The e-mail address for my website is y-coach@y-coach.com. This is posted on my website and I think it is necessary to have for my visitors to contact me.

The problem is that it appears that some groups have hijacked it. they use something like bob246@y-coach.com and send out spam including porn.

My question is how do I stop this and how do I find out who is doing it?

Thanks,
Schann
http://www.y-coach.com

Well mate that is going to be difficult, check out this site: http://www.cert.org/tech_tips/email_spoofing.html it gives a good explanation on email spoofing , Specially this page http://www.cert.org/tech_tips/email_spoofing.html#III should be of interest as it explains counter measures. Goodluck

noab

I hate to say this but I think your domain name just went down the dumpers.

The problem, may be that y-coach.com was picked out the blue by a spammer, not that they specifically targeted your name. However, now that you know the problem, you have to deal with it.

I am sure someone can give you the link to abuse something something where blacklists get created and see where you stand with them.

In the mean time I would be registering a new domain, and if things go from bad to worse get ready to move.

Spammers don't all use webpages to get the emails, they have used and probably continue to use Registrar information.

Remember when you registered your domain name and you had to give them your email address?

Well, that is public record and available to anyone who wanted to look up your domain name. Now, there are registration services who say they provide more anonymity to your domain records, but it ofcourse comes with a price.

To be honest, it is my personal belief that if you have a domain name, you are at risk for email spoofing and other problems associated with that. It's happened to me ... and it's very prevailent right now with this horrid email worm and other viruses skipping across the network.

Getting on Email Blacklists is easy when you have a spammer spoofing your domain. It's happened to my firms domain. Found out one of our clients wasn't getting email because their mail server filters from some blacklists and somehow our domain ended up on one.

I am electing to use a Flash button for my email addresses from now on. The button will have the email address on it, but since it's a Flash .swf file, harvesters can't pick it up because the email is encoded in the graphic and the button.

Just one trick out of many...

I think the even bigger problem is the "Open Relay" issue. That's basically where you don't have any authentication set up on your SMTP server, so just anyone can spam through your own SMTP server.

I made this mistake a few months ago, not knowing enought about how e-mail servers work. Learn more... (http://www.ordb.org/faq/)

Over 2 millions e-mails were sent out over the course of 4 1/2 days. Obviously, I worked for a day to rid of us on blacklists. If you've found yourself subject to this, go here (http://www.lyris.com/blacklist/results.php) for some blacklist tools.

I have to show my ignorance here. How do I confirm with my hosting company (hostway) that the SMTP server is se-up correctly?

I've had people use my domain name over and over, sending, primarily virus laden email. It hasn't hurt my business at all, except when my own host blacklisted my domain. All of a sudden, no email for 3 days? I got that taken care of. My host has log in security for email and no one is running email through my server, but spoofing. I've looked at the headers of the email for abuse but haven't noticed anything. Of course, I forward all the email to Outlook Express through my ISP which then changes all the headers again.

The last week I've been getting 400 virus laden emails per day, most from someone spoofing my domain.

I looked over some of the information above. Looks pretty difficult to stop these thing and technically, pretty time consuming.

What exactly is "domain spoofing"? I think this is happening to my client right now too. I was checking out their site stats and noticed a whois lookup from some other site, and I checked it out. (The same happened to my own site recently too!) When I got to the WhoIs search page, a different url was listed at the top, and all the other information was correct. When I clicked on soandso.com's link, it brought me to my client's homepage!

I "sucked" the pages at that domain name (ftp) and found only the homepage, only the major buttons (no javascript or rollover buttons, etc.) and that was all that was there.

Regarding domain spoofing: When I sent a friend to that url, it was not available. So, is this spoofing my ISP? Or are they 2 different things?

I also have not been receiving any legitimate email from my own site for almost 2 months now! I AM however, getting plenty of "fake" web design requests using the forms on my site. I found out one of the senders was a hacker. So, is my email address on a Black List now too?
Since my site doesn't have email addresses posted anywhere in the HTML, how do you protect your site's forms from being filled out by hackers or their software? And is this a result of domain spoofing?

cyberserious. When I stopped getting email for 3 days, I had someone that has AOL send me a message. They received a message back that the address (mine) was undeliverable. That's when contacted my host and asked about it. They sent an abuse report in and within 2 days, my email was back to it's normal 50+ email's a day.

