Comments on: Declaring independence from spam attacks

By: Tim McCormack

Tim McCormack — Sun, 12 Aug 2007 18:46:31 +0000

Haha, rock on! This is a great solution.

By: Matthew

Matthew — Sat, 04 Aug 2007 22:53:58 +0000

This is completely awesome. It’s a novel solution to the issue.

(Could you guys put this in the FAQ? I just sent you a service request on this after I didn’t find information about “email sending” in the FAQ.)

Once we finish tweaking it, which should be soon, we will definitely add some information about it to the FAQ. -jdw

By: Peter Sandersen

Peter Sandersen — Tue, 31 Jul 2007 18:02:57 +0000

Just curious how this affects email privacy, you mention you’ll check it out.. does this mean there’s a ‘small’ possibility that our email will get read by you?

Not meaning to be a prick, I’m just curious, you guys run a great service 🙂

P.S. Just an idea / suggestion, do you guys run outgoing mail through a spam filter, and if over X amount (or X%) is flagged then investigate? I think that’s what my ISP does IF I remember correctly and it seemed like a good idea.

[If your site is suddenly sending out a huge volume of mail, then yes, there’s a small chance that one of them will get manually reviewed. However, similar to your suggestion, the first thing that’s done in such a case is that a random sample of the messages will get run through the open-source program SpamAssassin, and we’ll look first at the automated analysis generated by that. This step exists specifically to protect your privacy. Only then, if it does appear to be a spam issue, will we read one message to confirm and identify key spam phrases (e.g. “viagra” or “late Nigerian bank official”) and have matching messages automatically dequeued. SpamAssassin is a pretty effective program which lets us have a high degree of confidence that you’re being abused before we proceed.

Note that this applies only to email messages sent scripts on your web site, not our email forwarding service. The content of messages that pass through the email forwarding servers is never manually reviewed.)

It’s a fair question, but we have zero interest in violating your privacy by reading mail sent by your site, and take every precaution to avoid doing so unless apparent spammer activity demands it. -jdw]

By: Douglas Muth

Douglas Muth — Tue, 17 Jul 2007 20:31:04 +0000

Rate limiting is full of win.

BTW, I had no idea that you’ve been involved with spamfighting since the very beginning. That is all sorts of awesome.

By: Nick

Nick — Sat, 14 Jul 2007 15:35:05 +0000

For when I catch up on my website development: Does this alleviate your very reasonable concern about contact form security against spamming by unknown senders through a form? I’ve thought of installing a contact form and I’m not sure I know where to find one that meets your security needs. (What I do now is state my Yahoo email address on my pages and maybe I’ll let people email me via my websites through NFSNet forwarding, but a contact form still seems good if security can be assured.) If this does not alleviate your concerns because some abuses are still possible-to-likely, I don’t want to rush or risk it. Thoughts? Thanx.

This feature mitigates the damage caused by spammers who exploit vulnerable PHP forms, but it is by no means a substitute for proper security and due diligence. We will still have to suspend a site’s ability to send email if a vulnerable form is discovered. -jdw

By: maphew

maphew — Sat, 07 Jul 2007 10:33:22 +0000

thanks jdw!

your efforts past and present to stop those parasites that rob the ‘net of vitality and clog the communications arteries are much appreciated.

By: dsymonds

dsymonds — Thu, 05 Jul 2007 05:56:55 +0000

Your last name is “Wheelhouse”? For some reason I just didn’t expect that.

I know, I know. Everyone expects my name to be Jeff Bofh for some reason. 😉 -jdw