ISP wants to stop outgoing web based spam

• Previous message (by thread): ISP wants to stop outgoing web based spam
• Next message (by thread): ISP wants to stop outgoing web based spam
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ken Simpson wrote:
>> Maybe I'm just an ignorant e-mail postmaster. I thought that
>> nearly all e-mail was (E)SMTP-based (LMTP excepted).
>>
>> If it doesn't use the SMTP protocol, it's not reaching any
>> mailbox. HTTP is a web browser protocol. WebMail gets converted
>> by the web server and is subsequently routed using SMTP.
> 
> I think he's talking about blog spam, which is definitely submitted
> over HTTP.

I think that the person who started this thread is 
talking about spam coming from the wide variety of 
old, poorly written form handler scripts and other 
programs that at some point in the program talk to 
the mail program on the web server and thus allow 
an attacker to hijack said script for the purpose 
of using that script to amplify their spam message(s).

As a web hosting provider I have had to shut down 
numerous scripts on my client's websites because 
of this reason.

The question that I think is being asked here is 
how does one go about ensuring that email coming 
from a web form is actually a valid contact email 
and not a spam amplification attack.  If there are 
measures that can be taken, what are those measures?


Gregory Kuhn
Coast to Coast Hosting

• Previous message (by thread): ISP wants to stop outgoing web based spam
• Next message (by thread): ISP wants to stop outgoing web based spam
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]