Stopping e-mail abuse
Online Advertising
Stopping e-mail abuse
Anti-spam appliances | Content filtering | Context filtering | Distributed Checksum Clearinghouse | DomainKeys | Greylisting | GTUBE | Hashbusters | MULE email | Tarpit
E-mail
has become the subject of much abuse, in the form of both
spamming and
E-mail worm programs. Both of these flood the in-boxes of E-mail
users with junk E-mails, wasting their time and money, and often
carrying offensive, fraudulent, or damaging content. This article
describes the efforts being made to stop E-mail abuse and ensure
that E-mail continues to be usable in the face of these threats.
Protection against spam
End users can protect themselves from the brunt of spam's impact in numerous
ways.
Spam filters
The continuing increase in spam has resulted in rapid growth in the use of
spam filter programs: software designed to examine incoming email and
separate spam emails from genuine email messages intended for the user.
Unwanted e-mail can be filtered at the desktop, the network email
server/email gateway, the Internet Service Provider's email gateway, or all
three locations. While network managers and ISPs can choose hardened
email security appliances,
services
or software designed to interdict both
spam
and viruses,
desktop users are frequently limited to a software-based solution.
A number of commercial spam filtering programs exist and are readily
available, but many
freeware and shareware spam filters are also available for easy downloading and
installation. Spam filters are currently included as standard features in nearly
every available email client, though the quality of these built-in filters can be low; for some
users, this may necessitate the use of a higher quality filtering solution.
Preventing Address Harvesting
Preventing spammers from obtaining your email address doesn't really solve
the spam problem, any more than avoiding all but lowest crime areas of a city
solves crime. Many people cannot hide their email addresses and most people want
to meet new people via email. They just don't want the flood of spam. It may,
however, reduce the amount of spam that you receive.
One way that spammers obtain email addresses to target is to trawl the Web
and Usenet for strings which look like addresses, using a
spambot.
Contact forms and
address munging are good ways to prevent email addresses from appearing on
these forums. If the spammers can't find the address, the address won't get
spam.
There are other ways that spammers can get addresses such as "dictionary
attacks" in which the spammer generates a number of likely-to-exist addresses
out of names and common words. For instance, if there is someone with the
address adam@example.com, where 'example.com' is a popular ISP or mail
provider, it is likely that he frequently receives spam.
Address munging
- Main article:
Address munging
Posting anonymously, or with an entirely faked name and address, is one way
to avoid this "address harvesting", but users should ensure that the faked
address is not valid. Users who want to receive legitimate email regarding their
posts or Web sites can alter their addresses in some way that humans can figure
out but spammers haven't (yet). For instance, joe@example.net might
post as joeNOS@PAM.example.net, or display his email address as an
image instead of text. This is called
address munging, from the
jargon
word "mung" meaning to break.
Contact Forms
Contact forms allow users to send email by filling out forms in a web
browser. The web server takes the form data and forwards it to an email address.
The user (and therefore the spam harvester) never sees the email address.
Contact forms have the drawback that they require a website that supports server
side scripts. They are also inconvenient to the message sender as he is not able
to use his preferred e-mail client. Finally if the software used to run the
contact forms is buggy or badly designed they can become spam tools in their own
right.
Disposable e-mail addresses
Many email users sometimes need to give an address to a site without complete
assurance that the site will not spam, or leak the address to spammers. One way
to mitigate the risk of spam from such sites is to provide a disposable
email address -- a temporary address which forwards email to your real account,
but which you can disable or abandon whenever you see fit.
A number of services provide disposable address forwarding. Addresses can be
manually disabled, can expire after a given time interval, or can expire after a
certain number of messages have been forwarded. Some of these services allow
easier creation of disposable addresses via various techniques.
Defeating Web bugs and JavaScript
Many modern mail programs incorporate
Web browser functionality, such as the display of HTML, URLs, and images. This
can easily expose the user to pornographic or otherwise offensive images in
spam. In addition, spam written in HTML can contain JavaScript
programs to direct the user's Web browser to an advertised page, or to make the
spam message difficult or impossible to close or delete. In some cases, spam
messages have contained attacks upon security vulnerabilities in the HTML
renderer, using these holes to install
spyware.
(Some
computer viruses are borne by the same mechanisms.) Also, the HTML can be
used to signal whether a spam message is actually read and seen by a user.
Users can defend against these methods by using mail clients which do not
automatically display HTML, images or attachments, or by configuring their
clients not to display these by default.
