473,249 Members | 1,866 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,249 software developers and data experts.

SMTPsvg.Mailer error

I'm using a block of ASP to allow a user to send a form via e-mail.
However, someone keeps sending me spam through this form
and they're using a bogus return address. I'm testing for a
successful send, which should fail if the return address is
not valid, but I'm still getting the junk.
The block looks like this:

Set Mailer = Server.CreateObject("SMTPsvg.Mailer")
Mailer.RemoteHost = "smtp.xxx.com"
Mailer.FromName = Request.QueryString ("Name")
Mailer.FromAddress = Request.QueryString ("Email")
Mailer.AddRecipient "Web Mail", "PC**@xxx.com"
Mailer.Subject = "P.C.T. E-mail"
Mailer.BodyText = UserString
if Mailer.SendMail then
Response.Write " - Sucessful - "
else
Response.Write " - Failed - "
Response.Write Mailer.Response
end if

Should this block be stopping bogus From addresses?
Or do I need to be doing something different?

Jan 27 '07 #1
4 6581
Mike wrote on Sat, 27 Jan 2007 12:13:00 -0800:
I'm using a block of ASP to allow a user to send a form via e-mail.
However, someone keeps sending me spam through this form
and they're using a bogus return address. I'm testing for a
successful send, which should fail if the return address is
not valid, but I'm still getting the junk.
The block looks like this:

Set Mailer = Server.CreateObject("SMTPsvg.Mailer")
Mailer.RemoteHost = "smtp.xxx.com"
Mailer.FromName = Request.QueryString ("Name")
Mailer.FromAddress = Request.QueryString ("Email")
Mailer.AddRecipient "Web Mail", "PC**@xxx.com"
Mailer.Subject = "P.C.T. E-mail"
Mailer.BodyText = UserString
if Mailer.SendMail then
Response.Write " - Sucessful - "
else
Response.Write " - Failed - "
Response.Write Mailer.Response
end if

Should this block be stopping bogus From addresses?
Or do I need to be doing something different?
That mailer component cannot verify if the from address is valid or not - to
do so would require it to connect to the destination server for that domain
and then determine if the address exists; either start a dummy SMTP
conversation sending to that address and looking for an error response, or
and use the verify command to ask if the address exists - although most
servers that support ESMTP should have the VRFY command disabled if they
have any sense, as it can be used to pull a list of valid addresses from a
server using a dictionary scan. What would happen if the server was down?
Would you want the message rejected? What if the message was legitimate, but
the person's ISP was having some mail server issues at the time?

There really is very little you can do to block someone spamming you this
way if they're persistent. You could look for specific strings in the
UserString variable and reject on that (such as web addresses, or certain
words). You could add a random number + check digit as hidden fields, and
have your code verify that they match before accepting the rest of the
data - this prevents direct use of the form from a script, but won't prevent
one that pulls the form HTML from the server prior to generating the
necessary POST data string to send back to ensure it's complete.

I've had problems with spam to a customer comment system on one of my own
sites in the past; luckily all comments require admin moderation before
being published to the site, so the spam never got displayed to the public -
I used a combination of variable inspection (rejecting all submissions that
had a URL in the title, which most of the spam ones did), and the random
number + check digit (which stopped the ones that didn't have a URL in the
title field, but were being posted from a script).

Dan
Jan 29 '07 #2
Thanks for the reply.
I was considering the random number scheme previously,
but I don't know if the spammer is sitting at the keyboard
or if it's automated. Two months ago, he sent 30 messaged
in a single day (twice), and I don't know why an automated
system would do that, nor why someone at the keyboard
would waste that much time.
For the time being, I've disabled the mail handler page.

Jan 29 '07 #3
Mike wrote on Mon, 29 Jan 2007 09:11:02 -0800:
Thanks for the reply.
I was considering the random number scheme previously,
but I don't know if the spammer is sitting at the keyboard
or if it's automated. Two months ago, he sent 30 messaged
in a single day (twice), and I don't know why an automated
system would do that, nor why someone at the keyboard
would waste that much time.
For the time being, I've disabled the mail handler page.

Do these comments get posted anywhere on a web page? If so, and the spam is
full of URLs, it's being done to increase the number of links back to the
URL, and in doing so will increase Google Page Rank. This is what was being
done on my site, and the random number field plus filtering on URLs stopped
it dead. It probably is automated, it's pretty easy to write a script that
navigates sites looking for forms that ask for a set of information (such as
"email address" and "comment"), and then post to them using the form data as
it was presented at the time the form HTML was retrieved. What you need to
be careful of is that even here the random number + check digit will allow
the form to be posted unless your random number and/or check digit
calculation is also site time dependent. For instance, factor in the current
date into the calculation somehow.

Dan
Jan 30 '07 #4
"Daniel Crichton" wrote:
Do these comments get posted anywhere on a web page? If so, and the spam is
full of URLs, it's being done to increase the number of links back to the
URL, and in doing so will increase Google Page Rank. This is what was being
done on my site, and the random number field plus filtering on URLs stopped
it dead. It probably is automated, it's pretty easy to write a script that
navigates sites looking for forms that ask for a set of information (such as
"email address" and "comment"), and then post to them using the form data as
it was presented at the time the form HTML was retrieved. What you need to
be careful of is that even here the random number + check digit will allow
the form to be posted unless your random number and/or check digit
calculation is also site time dependent. For instance, factor in the current
date into the calculation somehow.
The comments don't get posted anywhere, they're just e-mailed to me.
But they include links to porn and pills web sites, so I guess he thinks
they're posted somewhere. I wonder if changing form text and variable
to nonstandard wording would throw off his bot?

Jan 30 '07 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Raphael Gluck | last post by:
Hi all I am still finding my feet creating a website in ASP, and i'm trying to get to grips with users providing feeback to my site. my webhosts have the dundas mailer installed, and i am trying...
2
by: John Davis | last post by:
What is the **MOST** obvious reason why will this will fail (it's not syntax or anything specific to the object)? Function Mail(MailerProgram, Message, Subject, Format, FromEmail, ToEmail,...
1
by: Beyza | last post by:
Hi, I have a problem. One of my customer used to use php mailer in her web page. But when i changed something in the system (php packages) , it was broken. If she use php-mailer in her system,...
4
by: Al G | last post by:
Has anyone played with MS's SMTP sample, mailer.exe? I downloaded the sample, and ran it, but keep getting the error "Failure sending mail". Where might I look for more information? Maybe some...
0
by: askzda | last post by:
Hi, Can somebody pls help to solve above problem. I have used dundas mailer for my mailing part in my asp script, but the an error occured during sending the mail. Error that is prompted out just...
0
by: ajadon | last post by:
I need help.... I bought SMTPsvg.Mailer and tried to use it on my server. I always get the error number 554 - No recipients have been specified. I know it all has to do with the SMTP...
6
by: Dave Kelly | last post by:
Sorry for the long post, it is easier to discard information than to have to wait for it to arrive. So here goes: This code worked perfectly when I was an Earthlink customer. Sprint decided...
5
by: neovantage | last post by:
Hey all, I am using Swift mailer and i am getting error "Fatal error: Uncaught exception 'Swift_RfcComplianceException' with message 'Address in mailbox given does not comply with RFC 2822,...
9
by: neovantage | last post by:
hey geeks, I have a small mail script which will cause a PHP script to send a receipt upon clicking the submit button, by an HTML mail. This mail contains special characters, namely '', '' and...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, youll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: marcoviolo | last post by:
Dear all, I would like to implement on my worksheet an vlookup dynamic , that consider a change of pivot excel via win32com, from an external excel (without open it) and save the new file into a...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.