[thelist] Spam Cop??

Jeroen Sangers evolt at jeroensangers.com
Thu Feb 13 10:26:01 CST 2003


Koutoulas, Pete <PKOUTOUL at Fayette.k12.ky.us> wrote:
> In my opinion the very best spam tool around is the one I use at home
> -- POPFile. It uses AI (naive Bayes) to classify spam -- and other
> categories of mail that I can set up -- and it gets better at it the
> more you use it. Highly recommended.

Bayesian type filters do indeed a good job filtering for spam. But they do
nothing to stop spam and they don't reduce the corresponding bandwidth use.
This is specifically a problem for users using a slow modem.

> As for Spam Cop, they list a phone number in the email but so far no
> answer. After reading the info at their site, the only thing I can
> figure out is last month I sent out about 50 messages to people who
> had signed up months ago to be notified of changes to my website.
> According to Spam Cop, such lists must be double-opt in and mine was
> not. Maybe someone signed up for my notification service, then forgot
> about it until they got "spammed" by me. Guess I'll have to set up
> something a little more sophisticated...

Double opt-in is the norm in these times...

> One other thought I had. My script that processes a response form on
> my site is hard-coded to send the responses to my email address.
> There is no way that I know of someone could exploit that script to
> send email to 3rd parties. But then again, I'm no hacker. Do you all
> think a script like this could be exploited some way? The important
> thing to note is that the script takes no parameters other than the
> contents of the form fields -- there is no way to pass it an email
> address and have it send mail to that address.

There are many ways a script can be exploited. I suggest that you read about
the vulnarabilities in the famous FormMail script
(www.monkeys.com/anti-spam/formmail-advisory.pdf) so you can decide whether
one of these problems apply to your script.


Kind regards,

Jeroen Sangers

www.jeroensangers.com
www.fimcap.org





More information about the thelist mailing list