Spam Emails

Topics: ASP.NET 2.0, Business Logic Layer, Controls
Nov 25, 2010 at 3:43 AM

I'm being plagued by spam emails into my personal inbox. I have two separate domain names on my VM server, one for my live blog (1.6.1.0) and one for my business and both these domain names appear in the email headers. I'm copying one of the emails below (while disguising some of the info) I have created SPF filters but this doesn't seem to prohibit it. It looks like they are somehow spoofing via the comments? I have both AkismetFilter and TypePadFilter enabled to no avail.

Any advice or suggestions welcome.

------------------------------------------------------------------

Could not deliver message to the following recipient(s):

Failed Recipient: bbxiong1987@gmail.com
Reason: Remote host said: 550 5.1.1 http://mail.google.com/support/bin/answer.py?answer=6596 61si464961yhl.88

  -- The header and top 20 lines of the message follows --

Received: from MYSERVER (subdomain.mysite.com [xxx.xxx.xx.xx]) by MYSERVER.my-host.com with SMTP;
  Wed, 24 Nov 2010 18:04:26 -0800
MIME-Version: 1.0
From: CodersBarn.com <myaccount@codersbarn.com>
To: bbxiong1987@gmail.com
Date: 24 Nov 2010 18:04:26 -0800
Subject: New comment on ASP.NET 2.0 Guest Book - VS 2008 on Vista
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64

Q29tbWVudCBieSBDYWlybnM8YnIgLz48YnIgLz5JIFtyYXRlZHxsaWtlZF0gdGhlIFtvbGR8
cHJldmlvdXNdIFttb2RlbHx2ZXJzaW9uXSBbYmV0dGVyfG1vcmVdPGJyIC8+PGJyIC8+PGEg
aHJlZj0iaHR0cDovL3d3dy5jb2RlcnNiYXJuLmNvbS9wb3N0LmFzcHg/aWQ9M2U5YTdkZDgt
ZmFjOS00ZjAyLTk0MWMtZWE2OGQ4ODhkYjk1I2lkXzgyMjMyY2IwLTg2YzEtNDFjOC1iZDkx
LTVjOGMzNTM1MmZlYSI+QVNQLk5FVCAyLjAgR3Vlc3QgQm9vayAtIFZTIDIwMDggb24gVmlz
dGE8L2E+PGJyIC8+PGJyIC8+PGhyIC8+PGEgaHJlZj0iaHR0cDovL3d3dy5jb2RlcnNiYXJu
LmNvbS9wb3N0LzIwMDgvMDIvMTYvQVNQTkVULTIwLUd1ZXN0LUJvb2stVlMtMjAwOC1vbi1W
aXN0YS5hc3B4P3Vuc3Vic2NyaWJlLWVtYWlsPWJieGlvbmcxOTg3JTQwZ21haWwuY29tIj5V
bnN1YnNjcmliZSBmcm9tIGZ1dHVyZSBjb21tZW50IG5vdGlmaWNhdGlvbiBlbWFpbHMgdG8g
dGhpcyBwb3N0LjwvYT4=

Coordinator
Nov 25, 2010 at 3:52 AM

This looks like the email that gets sent out when you are leaving a comment and check the box "Notify me when new comments are added".

Someone is leaving a comment on a blog post you previously checked this box for, and you are now being sent an email notification that a new comment was left.

The comment notification emails are sent using a "From" address that you specify in the control panel settings.

Nov 25, 2010 at 4:15 AM

Hi Ben,

"...you previously checked this box for..."

I don't get it. These spam emails arrive by the dozen in my inbox, apparently originating from every post in my blog. In the example email copied above, it appears that someone tried to spoof an email from my account to a non-existent email address, bbxiong1987@gmail.com. A dozen or so of these to different non-existent email addresses would arrive together.

The entire spam configuration is really confusing and seemingly ineffective; I hope to put my 2.0 version live soon and see what happens then. Apparently, when I have AkismetFilter and TypePadFilter enabled, I am not supposed to empty the spam emails in admin? But if I don't do this I'm quickly overwhelmed when I'm logged and go to the comments section for a blog post - several of these spam emails are still showing as unapproved. Why would they even show there if they are already in the spam box in admin?

I have many questions on this but would really appreciate any links to resources on how these filters work.

Thanks for your help,

Anthony :-)

 

 

Coordinator
Nov 25, 2010 at 8:18 AM

We have this piece of documentation on Comment Management, but it was written for BE 1.6 or 1.6.1, so it is a bit outdated now.

In BE 2.0, I'm not completely up to speed with everything, but I believe it works better than in 1.6.1.  The main thing is that you don't need to keep spam messages around.  You can delete them.  But before doing that, under Settings -> Comment Rules & Filters, I would check the following boxes:

  • Automatically add IP Address of Comments you Approve to the white list.
  • Automatically add IP Address of Comments you Reject to the black list.
  • Block on delete

If you have these checked (especially the last 2), then if you mark a comment as spam by either clicking the Reject button or Unapprove button, the IP address of the commenter will be added as "blocked" in the list of Filters on the Settings -> Comment Rule & Filters page.  In the middle of the page is "Filters".  You can manually add items there too.  If you have those checkboxes checked, then when you Reject or Unapprove, the IP address will automatically be added for you.  You could then delete the comment permanently.  If you have "Block on delete" checked, then when you delete a comment, the commenter's email address is added as "blocked" to the same Filter list.  It could be redundant to have "Block on delete" checked since if you already Rejected or Unapproved the comment, the person's IP address will already be blocked.  Then deleting the comment would add a new record, blocking the person's email address.

Depending on which page you're on, sometimes the action is labeled "Reject", and sometimes it says "Unapprove".  These are actually synonymous.  They both mark a comment as spam.  So if you have "Automatically add IP Address of Comments you Reject to the black list." checked, then when Rejecting or Unapproving, the IP address of the comment will be added as "blocked" to the Filter list.

The part that says "add to white list if at least XX comments from this author have been approved" and "add to black list if at least XX comments have been rejected" ... these were in BE 1.6.1.  They only work if you leave the comments there without deleting them.  When a new comment is left, BE will check the existing comments to see if that author (their email address, I believe) has existing approved or rejected comments.  The first one (add to white list if at least XX comments from this author have been approved) seems meaningful since you will keep the approved comments around, and people that comment frequently will be auto-approved.  Because you will probably delete spam comments, the 2nd of these two options is less meaningful.

The "Filter" list described above will be particularly helpful.  Even if you delete a comment, etc, the list of blocked and approved IP addresses and email addresses will always be there.

For the spam services like Akismet, TypePad and StopForumSpam, these services are contacted last if other rules and filters do not first determine the comment to be spam or good.  For example, if you have an IP address blocked in the list of Filters, a new comment from that IP address will be marked as spam, and other checks such as Akismet are not run.

Hopefully this helps a little.  I believe this is all accurate information.