The danger of autoresponders
A friend of mine told me he was making an autoresponder for his main e-mail address. He thought it was a good idea. He was going to use it for a little promotion for his site.
Autoresponders was used a lot years ago. Even I had one. They were a good tool for certain things.
But today the situation is quite different.
Scenario:
1) You’ve got a promotional autoresponder you’re quite proud of. It highlights your website in a beautiful way.
2) The address your autoresponder is hooked up to gets harvested by spammers, and you start receiving spam.
3) One of the spammers favors using the e-mail addresses or catch-all domains belonging to innocent third parties as from addresses.
4) Those third parties receives your beautifully crafted autoresponders
5) One or more of those third parties reports you as a spammer…
July 26th, 2006 at 6:56 pm
All good points! And I learned through unfortunate experience that there’s another peril in using autoresponders: that bad guys will find out your primary e-mail address.
I used to be adam@OldDomain.com. That address got spammed to hell, so I decided to basically scrap it and go with adam@NewDomain.com. I was even careful to *never* use this new address on any Web form, or for communications with anyone other than friends and family.
Or so I thought. In a moment of utter stupidity, I set up an autoresponder on the old address telling people that it had been closed down and to please write me at my new address.
So of course, not only did a handful of 409 (Nigerian) spammers take me up on the offer (writing me at my new address), they also ever-so-kindly added my new address to various spam lists… so within a month or two, my new address became clogged with the ol’ familiar crap involving various penile-extension offers, mortage “deals” and so on
.
Two addresses nastily sullied. Quite a shame
.
July 27th, 2006 at 3:17 am
Heh, cpanel used to have this option where you could insert a short message that would be included in the bounce when you retired an address. I included a message to go to my site and find my new address. And my address is currently only in image form, plus a formmail with the address encoded in the script so it’s impossible to get it out. Looks like some spammer actually READ that image and harvested my address that way. Either that or they harvested it from someone’s computer who’d e-mailed with me.
No matter what you do, the spammers are very likely to get hold of your address sooner or later.
July 27th, 2006 at 11:01 am
My friend had setup autoresponder recently. Unfortunatelly she was receiving some automatically generated notification messages. Quite a lot of them. All autoresponders were delivered by apache@ alias into my mailbox. And yes, she is blonde.
Much wider problem are delivery status notification messages (bounces) generated by receiver’s server. And I mean such things like “user unknown”, “over quota”, “due to spam I’ve changed my mailbox”. Due to joe-job on my domain I have learned that many Exchange and Lotus Domino servers are poorly configured. I can’t present any proof of that but I believe that many postmasters don’t know much of their systems. They just got a system out of the box (like favourite cpanel of you Ann) and think that it will run forever without touching. Their bosses think, that if they have such smart systems they could hire a monkey to maintain these. Both are wrong.
I don’t know why but I feel that education of many postmasters, and people maintaining abuse@ mailboxes stopped ten years ago - I couldn’t convince abuse at commando de that chalenge-response is bad. Shame on them.
July 27th, 2006 at 3:36 pm
Got to agree with Lemat, learned a lot when I set up my own mailserver. Admins should ficker some with their own systems, till then keep lousy setups offline, someone should as a matter a fact oversee that. ISP’s should be harder on killing ppls hotlines, and continents that starts with “A” should not even have ISPs.
My own spamfilters bans at the minimum 200 IP’s a day from countries within Africa and Asia and I refuse to bend over and insert any sort of passwords or images with letters to let my visitors leave a comment or follow up on discussions.
August 22nd, 2006 at 3:26 pm
Spammers are evils, but autoresponders/bounces are Hell. Since some days, I am receiving around 10000 email on my private webserver, just because of antispam-filters that bounce the messag back to the “from” email adress.
Autoresponders are shit, and the one who use them are monkeys. Stupid antispam-protected monkeys.
It was good to say it, thanks !
xavier