I'm with you on this one kapow. I'm always trying to think of ways to beat the spammers. Both of your suggestions are good, although in reality, they only inconvenience, not really attack the spammers.
The problem being that there are major ISPs etc. who ignore spammers and allow them to use their services. This is the root of the problem AFAIK.

I'm always thinking that spammers are using the same technology available to everyone, and there are some pretty incompetent spammers out there, so surely we can find some kind of technical solution that could trun the tide? However, I've yet to come up with it...
Bouncing is a good one, but the volume of emails you can send cheaply means that if you are a spammer, you wouldn't strictly have to remove bounces from your list - just send them anyway if everyone caught on to bouncing technology.

But there are definitely 'ethical' companies out there who should know better:

[cluelessmailers.org...]

> the volume of emails you can send cheaply means a spammer wouldn't strictly have to remove bounces...

Re. My note 1 - the page I mentioned will go on creating email addresses forever (or until the spam bot gets tired and moves on). Think about it, if there were a few dozen sites like that - then literally tens of millions of rubbish email addresses would get added (hmmm even billions) - the spammers could not continue to run such a system.

Re. ISPs - Some of the problem ISPs are in countries that don't really care much about such issues.

Re: fake addresses for spam bots:

[bendz.net...]

actually, here's a better link:
[turnstep.com...]

There are quite a few other sites. I take the point that if enough people put up these types of pages it would certainly be a thorn in spammers sides.

So I uploaded one today to a widely indexed site ;)

Major spammers won't be fooled by endless email address lists.

It doesn't take much to figure out that:

yfe@ksdasoiasddaseme.com
nnhtvppywrosstu@ksdasoiasddaseme.com
ijw@ksdasoiasddaseme.com
hgznugxbiuwii@ksdasoiasddaseme.com
dvjaluxrcunvdceukuusyf@ksdasoiasddaseme.com
yfjlufwtwdcapndqcily@ksdasoiasddaseme.com
syrynecmdwaxeksxhspzgdgffc@ksdasoiasddaseme.com
rrzwthltccpnilnrmyn@ksdasoiasddaseme.com
jfslboogovcvxpnbyvctopcyk@ksdasoiasddaseme.com
ebrqkuhpidstywp@ksdasoiasddaseme.com

are not likely to be real email adressess (this is from one of the links provided).

Nice try - but it simply doesn't work against anyone with a brain.

The lists aren't designed for real people - they're designed for spambot harvesters that grab addresses from web pages etc. I sincerely doubt that spammers go through their address lists manually!

> So I uploaded one today to a widely indexed site.
Excellent :)
How do you make one of those things? Any chance of posting a url with source code?

How about hand these things out for free and let other programmers modify their versions. Come up with some guide lines e.g.
- Put the page in a folder with a robotes.txt file to prevent our friends the search engines gettng confused.
- To prevent server overload get the thing to stop spewing fake addresses after an appropriate time/quantity.
- etc.

> I sincerely doubt that spammers go through their address lists manually.
Apsolutely! I think these guys are handling tens of thousands or millions of addresses.

The link I posted earlier. [turnstep.com...]

It's a bit old, but it has lots of cool scripts. Even one that generates addresses @ the IP address of the person visited the page ;)
I recommend changing any default text in case there are clever spambots out there :)
Some will be more effective than others, but there's lots of good info on the site above.
There's a (similar) newer site if I remember, but I can't think of the address. I'll let you know if I think of it.

>- Put the page in a folder with a robotes.txt file to prevent our friends the search engines gettng confused.<

I thought you could only have robots.txt at the root of your site, not in sub folders?

I wouldn't bother wasting cgi resources on a spambot of any type. Keep in mind, the E-mail addresses harvested can be quickly filtered to weed out the good from the bad. Spammers don't have to confirm that the E-mail address exists, only the domain the address points to does.

Even if it were to work, you have just set yourself up to be hit by more E-mail harvesters. They'll flock to your server like seagulls flocking to a crumb.

