Hi Robert,
The information I got from the logs tells me that the spam mail was sent manually by copying several hundreds of e-mail addresses to the bcc field.
I think it's very hard to use RoundCube for automatic/scripted spam sending because you need to have a valid session which is checked by a cookie and the session hash within the URL. After sending a message, you have to reload the compose page to get a new "sending session". Of course one could write a script doing right that but it would be very complicated and you could also write it for GMX or Hotmail accounts.
I planned to add some spam-protection functions such as a limit for recipients and checking the time since the last message was sent.
Regards, Thomas
Robert Copelan wrote:
Thomas, Was the demo site being used to manually send spam mail or was it being used by an automatic program? If an automatic program, are there steps we should take with our existing installations to reduce the possiblity of spam?
Regards/MfG,
Robert
Hi,
People do write scripts that will work through all the 'security' that you place in your script. It is very easy and once you do it enough times you can pretty much reverse engineer even really complicated sites in just a few hours(our business freindly term is 'integration'). We combat spam senders by limiting the amount of email that can be sent by untrusted accounts and never giving email away.
Jimmy
Thomas Bruederli wrote:
Hi Robert,
The information I got from the logs tells me that the spam mail was sent manually by copying several hundreds of e-mail addresses to the bcc field.
I think it's very hard to use RoundCube for automatic/scripted spam sending because you need to have a valid session which is checked by a cookie and the session hash within the URL. After sending a message, you have to reload the compose page to get a new "sending session". Of course one could write a script doing right that but it would be very complicated and you could also write it for GMX or Hotmail accounts.
I planned to add some spam-protection functions such as a limit for recipients and checking the time since the last message was sent.
Regards, Thomas
Robert Copelan wrote:
Thomas, Was the demo site being used to manually send spam mail or was it being used by an automatic program? If an automatic program, are there steps we should take with our existing installations to reduce the possiblity of spam?
Regards/MfG,
Robert