Roman Medina-Heigl Hernandez wrote:
What about creating a REJECT recipient rule for "abuse@", etc, with a
message like: "Mailbox disabled due to spam. Please, contact us by:
http://xxx/contact.php";.
This defeats the purpose of [EMAIL PROTECTED] if I get attacks from your
networks, and if your [EMAIL PROTECTED] doesn't work, I will consider
that you have no business sending mail. I will at no moment try to parse
your abuse auto-response and go to your web server.
Also, if your web server is owned, there is no point to refer people
telling you about it to the same owned web server.
And then having some kind of ticket system in
contact.php requiring at least a Turing test -aka Captcha- to accept the
new request?
This is wrong:
- captchas have usability/accessibility problems
- captchas are not secure. google will help you if you're not aware of this.
In this way you can still be contacted and you avoid typical
spam to known addresses (root@, postmaster@, webmaster@, ...).
if you have spam problems, use access controls and content filters. if
you can't, don't use email.
I've found that spam sent to role addresses is good for training (bayes,
local bl, ... etc) and this is easy to automate (less FP risks since no
luser behind).
Another idea would be: "Mailbox disabled due to spam. Please, contact us
at: [EMAIL PROTECTED]". And then having the real
support mailbox at [EMAIL PROTECTED] You could change this last
one from time to time (and updating REJECT message, of course).
sill y games don't help. they are quickly discovered.
