Help, I'm a spammer! - Community Building and User Generated Content forum at WebmasterWorld - WebmasterWorld

Forum Moderators: rogerd

Message Too Old, No Replies

Help, I'm a spammer!

(...well, at least according to Yahoo)

yosmc

12:37 pm on Feb 20, 2008 (gmt 0)

10+ Year Member

As of recently it seems that the notifications sent by our forum end up in Yahoo's bulk mail folder once again. That struck me as odd, because we have domainkeys implemented, so Yahoo should really only judge us for our own actions, and not for the spam sent by someone else with a fake reply-to address. And no, we don't spam - or so I thought.

After looking a bit closer I noticed that spammers don't only send spam with fake sender emails, they also sign up to forums using some random email address they got from a bulk email CD. And what happens when someone with the name of WIAGRAAA signs up for our forums using the email address of innocent@joe.com? Innocent Joe gets an activation email from *us*. Quite clearly, that's SPAM - the email that was sent was never requested by him (unsolicited!), and it has our mail server credentials on it. Joe reports the mail as spam, and there we are, labelled as spammers. I'd even go so far to say that using Domainkeys makes things worse, because it "proves" that we are the actual senders of this kind of forum signup spam.

Does anyone have the faintest clue how to solve this problem? Dump activation emails altogether and rely on captcha only?

rogerd

1:49 pm on Feb 20, 2008 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

Trying to work with the big sites to get whitelisted is one way to fight this. Bogus registration emails are rarely the problem - usually, it's notification emails. Members sign up for new post notifications in various forums and threads, and then don't bother to unsubscribe. Instead, they report them as spam. Lazy morons? Yes. Problem for community sites? Absolutely.

jtara

5:09 pm on Feb 20, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Innocent Joe gets an activation email

Please clarify what you mean by "activation email".

Is this a notification that the account is set-up and ready to use, or is it a request for verification?

If it is a request for verification, (typically by clicking on a link containing a code) then it should clearly state that "somebody" signed-up at your forum with this email address, and it might have been a mistake. This should make it clear that the message is not spam. It should say that if this is not the person that signed-up, they need do nothing, and the account will not be activated, and they will receive no more email from you.

I would also make sure that there is a response address - even though you don't require a response to delete the mail. Nothing gets some users blood boiling more than an email saying "do not respond to this email, automated, blah, blah, blah".

It is is NOT a request for verification, why isn't it? Nobody should be activating accounts without a response to an email these days. If you require verification, your site is useless to spammers. (But unfortunately, spammers don't seem very concerned about wasted effort...)

yosmc

7:50 pm on Feb 20, 2008 (gmt 0)

10+ Year Member

@rogerd: I'd consider that a legend - or has it ever been proven? I've *heard* as well that that may be the cause, but I have my doubts. Thinking about it myself, I would never flag notifications by a forum I post in as spam (simply because it's *not* more convenient than unsubscribing - well ok, webmasterworld may be an unfortunate exception). The emails by a forum I've never been to I would, though, especially if I receive more than one of those from different sites.

@jtara: Sure, those are requests for verification. Again, here I'm only judging by my own approach: when I get spam by a site I've never been to, I don't care if it says that "someone" signed me up and that it all may be a mistake (isn't that what spam mails always say?). If it looks like spam and feels like spam, I'll tag it, no matter what the exact wording.

Today I received a real spam mail that made it past my filter. It contains the access data for a site I've never been to. Seriously, how are people supposed to tell the difference? It's really an OLD, OLD scam technique.