I truly don't know how you can stop someone from using your domain name as a spoofed address. I think it's probably impossible. The header reports, in outlook anyway, tell you where the original email came from. This assumes that your spam filter, virus checker and all these little gagets attached to our email don't s_itcan it first.

Hi,

I will tell you my own story and experience with email spoofing, two years ago i was setting up an intranet with a DSL connection for a hotel, the hotel owner didn't want to spend much on programming security so he told me to leave the mail server as open relay ... because there was a proxy (squid) in between he felt with acl rules will suffice, well a wekk after that someone was spoofing their domain, I noticed it because the name of the hotel domain was in between < "..." > and the real ip was masqueraded.
I traced the ips and where all origination from proxys, then after that he received 200,000 spoofed emails, so I convinced him to add a firewall and close the sendmail commands for open relay ...

Today i had another nasty experience i was cheking my own mail from my own domain and I got a mail from 'admin' telling me my email account is expiring, really weird because I control the email accounts, this is the first time it happens to me so I decided to change the password immediately. But i really want to know what kind of technique they used in order to do that, since i don't control the mail server rules, my host provider does, I don't know where the security flaw might be and how to prevent this in the future.

Thank you,

Rick Fitzgerald
CEO
Outlet Season LLC
http://www.outletseason.com

Remember to "hide" the email addresses in your forms... for those still using their hosts default FormMail.cgi, make sure they have the latest version or install it yourself.

And it's not always spoofing. Just this week one of my hosting clients (who i've known 20 years) was suddenly sounding out thousands and thousands of spam emails (for viagra type products no less). The account was suspended until the problem could be determined. The only thing we were able to figure was their password was easy to guess (and directly related to the domain) AND someone had logged in and installed a spam script, which they were using to send these messages. File deleted, passwords changed and the problem is taken care of.

This is prompting a bit of a newsletter reminder to my clients to keep their passwords difficult to guess in order to keep their accounts (and domains) in the clear.

-Diana

One poster to this thread has already made the point that using Flash graphics for e-mail addresses is one way to mask yours from the robot program that harvest e-mail addresses.

While I'm a long ways from being any sort of expert, I understand from people more knowledgeable than I am that using *any* sort of graphical representation of your e-mail address(es) accomplishes this.

I wish I had thought of that when I first put up my own site. I'm averaging around 400 e-mails a day. Until a few days ago, on average 10%-20% were legitimate, but for about the past week, that has dropped to a nearly steady 5%.

I believe one thing we can do over the longer term is to pressure governments to increase the severity of penalties for the people who steal and misuse our e-mail addresses. I feel there should be mandatory jail terms for any offense involving loss of revenue and/or expenses forced upon us by these criminals. And I don't mean "paper jail time" -- i.e., suspended sentences -- but real, behind-steel-bars time in a lock-up.

Firms around the world spend untold but certainly vast sums of money trying to protect themselves in cyberspace, sums of money that ultimately come out of our own pockets. Is that not theft? If someone picks my pocket and gets caught, he goes to jail; why should a cyberspace theif "picking my pocket" be treated any differently?

This is an issue that makes my blood blood boil, so I've had to really strive to keep this post halfway moderate, but that's just my 2 cents' worth.

Strongly Agree Mekhong! If we send some legit emails to people who have asked to be on our lists, then someone can't remember if they put their name on and files a complaint...It's our time and money proving that they did or face big $ fines.

We all know these guys are scammers and at least the big hosts such as AOL, Yahoo, NetZero, Earthlink, etc should take some time to figure out, by the headers what is masking and what is not. But they don't. They just blackmail and figure it's done. I've got lot's (LOTS) of AOL customers who have complained to me because I never responed to their email questions. I did, but AOL just blocks with the new spamblocker program, based on...? I don't know, they just block.

Spoofers should face serious jail time for their activities, plus fines.

Hi,
Today i had another nasty experience i was cheking my own mail from my own domain and I got a mail from 'admin' telling me my email account is expiring, really weird because I control the email accounts, this is the first time it happens to me so I decided to change the password immediately. But i really want to know what kind of technique they used in order to do that, since i don't control the mail server rules, my host provider does, I don't know where the security flaw might be and how to prevent this in the future.


Well, that's a virus there.

