound failure messages, as it will of course catch any real failure notifications too.
On our school website i put the address in a picture, the bots have no chance of detecting it.
Just saw quite a nice idea today - the address is in text but with the "@" as an image. I'm guessing that most bots will parse the text of a page looking for the "@" symbol so if you take that out then there's nothing for them to find.
We had this problem with our enquiries page on the school website.
I scrapped the original enquiries email address and created a new one. I then used an alias to that address on the website enquiries form. When the alias starts to get spammed; I simply kill the alias and create a new one and change the address the web form uses.
I also feel that avoiding the obvious names for email addresses may help. Enquiries@ is an obvious address for robots to create without scanning your web page.
There are currently 1 users browsing this thread. (0 members and 1 guests)