Avoiding responding to spam
It is well established that some spammers regard responses to their messages
-- even responses which say "Don't spam me" -- as confirmation that an email
address refers validly to a reader. Likewise, many spam messages contain Web
links or addresses which the user is directed to follow to be removed from the
spammer's mailing list.
In several cases, spam-fighters have tested these links and addresses and
confirmed that they do not lead to the recipient address's removal -- if
anything, they lead to more spam.
In late 2003, the USA FTC launched a public relations campaign to encourage email users to simply
never respond to a spam email -- ever. This campaign stemmed from the
tendency of casual email users to reply to spam, in order to complain and
request the spammer to cease sending spam.
Perhaps more significantly, since the sender address fields borne by spam
messages are almost always forged, a reply to a spam message is likely to reach
an innocent third party if it reaches anyone at all.
In Usenet,
it is widely considered even more important to avoid responding to spam. Many
ISPs have software that seeks out and destroys duplicate messages. Someone may
see a spam and respond to it before it is cancelled by their server, which can
have the effect of reposting the spammer's spam for them; since it is not just a
duplicate, this reposted copy will last longer.
See also the
Boulder Pledge.
Reporting spam
The majority of ISPs explicitly forbid their users from spamming, and eject
from their service users who are found to have spammed. Tracking down a
spammer's ISP and reporting the offense often leads to the spammer's service
being terminated. Unfortunately, it can be difficult to track down the spammer
-- and while there are some online tools to assist, they are not always
accurate. Also occasionally spammers own their own netblocks. In this case the
abuse contact for the netblock can be the spammer itself and can confirm your
address as live.
Examples of these online tools are
SpamCop, Network Abuse Clearinghouse and Blue Frog.
These provide automated or semi-automated means to report spam to ISPs. Some
spam-fighters regard them as inaccurate compared to what an expert in the email
system can do; however, most email users are not experts.
Consumers may also forward "unwanted or deceptive spam" to an email address (spam@uce.gov
) maintained by the
FTC. The database so collected is used to prosecute perpetrators of various
types of scam or deceptive advertising.
Defense against email worms
In the past several years, scores of worm programs have used email systems as
a conduit for infection. The worm program transmits itself in an email message,
usually as a MIME attachment. In
order to infect a computer, the executable worm attachment must be opened. In
almost all cases, this means the user must click on the attachment. The worm
also requires a software environment compatible with its programming.
Email users can defend against worms in a number of ways, including:
- Avoiding email client software which supports executable attachments.
The most frequently-targeted client software for email worms is
Microsoft Outlook and Outlook Express, both of which can easily be made
to open executable attachments. However, other Windows-based email software
is not immune to worms.
- Using an operating system which does not provide an environment
compatible with present worms. Essentially all current email worms affect
only the
Microsoft Windows operating system. They cannot execute on Macintosh, Unix,
GNU/Linux, or other operating systems. In some cases, it is conceivable that a worm could be
written for one of these systems; however, various security features
militate against it.
- Using up-to-date
anti-virus software to detect incoming worms and quarantine or delete
them before they can take effect.
- Being skeptical of unsolicited email attachments. Since worms and other
email-borne
malware arrive in this form, some email users simply refuse to open
attachments that the sender has not given them advance notice of.
Examination of anti-spam methods
There are a number of services and software systems that mail sites and users
can use to reduce the load of spam on their systems and mailboxes. Some of these
depend upon rejecting email from Internet sites known or likely to send spam.
Others rely on automatically analyzing the content of email messages and weeding
out those which resemble spam. These two approaches are sometimes termed
blocking and filtering.
Blocking and filtering each have their advocates and advantages. While both
reduce the amount of spam delivered to users' mailboxes, blocking does much more
to alleviate the
bandwidth
cost of spam, since spam can be rejected before the message is transmitted to
the recipient's mail server. Filtering tends to be more thorough, since it can
examine all the details of a message. Many modern spam filtering systems take
advantage of
machine learning techniques, which vastly improve their accuracy over manual
methods. However, some people find filtering intrusive to privacy, and many mail
administrators prefer blocking to deny access to their systems from sites
tolerant of spammers.
DNSBLs
- Main article:
DNSBL
DNS-based Blackhole Lists, or
DNSBLs, are used
for heuristic filtering and blocking. A
site publishes lists (typically of IP addresses) via the
DNS, in such a way that mail servers can easily be set to reject mail from
those sources. There are literally scores of DNSBLs, each of which reflects
different policies: some list sites known to emit spam; others list
open mail relays or proxies; others list ISPs known to support spam. Other
DNS-based anti-spam systems list known good ("white") or bad ("black") IPs
domains or URLs, including RHSBLs and URIBLs. For history, details, and examples
of DNSBLs, see DNSBL.
