Spam has been driving me mad recently – more so than usual. Normally 99% of my spam is caught by SpamAssassin, but over the past two months the amount of spam getting through to my inbox has increased dramatically – from 1-2 a day to about 50. It seems that the spammers have found SpamAssassin and are using it to test their messages and ensure they get a low score before they send them.
I haven’t yet found a solution to this. Greylisting isn’t possible for me, as I don’t control my secondary MX. I’m already using recipient address verification and SPF which helps quite a bit, but it’s still not enough. Any suggestions would be welcome…
What I’m getting a lot of at the moment is spam telling me I should buy shares in some obscure company – I’m frankly amazed that these companies are not immediately delisted from their respective stock exchanges and the company directors fined millions of dollars (they’re all American companies, of course). Even more annoying is the fact that the spam is correct in its claims that the value of the shares concerned will rise: morons buy them in response to the spam so the price does actually go up. Arghhhhhhh!!!
On the subject of spam a spammer recently compromised a feedback form that I use on a few sites and discovered a way to make it relay their spam. Only one spam actually got sent before I noticed (and it bounced, because it was to a non-existent address) but this drives me mad. Anyone writing feedback forms in PHP should read this.
In an (almost certainly too late) attempt to reduce spam I’ve added a text-based maths captcha to my contacts page, so you have to answer a simple question before you can get my e-mail address. My e-mail address has only ever been published as an image, but I know that it is possible for someone suitably determined to extract the text from it.
Also I’ve upgraded the spam protection used on my blog. Previously I was using a simple ‘enter the following phrase’ text-based captcha which was very (but not totally) effective. I’ve now changed this to a maths-based captcha since it means that I don’t have to remember to change the phrase every few months as before. Most spam that targets this blog now comes in the form of trackbacks, which are much harder to control since they are designed to be submitted by automated scripts. I have now implemented trackback verification, which checks whether the URL given in a trackback actually contains a link to my site. I know that this won’t be 100% effective since some trackback spammers do create pages with the URLs of all the sites they’re spamming on them, but every little helps.
Whatever happened to the good old days when we could post our e-mail addresses on our websites as simple mailto: links…?
