Any email function is a target

I regularly post in the Joel on Software forums. The JoS forums have a very simplistic interface, but they do have allow you to send an email to a poster who has provided their email address.

The thing is, there’s nothing stopping spammers from making use of that. The forum’s presumably-quite-effective Bayesian filters (there is usually very little spam) don’t seem to check emails out, and there’s not even a CAPTCHA.

I received my first spam email through JoS about 2 months ago, but none since. Until this week.

Spam from the Joel on Software forums

I use Gmail for my email, which is usually quite good at picking out spam, but, presumably thanks to the JoS connection, these spam messages are getting through just fine.

If you are offering users an option to send emails to third parties, you should take steps to try and prevent spam. Otherwise, spammers will take advantage of your name, your service, and your bandwidth to send emails – potentially even result in you ending up being blacklisted. And not entirely unfairly.

3 Responses to “Any email function is a target”

  1. Ben Smith Says:

    I presume you’ve reported this to Joel (or his team)?

  2. Ben Smith Says:

    Oh, and you don’t allow periods in the local part of the email address. Which is just as annoying as what you’re reporting.

  3. jivlain Says:

    Ben – yes, I reported it, and I’m told they’re working on resolving the problem.

    As for the periods – something like seems to work fine for me, could you clarify?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: