North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP wants to stop outgoing web based spam

  • From: Gregory Kuhn
  • Date: Wed Aug 09 12:21:46 2006

Ken Simpson wrote: 
Maybe I'm just an ignorant e-mail postmaster. I thought that
nearly all e-mail was (E)SMTP-based (LMTP excepted).

If it doesn't use the SMTP protocol, it's not reaching any
mailbox. HTTP is a web browser protocol. WebMail gets converted
by the web server and is subsequently routed using SMTP.


I think he's talking about blog spam, which is definitely submitted
over HTTP.

I think that the person who started this thread is talking about spam coming from the wide variety of old, poorly written form handler scripts and other programs that at some point in the program talk to the mail program on the web server and thus allow an attacker to hijack said script for the purpose of using that script to amplify their spam message(s).

As a web hosting provider I have had to shut down numerous scripts on my client's websites because of this reason.

The question that I think is being asked here is how does one go about ensuring that email coming from a web form is actually a valid contact email and not a spam amplification attack. If there are measures that can be taken, what are those measures?


Gregory Kuhn
Coast to Coast Hosting