Introduction About Site Map

XML
RSS 2 Feed RSS 2 Feed
Navigation

Main Page | Blog Index

Tuesday, October 18th, 2005, 4:06 pm

BoxTrapper Problems

Dog scooping
Let a BoxTrapper handle the ‘poop’

bOXTRAPPERS are a mechanism for stopping large volumes of E-mail spam. The key idea is relatively simple as the following paragraph explains.

For each E-mail that comes in, require the sender to post a quick confirmation of his/her existence. The server sends the unknown sender a stub, which is then replied to as-is to complete verification. Once this is done for the first time, the sender is whitelisted and need never verify his/her identity again. Under this type of framework, untrusted senders must be accepted in order for their messages to be viewed immediately and not considered to be spam. And guess what? It works! BoxTrappers queues can be viewed periodically, just in case a genuine senders did not bother to get themselves whitelisted by replying to the verification request.

I have 3 BoxTrappers on this domains, but they are sometimes misused as spammers attempt to break them, much as they destroy anything where scams, links, and on-line shopping are involved. Spammers will often identify themselves using E-mail addresses of real people, who are not truly themselves, thereby causing traffic from the BoxTrappers (if not abusive mail from the spam recipient) to be sent to genuine innocent people and businesses. Moreover, I have recently come to grips with a trend where the spammers identify themselves as people coming from my own domain. They get whitelisted automatically in this way, so I guess they found a BoxTrapper weakness or loophole. Nonetheless, it remains easy to filter or identify such spam. It is only a shame that it can become visible by escaping the queue and thus be time-consuming.

These days, as I continue to edit this item, the spammers still manage to get past the BoxTrapper. Again, they do so by intentionally picking up E-mail addresses with my domain name, e.g. register@schestowitz.com. These come up with message bodies like “Please change you password, go to URL…” and with other username variations to register, e.g. webmaster, admin, etc.

As explained before, the domain name gets them automatically whitelisted, which is the core and very source of the trouble. These repeat almost on a daily basis (several times a day in fact) and I wonder how many Webmasters are gullible enough to fall for these scams, which I am convinced have become a widespread plague by now.

Comments are closed.

Back to top

Retrieval statistics: 21 queries taking a total of 0.149 seconds • Please report low bandwidth using the feedback form
Original styles created by Ian Main (all acknowledgements) • PHP scripts and styles later modified by Roy Schestowitz • Help yourself to a GPL'd copy
|— Proudly powered by W o r d P r e s s — based on a heavily-hacked version 1.2.1 (Mingus) installation —|