The MiMail virus http://vil.nai.com/vil/content/v_100523.htm spoofs an admin@ e-mail address. Your server has not been compromised... there's no security flaw... don't panic. :-)

I've gotten e-mails claiming to be from every admin@ from every site I deal with, and it's all bunk.

Learn how to read mail headers... it's pretty simple, and it goes a long way to helping determine where stuff originates.

For instance, the new MyDoom virus that's sweeping the nation, starts out by casually appearing from one site, when it's really from another. The headers show this rather quickly...

Return-Path: <maria@www.bogusdomain.xxx>
Delivered-To: my@address.bogus
Received: from www.bogusdomain.xxx (297-977-159-186.in-addr.anotherbogusone.com [297.977.159.186])

So, my mailer shows the mail is from "maria@www.bogusdomain.xxx" but by looking at the headers, I can see the virus attempted to spoof the domain:

"Received: from www.bogusdomain.xxx"

but the server picked up the real IP address of the server it was sent from: "(297-977-159-186.in-addr.anotherbogusone.com [297.977.159.186])" so I could (in theory) send a note to the admin of anotherbogusone.com and tell him one of his users has the virus... but then we admins would all be swimmming in that kind of mail. :)

There is very little hacking going on, and lots and lots of viruses and worms that forge an e-mail address rather easily.

Also, don't assume that a spammer is sending out millions of e-mails with your domain name; it may just be targeted towards you since your filters are more likely to let something thru from someone at the same domain as you than not.

I think the even bigger problem is the "Open Relay" issue. That's basically where you don't have any authentication set up on your SMTP server, so just anyone can spam through your own SMTP server.

Good news! This is not the case with your mail server. How do I know this? Because I do our email admin and know how to check as follows:

telnet y-coach.com smtp
Trying 64.66.154.245...
Connected to y-coach.com (64.66.154.245).
Escape character is '^]'.
220 liza.siteprotect.com ESMTP Sendmail 8.11.6/8.11.6; Thu, 5 Feb 2004 22:24:53 -0600
ehlo y-coach.com
250-liza.siteprotect.com Hello rrcs-sw-24-153-191-251.biz.rr.com [24.153.191.251], pleased to meet you
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-SIZE 10000000
250-DSN
250-ONEX
250-ETRN
250-XUSR
250 HELP
mail from: anyuser@y-coach.com
250 2.1.0 anyuser@y-coach.com... Sender ok
rcpt to: jaydrake@inthecastle.com
550 5.7.1 jaydrake@inthecastle.com... Relaying denied
quit
221 2.0.0 liza.siteprotect.com closing connection
Connection closed by foreign host.

What's important to note there is the line that says "Relaying denied"

What that means is that I couldn't just fake an address and try to send mail through your mail server to myself. What you seem to be a victim of is spoofing, which means that while they send the mail through some other smtp server (not yours, possibly one that is an open relay) it appears to have come from your domain.

The bad news is that there is nothing you can do about this other than gather the email headers from the angry people who got these emails and try to track down where they really came from. Likely this won't do you any good.

The good news is MOST (and any that a sensible email administrator would use) email blacklists don't concern themselves with spoofed email like this, or at least don't blacklist the domain that was spoofed. (Because that domain had nothing to do with it and smart mail admins recognize this - and tell the less smart ones.)

What can you do about email spoofing? Nothing. Other than that, you're secure as need be.

Oh, and to get back on topic...

Brian Livingston wrote an excellent mini e-book outlining the best ways of masking your address, from using the aforementioned Flash trick to Javascript to obscure your address...

https://briansbuzz.com/spamproof/buy.php

Well worth the read... I would suggest signing up for his paid newsletter (pay what you can), since this was a freebie giveaway...

You may not be aware of this but most times when you end up with spoofed emails from your domain (not to mention lots of unwanted spam) it is because the email addresses were origionally "harvested" off of your web pages with a robot or spider built specifically to collect them.

You can protect the email addresses on your web pages by using the following Javascript code where you would like your email address to appear. I have aptly named it "Spam Bot Killer"

<script language="JavaScript">
<!--
// hide script
var stb_domain = "yourdomain.com"
var stb_user = "theaccountnamehere"
var stb_recipient = stb_user + "@" + stb_domain
var stb_url = "mailto:" + stb_recipient
document.write(stb_recipient.link(stb_url));
// -->
</script>

Change the "yourdomain", of course, to your domain name and the "youraccountnamehere" part to whatever is before the @. The link will show on your page as youraccountnamehere@yourdomain.com and it will be clickable. However the bots and spiders will not be able to harvest your email addresses any longer.

