#1 2023-10-27 1:12 pm

smileBeda

Member

Registered: 2023-10-27

Posts: 3

I cannot submit spammers to the DB

... and as I found out reading other topics in the forum, it appears I must Submit a username, email and IP of the spammer.

However, that is impossible:
- I run a blog where users can comment without login
- I run a contact form where users can contact without login

I have emails and contents of the (real, severe) spammers.
Only about 2 of the 103 emails I have are stored in the StopForumSpam DB.
Thus I wanted to share the emails I have with the DB but apparently this is not allowed, I found after digging a few threads here in the forum (it is not stated on the api where the POST calls are described, which first let me a bit lost)

Can someone clarify for me if my assumption or understanding is correct and if not, how I can submit the emails of these spammers?
I have proof they are spammers. Just not their IP or Username, as A) pretty much useless in my current use case (but I guess I could dig them up from server logs), and B) inexistent.

Thanks!

Maikuolan

Member

From: Perth, Western Australia

Registered: 2011-08-09

Posts: 799

Website

Re: I cannot submit spammers to the DB

Other platforms exist elsewhere where you can submit email spammers, but you can't submit them here at Stop Forum Spam. (Hence the "Forum" part in the name: This platform here is intended primarily for dealing with forum spammers). In order to submit spammers here, it must be because of spam (i.e., if the reason for submission isn't because of spam, you can't submit it here), and you must have all three required datapoints (username, verified email address, and IP address). Without all three datapoints, it isn't suitable for submission here.

That "verified" part is important, too. If you don't require people to be registered or logged in prior to posting at your website, chances are more than likely than any email address they may include in such posts isn't verified, either (which means, they could cite some fake, non-existent email address, or an email address belonging to someone else, someone innocent, which has nothing to do with the spammer in question). So, it's important that email addresses be verified (typically, during the registration process for any given website, some kind of verification email will be sent out to the newly registered member, containing a link which they must click on, in order to verify their account, which also serves as proof/verification of their email address, that it's real and belongs to them).

If the IP address is known, you could submit the spammer to AbuseIPDB. They deal with a number of other kinds of traffic, beyond just spam, and only require one datapoint (the IP address). Relative to SFS, that's both a good thing and a bad thing at the same time, depending on perspective and need. (IMO, not all platforms necessarily share the exact same context or purpose, so similar but slightly different platforms existing at the same time is often a good thing overall. Also, different standards for submission and different kinds of checks and controls means not all platforms have exactly the same kind of data, too).

If it's email spam we're talking, if the emails contain any phishing links, you could submit them to PhishTank. They don't deal with spam, but rather, they deal with phishing. However, I mention them, because you mentioned email spam, and both spamming and phishing often (but not always) go hand-in-hand when it comes to email. They don't require any of the three datapoints required here, but do require a different kind of datapoint: The phishing URLs in question. (So, if it doesn't have anything to do with phishing, or doesn't contain any phishing links, you can't submit it there).

If you're willing to set up a honeypot at your website, email server, or via DNS records, you could consider utilising Project Honeypot. Strictly speaking, you don't "submit" anything to them directly yourself, but provide the means by which they can collect the necessary data (i.e., via a honeypot which they have you set up). (A useful platform, but they work differently than platforms where you submit data yourself, like Stop Forum Spam, AbuseIPDB, PhishTank, etc).

There are plenty of other platforms available too, but at least, those are the platforms that I can immediately think of off the top of my head. You might need to do a bit of googling to find some of the other available platforms around.

Last edited by Maikuolan (2023-10-27 2:19 pm)

smileBeda

Member

Registered: 2023-10-27

Posts: 3

Re: I cannot submit spammers to the DB

Thanks a lot for your thorough reply, this certainly helps a lot.

Indeed I’ve no VERIFIED emails - exactly a part i want to avoid because sending confirmation emails to an in existent email is more hurtful for my email as it’d bounce too much. So I decided to just manually approve comments until a user is trusted.

Newsletter subscription is on the other hand verified, but I run the email through a set of checks before even sending a confirmation (of these is this database)

Similarly for contact form before sending email confirmation to prospect, it runs through checks and also an llm analyses the content and rejects it if it’s sus.

Again thanks a lot for the reply and certainly thanks to all the folks who keep this db running.
Awesome job.