Please excuse this intrusion. Last year there was a noticeable increase of individuals probing our servers for Matt Wright's formmail script, in the hopes of using our systems for the transmission of Bulk / UCE. As a web hosting provider that does not tolerate spam, we decided to direct all attempts to a php script that causes the spammer to report themselves to their ISP. Over the past six months we have had tremendous success hitting spammers where it hurts by getting their ISP to drop their accounts. Because of this success we have modified our php script to allow other web hosting companies or even individual web sites the ability to apply this same success on their systems. Below you will find a description of what the script actually does. ------------------------------ Description: ------------------------------ This formmail.php script will send a complaint report to a visitors ISP and/or just to you when a visitor triggers it in the following ways. /cgi-bin/formmail.pl /cgi-bin/formmail.cgi Returns a formmail web page and reports to you a possible mistake with the visitors IP number. No report is sent to their ISP to protect mistake made by an innocent surfer. A spammer will now try the following to check for a improperly configured formmail.pl script. /cgi-bin/formmail.pl?recipient=someone@some_ISP.com /cgi-bin/formmail.cgi?recipient=someone@some_ISP.com If this is the first time the visitors has tried this they will receive the e-mail to the recipient listed. The script writes their IP number into the ip.txt file and blocks any further attempts using the format above. This protects your server from being used as a spam machine after the initial trap is set. The script will also send a complaint to their ISP and one to you for your records. This acts as a formmail trap to get them to report themselves even more. /cgi-bin/formmail.pl?recipient=someone@some_ISP.com,another_address@some_ISP.com /cgi-bin/formmail.cgi?recipient=someone@some_ISP.com,another_address@some_ISP.com To save time a spammer will use multiple recipients from their collection of e-mail address. This type of visitor / spammer is hooked and will now try to send out large amounts of Bulk / UCE using your server to protect themselves. Each attempt is reported to their ISP as Network Abuse from their IP and also reported to you for your records. If you want to set this up Globally on the server and some of your clients use Matt Wright's formmail script, just have them rename it to something else and reference that new name in their forms. We mention the use of this spam trap in our setup e-mail and advise them to do the above if they intend to use formmail for processing forms. The script is freely available from the following URL: http://www.home-port.net/formmail/ Some ISP's are slow in responding to the complaint, but once you have a spammer hooked and they report themselves a couple of thousand times. The ISP eventually get's the message and disconnects them. Sincerely, Michael West, CEO Home-port.net Inc.