Hope this helps! Enjoy.

Another quite simple but effective solution is to use the script you can download here: http://www.technobreeze.com/php/form2email/ it will allow you to be contacted through a form insteadof publishing your email. another advantage is that you can set up the form exactlyas you wish.

enjoy

I just want to say that this is some excellent information in this particular topic. I have learned and picked up quite a bit and will apply some of these techniques to my site! Thanks!

There really is very little you can do about e-mail spoofing. Disguising e-mail addresses on a web page doesn't stop someone sending e-mail from admin@yourdomain or bob@yourdomain or any other e-mail address including legitimate ones.

Technically spoofing is very simple to do and a lot of people use it for perfectly innocent uses - for example I use it to send mails from my work account when I'm working from home. The problem is when someone hijacks your SMTP server or IP address to send mass mailings thus hiding their true IP address so that they cannot be brought to book for their activities.

There are new e-mail protocols being proposed to address this issue, but these appear to be a long way off at the moment see http://www.eweek.com/article2/0,4149,1504787,00.asp for one article on the subject.

I am so grateful to the panel that helps us wannabees out. You have presented so many things in the short time I have joined from security, html tricks, etc. Thank you all. I am so glad I stumbled upon your site. These issues really concern me and my business. We are not a large corporation and have specific departments that deal with these issues. I agree that these people need to rot in jail and elsewhere for the amount of time and money it costs us. Even if you have the extra cash it is still money out the door because of these folks with nothing better to do. Thank you all for all your insight and wisdom.

I belive it's possible to mask email addesses on website using Java Script. The email displays alright but it is not possible for Spammers to use programs, (Harvesting), to find and post to them.

Although it could be easy to guess and email just add webmaste@ to the domain name.

There are laws in place to help stop Spam, but these laws, in my view, are ineffective at this time.

View Harvesting and Spam information at:-
http://www.solutions.ukdots.com/advertising_methods.html

Java Script links and Spam Filters at:-
http://www.downloads.ukprofessionals.com

Well I must say that it's the second time this week that webproworld hepls me with a pb I, or one of my customer encountered .

Regarding this email spoofing relaying issue I found a great tool that seems to check if your server relays email:

http://www.abuse.net/relay.html

Hope this helps

Leo

Okay, I see a lot of people suggesting ways that you can mask your email address to keep people from sending mail that looks like you, but this really isn't the initial problem at all. The address that is on the web is 'y-coach@y-coach.com' and the address that is being used in the spoofed email header is 'something like bob246@y-coach.com'. This said, no amount of protecting your email address, whether on your web site, in the public records for domain name ownership or in any other practice will be of any help. You cannot stop spoofing. All they need to know to spoof you is your domain name, which they already have if they get to your site. At that point they just attach any user part to the host part and voila, it looks like it came from your server.

If you really want your email address to be safe from email harvesters, don't publish it on your site. Use an email form where the email address is in the backend code that is only visible to your server. Any method of masking your email address that gains any popularity will be reverse engineered. These people designed programs that comb the web in search of email addresses. Simple scripts and tricks to mask your email will not slow them down.

Jay Drake has it right. Server-side code for your 'contact-us' forms is the way to go.

However, hiding email address within a graphic will probably continue to stop the harvesters because there are millions of easy-to-get email addresses out there.

Harvesting is collecting them to use as spam recipients though. The main thing we're discussing is the highjacking of email addresses.

For instance, it is no trouble at all for me to send you an email 'from' dubya@whitehouse.com, etc. from ANY domain, using a tiny server-side script.

First of all let me just say thanks to all here for your intelligent responses an especially to JayDrake for taking the time to check my server.

I have been a member for some time and and have replied a few times but this is the first time that I have posted on a specific topic.

WOW! What a community. I can't say thanks enough. I at least know I don't have a security problem and I know I am not alone with this problem.

Schann


http://www.y-coach.com

WOW! What a community. I can't say thanks enough. I at least know I don't have a security problem and I know I am not alone with this problem.

You're absolutely right about this community, and for my part, you are quite welcome. Once upon a time my mail server was an open relay and it was definitely not a fun experience.

Don't know about everyone else, but my host uses a form of mail verification. If it's enabled, any email sent from my domain will be checked to see if it really comes from my mail server. Puts an end to this kind of stuff very easily.

