I’ve checked my profile on the CIOB website and have specifically opted out of third party mailings, so no consent has been given.

So either their membership records have been hacked or they’ve gone against my wishes.

So does that mean someone’s hacked their customer database or is it just a bizarre coincidence that someone has managed to combine their site name with one of my domain names? Hmm…

First half of 2008 (up to 30 June 2008):

227659 e-mails received (plus the GMail ones).

211699 spams filtered by MailWasher Pro.

93% spam.

Second half of 2008 (up to 30 December 2008):

62,319 e-mails received (plus the GMail ones).

41,672 spams filtered by MailWasher Pro.

66% spam.

Combined

289,978 e-mails received (plus the GMail ones) [356,032 so minus 19%] .

253,371 spams filtered by MailWasher Pro [319,499 - minus 21%].

87% spam then.

Commentary

The headline figures look good, but that split is what’s important. Basically in June 2008 with my spam stats. looking like heading for another record, I decided to kill my “catch-all” e-mail set-ups and painstakingly create all legitmate mailboxes and aliases. And with that, the spam stats. have come down dramatically.

On the BBC’s breakfast news show this morning, they even had voxpops from people saying how they received so many junk e-mails. I bet.

I love this bit too from the BBC News article:

“If I’m out for the day I will receive around 80 e-mails.
Bigjeeze, Bournemouth, UK”

They should be so lucky! My stats for last year showed I received on average 875 definite spam messages every day out of an average 975 e-mails each and every day of the year!

Her Majesty, Queen Elizabeth II
Queen of England
Buckingham Palace
London SW1A 1AA, England.
********************************

ATTN: Winner

Your Ticket number: 56475600545/012 with Serial number 5368/05 drew
the Lucky number: 86.

On behalf of the Queen of England, we are pleased to notify you
that your email has won in the Annual Christmas free Internet Lotto
Sweepstakes and as a result you have been granted the lump sum payout of
£500,000 GBP which is equivalent to $917,956.00 USD.

To file for your prize, please fill and submit the claims processing
form to:

*********************************
Mr. Perkins Oliver
Email: perkinsoliver@yahoo.co.uk
Telephone: +44 702 402 4689
Fax: +44 707 502 4610
**********************************
CLAIMS PROCESSING FORM:
1 Full Names:
2 Address:
3 Age:
4 Sex:
5 Marital Status:
6 Occupation:
7 Phone numbers:
8 Country:
9 Email:

We advice you to contact your claims officer as detailed above
immediately to avoid Claims deadline.

Congratulations,
Mrs. Sarah Wilfred for
Her Majesty, Queen Elizabeth II
Queen of England.

So Betty’s running a sweepstakes now, is she? Excellent. And handy to tell me where she’s Queen as well, just in case I’m not sure. And she’s making 50p per minute on accepting any incoming calls and faxes! Anyone would think this might be a scam

Still, Bennetts are a bit like herpes: once you’ve been there, you keep being reminded of the fact. In their case, it’s because they’ve sold the Bennetts-specific e-mail address to anyone and everyone, it would appear. Perhaps it’s their very carefully worded “privacy” policy:

“BISL Limited, part of the BGL group of companies, which also trades as Dial Direct and Budget and other carefully selected companies may use your information to keep you informed by post, telephone, e-mail or other means of products and services which may be of interest to you. They may also contact you to conduct market research.”

“Carefully selected”? My arse! The selection process must go like this:

Spammer: “Can we buy your e-mail database?”
Bennetts: “Yes.”

So that’s another company on the blacklist.

If I started to receive Spam to one of these addresses, it was easy enough to set up that e-mail address as a null mailbox so that any Spam would get nuked.

But the Spammers then decided to start using anynumbersandletters@mydomain e-mail addresses to Spam or unscrupulous(!) list sellers would simply make them up and add them to their x million e-mail address lists. So the Spam would increase.

And then they decided to forge the From: addresses using their made up e-mail addresses so not only do you receive the Spam, but you also receive all the bounce messages too.

Which is why I came back yesterday evening to find 7400+ bounce messages waiting for me, the majority of which were sent to one old domain name. So I then had to use Google Desktop Search to find all the e-mail addresses I’d used with that domain name and do the opposite of what I’d always done: kill the catch-all setting and set up new individual addresses.

All because of some bunch of lowlife scum…

So how about a workaround?

Firstly, you need to create an external Javascript file with this code (amended for your own needs, obviously):


function obfuscate() {
var ppclink = "Click here to e-mail us";
var ppcname = "nospamthanks";
var ppchost = "yourdomainnamegoeshere";
document.write("<a href=" + "mail" + "to:" + ppcname + "@" + ppchost + ">" + ppclink + "")
}


NB: the “@” sign is represented in the code as “& # 64 ;” with no spaces.

Save it as something like emailobfuscator.js and upload it to your server.

Then in the post or the page you want to include it in, add the following code:

<script type="text/javascript"
src="/scripts/emailobfuscator.js" mce_src="/scripts/emailobfuscator.js">
</script>
<script type="text/javascript">
<!--
obfuscate();
//-->
</script>


You will almost certainly want to uncheck the “Use visual editor when writing” checkbox in your User options before this will work.

And the finished result should look like this:

So I looked at the web stats. for that site and discovered that nearly all the traffic was coming from a site in China. I followed a couple of the referring links and found that the pages were basically just generating page after page of potential search terms with embedded news feeds presumably to serve ads. on those pages.

That does beg the question that if they are intelligent to code those pages or that system, why aren’t they intelligent enough to simply add the scripts to their own site and serve them from there?

Now my site is hosted on a regular Linux box running Apache Web Server, so it was a fairly straightforward task to simply block all traffic from that domain name using an .htaccess file with this code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://(www\.)?baddomain\.com [NC]
RewriteRule .* - [F]

So the next day when I checked the stats., there were many thousands of Failed Referrer entries where the code was no longer being leeched by them. Job done!

But it did then appear that my site had some particular attraction to them because they then started running the scripts on a different domain! Now, my first thought was to simply amend the .htaccess file to read as follows:

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://(www\.)?baddomain\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?anotherbadone\.com [NC]
RewriteRule .* - [F]

But I realised I could end up playing cat and mouse with them for life, so instead I have now set the .htaccess file to only allow specific referring domains access to the scripts by using this code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?gooddomain\.co\.uk [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?anothergoodone\.com [NC]
RewriteRule .* - [F]

By adding the “!”, the expression now says “if the referrer is not gooddomain, then…”. The only difficulty for me then is making sure there are matching entries for all the legitimate referrers (trickier as one of the sites has multiple domain names).

We’ll see how we get on with this.

[edited to add]

And lo and behold! The blocking is working well, especially as the Leecher in question, hosted by NetEase.com, Inc., has now started doing it with a third domain name.

“Thanks for your email. The “Mark as Spam” feature is there to help us recognize messages which are spam. If you see any comments which are spam, please click on “Mark as Spam” and the comment will be removed from the site. This helps us keep the site clean and spam free.”

Now, maybe it’s just me, but when I upload videos I allow comments but only if they’re approved by me, i.e. I get a notification of a comment, go to the video and approve or delete them or indeed mark them as Spam. In my case, the reply that “the comment will be removed” doesn’t appear to be correct. When I mark a comment as Spam, it shows as being marked that way, but as soon as I reload the video page or log out and log in again, the comment is still there awaiting approval and has to be manually deleted.

So what’s the point in marking the message as Spam, especially as they’re almost exclusively from “fire and forget” YouTube accounts? All it does is make more work for me.