Let a BoxTrapper handle the ‘poop’

OXTRAPPERS are a mechanism for stopping large volumes of E-mail spam. The key idea is relatively simple as the following paragraph explains.

For each E-mail that comes in, require the sender to post a quick confirmation of his/her existence. The server sends the unknown sender a stub, which is then replied to as-is to complete verification. Once this is done for the first time, the sender is whitelisted and need never verify his/her identity again. Under this type of framework, untrusted senders must be accepted in order for their messages to be viewed immediately and not considered to be spam. And guess what? It works! BoxTrappers queues can be viewed periodically, just in case a genuine senders did not bother to get themselves whitelisted by replying to the verification request.

I have 3 BoxTrappers on this domains, but they are sometimes misused as spammers attempt to break them, much as they destroy anything where scams, links, and on-line shopping are involved. Spammers will often identify themselves using E-mail addresses of real people, who are not truly themselves, thereby causing traffic from the BoxTrappers (if not abusive mail from the spam recipient) to be sent to genuine innocent people and businesses. Moreover, I have recently come to grips with a trend where the spammers identify themselves as people coming from my own domain. They get whitelisted automatically in this way, so I guess they found a BoxTrapper weakness or loophole. Nonetheless, it remains easy to filter or identify such spam. It is only a shame that it can become visible by escaping the queue and thus be time-consuming.

These days, as I continue to edit this item, the spammers still manage to get past the BoxTrapper. Again, they do so by intentionally picking up E-mail addresses with my domain name, e.g. register@schestowitz.com. These come up with message bodies like “Please change you password, go to URL…” and with other username variations to register, e.g. webmaster, admin, etc.

As explained before, the domain name gets them automatically whitelisted, which is the core and very source of the trouble. These repeat almost on a daily basis (several times a day in fact) and I wonder how many Webmasters are gullible enough to fall for these scams, which I am convinced have become a widespread plague by now.

This entry was posted on Tuesday, October 18th, 2005 at 4:06 pm and is filed under Technology. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.