Happy coding,
The Martian

Don't know about everyone else, but my host uses a form of mail verification. If it's enabled, any email sent from my domain will be checked to see if it really comes from my mail server. Puts an end to this kind of stuff very easily.

That will only keep them from utilizing your smtp server. Not from spoofing. When spoofing, your smtp server isn't involved at all. Instead, it works like this:

- Bad people forge headers and send email through one of many open relay mail servers or, possibly, their own email server.

- Email leaves their computer and goes to their chosen smtp server which doesn't care at all who the mail is from or to

- Email arrives at the destination server, which happily accepts what appears to be good mail to a good recipient

- Recipient checks his mail and gets nasty porn spam that appears to be from you

- Recipient scrawls a hastily written hate letter and sends it back to you

- You receive hate letters and wonder what in the world is going on

Jay's right on the money, Alienz..

Here's a little script in PHP that'll give you the idea:

$from = "spam@yourdomain.com";
$email = "unwary@recipient.com";
$subject = "Spam";
$message= "This spam appears to come from yourdomain!\n";
mail("$email","$subject","$message","From: $from\nX-Mailer: PHP/" . phpversion());

It doesn't care what address you use for 'from'. The I.P. will show the actual server, but who'll bother to check that? By the way, the real spammer jerks can hide their I.P.'s too.

You guys are correct about spoofing, but I believe if the same technology is used on the receiving end the email will be rejected if it didnt come from my SMTP server. I don't remember the article they released word for word, but I'll find it here sometime today if I can get away from posting LOL

Happy coding,
The Martian

You guys are correct about spoofing, but I believe if the same technology is used on the receiving end the email will be rejected if it didnt come from my SMTP server.

I'm afraid not. Your server has 2 choices, accept what some other SMTP server says is legitimate or only accept what your SMTP server says is legitimate. In the latter case, which is essentially what you describe, you would only be able to get email from those domains which belong to your SMTP server. (Though a white list could be added as well, but that would be limited.)

I've got an inkling of a possibility of an idea at the back of my head of how to make some modifications to the general behavior of smtp servers which might actually help to combat these sorts of problems to some degree, but I haven't gone very far with it so far. Maybe some day I'll get it together and we can all benefit.

I am electing to use a Flash button for my email addresses from now on. The button will have the email address on it, but since it's a Flash .swf file, harvesters can't pick it up because the email is encoded in the graphic and the button.

Just one trick out of many...

Harvesters can't read it, and nor can people with disabilities using web reading software... :o(

Also, I've received plenty spam messages from my domain, with usernames that do not and have never existed. (My account has a catchrest set up).

So harvesting isn't the problem, as some others said.
Whatever solution is created will always be beaten; if it can be built, it can be broken! Certain measures may stop the lower level "amateurs", which would be great, but I have a dark feeling we're heading for a Mad Max type existence on the web... if you don't want to be attacked or contaminated, you have to stay in certain areas. To travel freely risks exposure. Totally the opposite of the reason the 'net was created... :o|

http://www.spywareinfo.com/harvest_project/members.php

I was really blessed to stumble onto this way cool website right from the start when EJRS.COM began 2 years ago. Even then with my limited understanding of html (4 days html crashcourse with my best friend), I knew that someone could hack in emails etc. So I immediately signed up with the HARVESTER PROJECT which I highly recommend every webdesigner on WPW to do (I even sponsored one of the buttons there, which you may prob end up using).

I won't go into detail as to how it works but the website will explain it to u in detail.

Knock em dead!!!

I am electing to use a Flash button for my email addresses from now on. The button will have the email address on it, but since it's a Flash .swf file, harvesters can't pick it up because the email is encoded in the graphic and the button.

Just one trick out of many...

Harvesters can't read it, and nor can people with disabilities using web reading software... :o(


What if one were to include the text of the email address to go along with the Flash button...?

So you would have the Flash email button then below it something in text like: "Email us our-email at domain dot com" Then those who are sight impaired would still get to have their assisting software read out that text but it wouldn't be in the typical email format, rather it would be all spelled out to also discourage harvesters from picking it up in text.

Would that be a solution to the accessibility you were talking about?

that is a good idea .. ie
email: mitch at webmaster dot com

that will be good for u at stopping harvesters.

some people disable flash, rather .swf so they'll have probs getting to know yr email.

if you look at http://ejrs.com/converters you will see I use a live help button. That way I don't need to advertise my email for spammers. Once a person needs my help I get their email and I can chose to offer my email then... It's awesome coz I get much less spam.

My site gets 15,000 hits a day, can u imagine how much spam i'd get a day if i advertised my email?

This attack as JayDrake indicated may have absolutely nothing to do with anyone using your server's resources. I own quite a few domains and am the webmaster for several others where the I receive the email in their "catchall" accounts. There's been several times over the last year, where one of my domains has been used as the "reply-to" address in spammed messages. I contacted my service providers immediately and they assured me that this type of activity is common place and that spam complaints are not considered valid.

The professional spammers do not want to receive the thousands of bounced emails when they sent out their junk. They use us as their trash cans. It usually stops after a few days, but what really irks me is that due to their spam messages, these bogus emails wound up on other folks "opt-in" lists. The only solution was to eliminate the catch-all accounts and just let them go off into cyberspace. To date, no spam complaints and I know in one case I had over 1,000 bounced emails come into one of my accounts.

The only solution to this email problem is eliminate the ability for spammers to forge email address headers and that the true originator of the email be determinable through the headers. If spammers can't hide behind their innocent victims then filtering and blocking can truly work.

Jim Gray
http://quikonnex.com

When someone was spoofing my domain for spam I looked their domain (the one the spam directed traffic to) up on whois.net so I could contact them and tell them to stop. The information there was incorrect (The city didn't exist, the area code didn't exist, the zip code didn't exist, email address returned my emails as undeliverable) So, I reported to ICANN that the domain was spoofing my account (which doesn't seem to bother them very much and is hard to prove as your evidence can be easily doctored) and that the contact info was faulty (THIS THEY TAKE VERY SERIOUSLY and can check with just an email.) The spoofer's domain was suspended about a month later.

It would be a different, more complicated procedure if the spammer was just an affiliate.

Sandy, would you please tell me the action code you apply to a Flash button instance to get it to recognize the email address? Thanks.

Sandy, would you please tell me the action code you apply to a Flash button instance to get it to recognize the email address? Thanks.

This is off the top of my head right now, I'd have to look it up to be sure, but I think I just used the "Get url" action and did the mailto:email@domain.net for the URL portion.

I could be wrong, but I think that's right. I will double check when I get a chance, or if someone else can verify if that is correct...

Sandy

Yes! That works! Thanks, Sandy. I wonder if I should worry too much re: viewers turning off the .swf????

If I may jump in here -

Incredibly, even ZoneAlarm has settings that will disable Flash scripts (.swf's).

I say 'incredibly' because .swf's are entirely safe. Any protection program has to be paranoid to turn off Flash.

Flash is a web standard and I think it would be a giant step backward to cave in to the paranoia and deny users the best content you can deliver.

There will be those who complain Flash is 'too flashy', etc., etc. We've come a long way from the days of Mosaic browsers - let's not go backward.

I say if users want to turn off JavaScript and Flash, then they get what they deserve. :)

I've got a few things to say about flash...


Incredibly, even ZoneAlarm has settings that will disable Flash scripts (.swf's).

I say 'incredibly' because .swf's are entirely safe. Any protection program has to be paranoid to turn off Flash.

Firewalls are not meant only to stop malicious code from getting to your computer, but also to filter out unwanted items as well. I like flash when I'm looking for fun flash things. I don't want to see it otherwise.


Flash is a web standard and I think it would be a giant step backward to cave in to the paranoia and deny users the best content you can deliver.

Flash is a standard, but it doesn't presently do well in conforming to w3c specifications. It would be nice to see a new version out soon that doesn't make developers jump through hoops to get sites to validate with more current specifications.

I think flash is a good thing when used properly, but it still needs some work.

Jay, Jay - I didn't think I'd be disagreeing with you so soon, but here goes..

First, I shouldn't have said 'web standard', I meant its a standard web-wise. It'll never meet w3c specs because it doesn't have to - it has its own interpreter although ActionScript is basically JavaScript.

Second, Flash isn't just for fun stuff, Flash can be and often IS used to deliver serious content. It has the advantage of not having to reload an entire page to go back to the server and read a database, etc.

Third, Firewalls ARE meant to prevent 'bad guys' and 'bad things' from reaching our computers - not meant to turn off bells and whistles without making us realize that is what they're doing.

When people setup a Firewall to be a bit paranoid, they're generally just trying to protect their computers. ZoneAlarm doesn't let them know that it's going way beyond that and turning off 'fun stuff' without any defensive reasons.

I love reading your posts and can't wait for you to tear my arguments apart. :)

[quote="agotoguy"]You can protect the email addresses on your web pages by using the following ... "Spam Bot Killer"...

Is there any way to also prevent the actual email address to appear, to have only text such as, "Email Us," that is clickable? Thanks.

What if one were to include the text of the email address to go along with the Flash button...?

So you would have the Flash email button then below it something in text like: "Email us our-email at domain dot com" Then those who are sight impaired would still get to have their assisting software read out that text but it wouldn't be in the typical email format, rather it would be all spelled out to also discourage harvesters from picking it up in text.

Would that be a solution to the accessibility you were talking about?

I don't see why that shouldn't work.

Really, we should surf from that kind of persons point of view. I don't know how their email software works - if it's not a mailto: then they could spell it incorrectly, if they have to tell the mail program what to do.

Server side contact forms are the strongest way, I think, of allowing people to contact you without revealing your email address, and if it's all in HTML anyone with specialised surfing needs should be catered for too.

real spammer jerks can hide their I.P.'s too.

Not only that but they pretend to be from someone else’s legitimate email so that any reporting gets that legitimate email user into trouble.

Here's some links to Spam Filters, Protection, freeware, etc.
http://www.downloads.ukprofessionals.com

Jay's right on the money, Alienz..

Here's a little script in PHP that'll give you the idea:

$from = "spam@yourdomain.com";
$email = "unwary@recipient.com";
$subject = "Spam";
$message= "This spam appears to come from yourdomain!\n";
mail("$email","$subject","$message","From: $from\nX-Mailer: PHP/" . phpversion());

It doesn't care what address you use for 'from'. The I.P. will show the actual server, but who'll bother to check that? By the way, the real spammer jerks can hide their I.P.'s too.

You really don't even need to write a server side script, all you have to do is set up an email account in Outlook (or whatever) with contact@whateverdomain.com as the "from" address.

I had my domain hijacked. I simply ignored the problem and it went away (of course I turned off my catch-all to avoid all the 'bounce' mail).

The open relay server is a whole 'nother issue. If you are the administrator of a SMTP server, configuring it to be open relay is providing spammers with a gateway to send their spam out anonymously (of course, you might have IP logs of who's using it) - it has nothing to do with someone spoofing your domain. If you don't know how to configure the server properly, well, you problably shouldn't be in charge of one.

If you are not the administrator of a SMTP server don't worry about it - it isn't your problem. Your domain name is equally unsafe either way. Like I say, one has nothing to do with the other.

BTW - I have my email set up like this:

Send mail to me#&64mydomain.com

64 is the ascii equivilant of @ so putting #&64 is the same as @

Not a perfect solution but is seems to do the trick. It isn't dependent on any kind of Javascript either.

When I switched from ISDN to ADSL, I was given some new e-mail addresses, which I have never used. First a spoofer started using one of them for Spam and stuff, and AOL blocked me. I closed that address down. Then another (or possibly the same) spoofer did it with another one of them.

The problems are too much for me. I can't explain to AOL from my computer, because they've blocked it, and when I contact them from other computers they ignore me. My ISP has tried contacting AOL, but they ignored them too. As you will realise, AOL's blocking includes a large part of the net (Netscape etc.)

I'm just an ordinary user, not at all techy, and have no idea how I can get AOL to understand that they are punishing me for being a VICTIM.

Any suggestions ?

The happysmoker wrote:

I'm just an ordinary user, not at all techy, and have no idea how I can get AOL to understand that they are punishing me for being a VICTIM.

It just perfectly goes with me too. I am recieving atleast forty mails everyday and the funny thing is the sender mentiones the "sender's name" as that of my full e-mail address! Whenever you block these address, in vengence, they multply these tricks, with more spams!

Is there any alternate left to an ordinary person who uses computer just for the personal purposes? I am sure many persons might have experienced this sort of spoofing, ultimately no result or Law bringing them to book.

Your spam filters & block sender's are all of a farce as nothing works to perfect.

Namasthe Everyone,
TRS Iyengar
www.trsiyengar.com