Content-based filtering
Until recently, content filtering techniques relied on mail administrators
specifying lists of words or
regular expressions disallowed in mail messages. Thus, if a site receives
spam advertising "herbal Viagra", the administrator might place these words in
the filter configuration. The mail server would thence reject any message
containing the phrase.
Content based filtering can also filter based on content other than the words
and phrases that make up the body of the message. Primarily, this means looking
at the header of the email, the part of the message that contains information
about the message, and not the body text of the message. Spammers will often
spoof fields in the header in order to hide their identities, or to try to
make the email look more legitimate than it is; many of these spoofing methods
can be detected. Also, spam sending software often produces a header that
violates the
RFC 2822 standard on how the email header is supposed to be formed.
Disadvantages of this static filtering are threefold: First, it is
time-consuming to maintain. Second, it is prone to false positives. Third, these
false positives are not equally distributed: manual content filtering is prone
to reject legitimate messages on topics related to products advertised in spam.
A system administrator who attempts to reject spam messages which advertise
mortgage refinancing may easily inadvertently block legitimate mail on the same
subject.
Finally, spammers can change the phrases and spellings they use, or employ
methods to try to trip up phrase detectors. This means more work for the
administrator. However, it also has some advantages for the spam fighter. If the
spammer starts spelling "Viagra" as "V1agra" or "Via_gra",
it makes it harder for the spammer's intended audience to read their messages.
If they try to trip up the phrase detector, by, for example, inserting an
invisible-to-the-user HTML comment in
the middle of a word ("Via<!---->gra"), this sleight of hand is itself easily
detectable, and is a good indication that the message is spam. And if they send
spam that consists entirely of images, so that anti-spam software can't analyze
the words and phrases in the message, the fact that there is no readable
text in the body can be detected.
However, content filtering can also be implemented by examining the
URLs present (i.e.
spamvertised) in an email message. This form of content filtering is much harder
to disguise as the URLs must resolve to a valid domain name. Extracting a list
of such links and comparing them to published sources of spamvertised domains is
a simple and reliable way to eliminate a large percentage of spam via content
analysis.
Statistical filtering
Statistical filtering was first proposed in
1998 by Mehran Sahami et al., at the AAAI-98 Workshop on Learning for Text
Categorization. A statistical filter is a kind of document classification
system, and a number of machine learning researchers have turned their attention
to the problem. Statistical filtering was popularized by Paul Graham's
influential 2002 article
A Plan for Spam, which proposed the use of
naive Bayes classifiers to predict whether messages are spam or not – based
on collections of spam and nonspam ("ham") email submitted by users.
[1]
Statistical filtering, once set up, requires no maintenance per se: instead,
users mark messages as spam or nonspam and the filtering software learns from
these judgements. Thus, a statistical filter does not reflect the software
author's or administrator's biases as to content, but it does reflect the
user's biases as to content; a biochemist who is researching Viagra won't
have messages containing the word "Viagra" flagged as spam, because "Viagra"
will show up often in his or her legitimate messages. A statistical filter can
also respond quickly to changes in spam content, without administrative
intervention.
Spammers have attempted to fight statistical filtering by inserting many
random but valid "noise" words or sentences into their messages while attempting
to hide them from view, making it more likely that the filter will classify the
message as neutral. (See
Word salad (computer science).) Attempts to hide the noise words include
setting them in tiny
font or the
same colour as the background. However, these noise countermeasures seem to have
been largely ineffective.
Software programs that implement statistical filtering include
Bogofilter,
the e-mail programs
Mozilla and Mozilla Thunderbird, and later revisions of SpamAssassin. Another
interesting project is CRM114 which
hashes phrases and does bayesian classification on the phrases.
There is also the free mail filter
POPFile
[2] which sorts mail in as many categories as you want (family, friends,
co-worker, spam, whatever) with bayesian filtering.
Checksum-based filtering
Checksum-based filter takes advantage of the fact that often, for any
individual spammer, all of the messages he or she sends out will be mostly
identical, the only differences being
web bugs, and when the text of the message contains the recipient's name or
email address. Checksum-based filters strip out everything that might vary
between messages, reduce what remains to a checksum, and look that checksum up in a database which collects the checksums of messages
that email recipients consider to be spam (some people have a button on their
email client which they can click to nominate a message as being spam); if the
checksum is in the database, the message is likely to be spam.
The advantage of this type of filtering is that it lets ordinary users help
identify spam, and not just administrators, thus vastly increasing the pool of
spam fighters. The disadvantage is that spammers can insert unique invisible
gibberish -- known as
hashbusters -- into the middle of each of their messages, thus making
each message unique and having a different checksum. This leads to an
arms race
between the developers of the checksum software and the developers of the
spam-generating software.
Checksum based filtering methods include:
Authentication and Reputation (A&R)
A number of systems have been proposed to allow acceptance of email from
servers which have authenticated in some fashion as senders of only legitimate
email. Many of these systems use the DNS, as do DNSBLs; but rather than being
used to list nonconformant sites, the DNS is used to list sites authorized to
send email, and (sometimes) to determine the reputation of those sites. Other
methods of identifying ham and spam are still used. The A&R allows much ham to
be more reliably identified, which allows spam detectors to be made more
sensitive without causing more false positive results. The increased sensitivity
allows more spam to be identified as such. Also, A&R methods tend to be less
resource-intensive than other filtering methods, which can be skipped for
messages identified by A&R as ham.
Further information:
E-mail authentication,
DomainKeys,
and
SPF
Sender-supported whitelists and tags
There are a small number of organizations which offer IP whitelisting and/or
licensed tags that can be placed in email (for a fee) to assure recipients'
systems that the messages thus tagged are not spam. This system relies on legal
enforcement of the tag. The intent is for email administrators to whitelist
messages bearing the licensed tag.
A potential difficulty with such systems is that the licensing organization
makes its money by licensing more senders to use the tag -- not by strictly
enforcing the rules upon licensees. A concern exists that senders whose messages
are more likely to be considered spam who would accrue a greater benefit by
using such a tag. The concern is that these factors form a
perverse incentive for licensing organizations to be lenient with licensees
who have offended. However, the value of a license would drop if it was not
strictly enforced, and financial gains due to enforcement of a license itself
can providee an additional incentive for strict enforcement. The Habeas mail
classing system attempts to further address this issue this by classing email
according to origin, purpose, and permission. The purpose is to describe why the
email is not likely spam, but permission based email.
Ham passwords
Another approach for countering spam is to use a "ham password". Systems that
use ham passwords ask unrecognised senders to include in their email a password
that demonstrates that the email message is a "ham" (not spam) message.
Typically the email address and ham password would be described on a web page,
and the ham password would be included in the "subject" line of an email
address. Ham passwords are often combined with filtering systems, to counter the
risk that a filtering system will accidentally identify a ham message as a spam
message.
The
"plus addressing" technique appends a password to the "username" part of the
email address.
Cost-based systems
Since spam occurs primarily because it is so cheap to send, a proposed set of
solutions require that senders pay some cost in order to send spam, making it
uneconomic.
Stamps
Some gatekeeper such as Microsoft would sell electronic stamps, and keep the
proceeds. Or a
Micropayment, such as Electronic money would be paid by the sender to the recipient or their ISP,
or some other gatekeeper.
Hashcash
Hashcash
and similar systems require that a sender pay a computational cost by performing
a calculation that the receiver can later verify. Verification must be much
faster than performing the calculation, so that the computation slows down a
sender but does not significantly impact a receiver. The point is to slow down
machines that send most of spam -- often millions and millions of them. While
every user that wants to send email to a moderate number of recipients suffers
just a seconds' delay, sending millions of emails would take an unaffordable
amount of time.
Bonds
As a refinement to stamp systems was the idea of requiring that the
micropayment only be retained if the recipient considered the email to be
abusive. This addressed the principal objection to stamp systems: popular free
legitimate mailing list hosts would be unable to continue to provide their
services if they had to pay postage for every message they sent out.
Issues
A difficulty that must be dealt with by most anti-spam methods, including
DNSBLs, Authentication and Reputation (A&R), Sender-supported whitelists and
tags, Ham passwords, cost-based systems, Heuristic filtering, and
Challenge/response systems is that spammers already (illegally)
use other people's computers to send spam. The computers in question are
already infected with viruses and spyware operated by the spam senders, in some
cases seriously damaging the computer's responsiveness to the legitimate user.
Spam from the legitimate user's computer can be sent using the user's and/or
system's identity, list of correspondents, reputation, credentials, stamps,
hashcash and/or bonds. The added motivation to steal from such systems in order
to abuse these things may simply impel spammers to infect more computers and
cause greater damage. On the other hand, this could compel computer users to
finally secure their systems, reducing Botnets,
which would have myriad other benefits, as they are used for extortion,
phishing,
and terorrism, as well as spam. Ultimately, any system that holds senders
responsible for the mail they send needs to deal with the situation of
irresponsible senders that may send both spam and ham.
Heuristic filtering
Heuristic filtering, such as is implemented in the program
SpamAssassin, uses some or all of the various tests for spam mentioned
above, and assigns a numerical score to each test. Each message is scanned for
these patterns, and the applicable scores tallied up. If the total is above a
fixed value, the message is rejected or flagged as spam. By ensuring that no
single spam test by itself can flag a message as spam, the false positive rate
can be greatly reduced.
[3]
Tarpits and Honeypots
A tarpit is any server software which intentionally responds
pathologically slowly to client commands. A
honeypot
is a server which attempts to attract attacks. Some mail administrators operate
tarpits to impede spammers' attempts at sending messages, and honeypots to
detect the activity of spammers. By running a tarpit which appears to be an open
mail relay, or which treats acceptable mail normally and known spam slowly, a
site can slow down the rate at which spammers can inject messages into the mail
facility.
One tarpit design is the teergrube, whose name is simply
German for "tarpit." This is an ordinary SMTP server which intentionally
responds very slowly to commands. Such a system will bog down SMTP client
software, as further commands cannot be sent until the server acknowledges the
earlier ones. Several SMTP MTAs, including Postfix and Exim, have a teergrube
capacity built-in: when confronted with a client session which causes errors
such as spam rejections, they will slow down their responding
[4]. A similar approach is taken by
TarProxy.
Another design for tarpits directly controls the TCP/IP protocol
stack, holding the spammer's network socket open without allowing any traffic
over it. By reducing the TCP window size to zero, but continuing to acknowledge
packets, the spammer's process may be tied up indefinitely. This design is more
difficult to implement than the former. Aside from anti-spam purposes, it has
also been used to absorb attacks from network worms.
[5]
As of late 2005 much of the spam sent is through so-called "zombie" systems,
of which there are potentially a very large number. This makes the actual
effectiveness of tarpits questionable, as there are so many spam sources that
slowing just a few has little real effect on the volume of spam received.
Another approach is simply an imitation MTA (open relay honeypot) which gives
the appearance of being an open mail relay. Spammers who probe systems for open
relay will find such a host and attempt to send mail through it, wasting their
time and potentially revealing information about themselves and the source of
spam to the unexpected alert entity (in comparison to the anticipated careless
or unskilled operator typically in charge of open relay MTA systems) that
operates the honeypot. Such a system may simply discard the spam attempts,
submit them to DNSBLs,
or store them for analysis. It may be possible to examine or analyze the
intercepted spam to find information that allows other countermeasures. (One
honeypot operator was able to alert a freemail supplier to a large number of
accounts that had been created as dropboxes for the receipt of responses to
spam. Disabling these dropbox email accounts made the entire spam run, including
the spam messages relayed through actual open relays, useless to the spammer: he
could not receive any of the responses to the spam sent by gullible customers.)
The SMTP honeypot may also selectively deliver relay test messages to give a
stronger appearance of open relay (though care is needed here as this means the
honeypot itself and the network it is on could end up on spam blacklists). SMTP
honeypots of this sort have been suggested as a way that end-users can interfere
with spammers' activities (code: Java
[6], Python
[7]).
As of late 2005 open relay abuse to send spam has greatly declined, resulting
in a lowered active effectiveness of open relay honeypots. (Passively, the
honeypots or threat of same create an inducement for spammers to not abuse open
relays.) Other types of honeypot (below) may still have great effectiveness.
Spammers also abuse open proxies, and open proxy honeypots (proxypots)
have had substantial success. Ron Guillmette reported in 2003 that he succeeded
in getting over 100 spammer accounts terminated in under 3 months, using his
network (of unspecified size) of proxypots. At that time spammers were so
careless that they sent spam directly from their servers to the abused open
proxy, making determination of the identity of the spammer's IP address trivial
so that it was easy to report the spammer to the ISP in control of that IP
address and easy for that ISP to terminate the spammer's account.
Unlike most other anti-spam techniques tarpits and honeypots work at the
relay, proxy, or zombie (collectively, "abuse") level. They work by targeting
spammer behavior rather than targeting spam content. One beneficial fallout from
this is that these tools are not required to have any means of distinguishing
spam from non-spam. Because they capture spam at the abuse level they are not
part of any legitimate email pathway and it can be confidently assumed that what
they capture is 100% spam or spam-related (e.g., test messages.) Anti-spam
measures at (or after) the destination server level protect specific email
addresses but must include code to distinguish spam from non-spam. Anti-spam
measures at the abuse level protect whatever the email addresses are that are
being targeted by the spam directed through them and are hence non-specific but
need no code to distinguish spam from non-spam. The main purpose of abuse-level
tools is targeting spam and spammers themselves while the main purpose of
server-level tools is to protect speecific email addresses. What abuse-level
tools lose in specificity may be more than made up by the inherent simplicity
that results from not having to be able to separate valid email from invalid
email.
In late 2005 Microsoft announced that it had converted an actual zombie
system to a zombie honeypot. One result of this was a lawsuit by Microsoft
against about 20 defendants, based on evidence collected by the zombie honeypot.
Note that there is some terminological confusion. Some people refer to "spamtraps"
as "honeypots." In this context a "spamtrap" is an email address created
specifically to attract spam. These run at the destination level rather than at
the relay, proxy or "spam zombie" level.
Challenge/response systems
Another method which may be used by internet service providers (or by
specialized services) to combat spam is to require unknown senders to pass
various tests before their messages are delivered. These strategies are termed
challenge/response systems or C/R, are currently
controversial among email programmers and system administrators.
For a discussion of the advantages and disadvantages of these systems.
Spam reduction tools
- Mozilla and the stand-alone Thunderbird: e-mail programs ("clients") with a Bayesian filter, i.e. a
filter that keeps learning and is therefore able to adapt to the constantly
changing forms of spam
- Disposable e-mail accounts, various types for registering on web sites
etc.
- E4ward.com You can use your own domain name or e4ward.com for your
aliases
Sneakemail original disposable email address service
Spamgourmet expire after a number of emails, but can be reset or ignored for
some senders
Jetable expiring in 1-8 days
Mailinator instant email accounts, self-destructing email after you read it.
shortMail.net expiring email forwarding accounts, and instant anonymous
online email
SpamDay allows you to create forward addresses and webmail addresses, valid
for 24 hours. Support for RSS feed!
SpamMotel Use it whenever you are required to give out your e-mail address
on the internet.
ipoo.org Signups without spam. Fast, no ads. Includes RSS to check your SPAM
inbox.
- Tools to filter out spam
- Bogofilter Statistical filter (not strictly Bayesian)
Firetrust MailWasher Pro. Removes spam while it is still on your POP3
server.
Hexamail Guard - Anti-spam gateway software
iMailLight smart plugin for Outlook, based on Bayesian filtering
SpamAssassin heuristic filter
CRM114 Uses a hidden Markov model to classify spam
SpamBayes Bayesian filter using ideas improving Paul Graham's ideas.
Spamihilator Free antispam program with a good-working bayesan filter
and a lot of other filters plugins. It works with almost all email
program.
SpamPal Free Windows filter with lots of filtering methods. Client or
server-side filtering.
TMDA, a challenge/response system
trimMail Inbox - Anti-spam firewall
Checksum-based filter:
Distributed Checksum Clearinghouse
Vipul's razor
- Tools to filter out viruses
- Contact forms that hide email addresses
- Contact Form - Open source (GPL) - Requires a webserver, Perl, and
Sendmail
form2mail - Open source (GPL) - Requires a webserver, PHP, MySQL, and
SendMail
MailWebForm Open source (GPL)- Requires Java, Java Servlets, and Java
Mail
SCForm - Open source (GPL) - Requires a websever, PHP and Sendmail
- Other tools
- Sam Spade program with tools
SpamCop a place to report spam
- Services which guarantee messages as not being spam:
- Habeas Sender Warranted Email
Bonded Sender
- Making it harder to harvest e-mail addresses
- Project Honey Pot
address-protector.com A service to protect email addresses with image
and audio captchas
SpamFreeze allows users to post a URL online instead of their email
address
External links
Home | Up | History of spamming | Stopping e-mail abuse | e-Mail spam | e-Mail fraud | Messaging spam | Mobile phone spam | Newsgroup spam | Spit (VoIP spam) | Honeypot | Spamware | Pills porn and poker | Joe job | Spam Prevention Early Warning System
Online Advertising, made by MultiMedia | Free content and software
This guide is licensed under the GNU
Free Documentation License. It uses material from the Wikipedia.
|