Matthias Hertzog wrote:
Hi Folks!
We're facing a growing amount of automatically generated HTTP POST requests, all containing spamvertising links like http://19.altribeati.com/homoerectus/
As far as i know, there are the following ways to handle that:
a) Spamfilter of recipient shall filter that
Thus you want to be a spam source? :) Listing this as option Z would give you some credit as simply having thought of it, having it as option A though doesn't give you the benefit of the doubt...
b) Web-user has to enter a unique number (generated image) in the form to prove, he's a human being.
Captcha's are easily defeated. But they indeed deter a bit. See http://sam.zoy.org/pwntcha/ for more details. There have been people claiming that it is discrimination against folks who have bad sight/blind etc as they won't be able to complete it. But one can then easily claim that Flash also falls in that slot ;)
c) Badword-Filtering in the formmail-script, some reqular expressions a.s.o.
Effectively what you want to do is run SpamAssassin over the submitted content.
Does anyone out there has better ideas? How have you solved that problem?
What about not having stupid scripts like formmail!? There are only very few cases where this can be useful and in those cases the destination address should be fixed. Then at least the person who is using the script gets the crap and not other people.
There was a similar question on NANOG last couple of days, where somebody was wondering how to block the webcafe's downstream from spamming: top it at the source. In your case that is clearly the formmail.
Greets, Jeroen