The lists aren't designed for real people - they're designed for spambot harvesters that grab addresses from web pages etc. I sincerely doubt that spammers go through their address lists manually!

1) This only works if you give them enough names where it screws them up. You would have to give them probably 10 - 100 times as many bad names as good to do this. And it would be obvious by looking through any of them - where the bad names were from.

2) It is very abnormal for any one site to have this many email addresses. This could easily be flagged for human review.

3) Any type of script that does dictionary checks would defeat this scheme pretty easily. There are other ways you could check as well. Simply sorting by domain name - checking any domain name with whois that had 100 entries or more - would defeat most of these. In fact - anyone with a zone file and fast database sorting could get rid of these EVERYTIME.

4) Spammers AREN'T stupid.

[internetwk.com...]

5) There are a billion reasons (ok - not a billion) that this doesn't work, but it makes people feel they are doing something - so oh well.

>Even if it were to work, you have just set yourself up to be hit by more E-mail harvesters<

Hmm take the point. I will monitor my currently uploaded script to see if this happens.
Could be a way to get a list of common spambots?

Either way, as per the subject of this thread, any better suggestions anyone?

Even if the script method above is flawed, I still like the idea of trapping a spambot ;) If everyone had one of these scripts it would have some effect on spammers. The general opinion i've been reading is that these scripts DO have some positive effect:

[website101.com...]

Andy,

have a read of this, excellant development of idea's and strategies.

A near perfect ban [webmasterworld.com]

>There are a billion reasons (ok - not a billion) that this doesn't work<

OK, so the current scripts referenced aren't particularly advanced. But that doesn't mean we can't make one that is. If spammers evolve, so will we .

It seems that most people's attitude is, oh well, spam is here to stay and we're just going to have to accept it, and certainly this appears to be the most likely outcome if no-one can be bothered to do anything.

I fully understand that blocking spam before it gets to your email account is the easiest way to avoid seeing it, but I took this post to be more about finding a way to hit back at spammers before the email gets sent.

>Any type of script that does dictionary checks would defeat this scheme pretty easily<

I can't think of a single email address I use that would pass a dictionary check - and what about tom23476234@hotmail.com etc.

>Spammers AREN'T stupid. <

Not all of them certainly, but if I only harass the stupid ones then that's OK with me for now ;)

>This only works if you give them enough names where it screws them up<

The script i'm using auto-generates link pages so the list goes on forever, with no external links for the spambot to escape through.

>http://www.website101.com/SpamFilter/spam_script.html (Wpoison)

Some of those "fake" E-mail addresses belong to a real domain. You would be spreading spam, not preventing it.

>Some of those "fake" E-mail addresses belong to a real domain<

I'm not actually using this script (i'm using one that generates total gibberish addresses, so unless you've bought 16-character-random-letters.com you should be OK) but a very good point.

I couldn't find the genuine addresses you mention though - which page was this on? I was looking at the wpoison example [monkeys.com...] and none of these seem at all likely to be genuine. If they are displaying real addresses I will contact them and get them to change it - they seem like the least likely people to want to encourage spam.

[edited by: Receptional_Andy at 4:49 pm (utc) on Feb. 21, 2003]

EXACTLY -

1) If they belong to a real domain - you are SPREADING SPAM.

2) If they belong to a fake domain - anyone with a zone file can filter it out.

I don't see anyway around this. I hate email spam as much as the next guy, but this isn't going to help stop it.

And the endless pages...

Don't you think they have a time out or something on their bots?

There are a lot of them but I can't provide a link to any because the lists are randomly generated. Hit refresh and the page generates new E-mail addresses.

Some of the addresses I found pointed to regents.edu, moots.com, tunu.com, skatings.com, etc.

Personally, I peruse my access_log files for formmail queries and reporting them directly to the ISP, UCE@ftc.gov, and if sampled this way:

68.33.10.10 - - [17/Feb/2003:12:32:49 -0800] "GET http//www.blah.com/cgi-bin/FormMail.cgi?email=FormMail@mail.com&recipient=<formmailss@aol.com>blah.com&subject=www.blah.com/cgi-bin/FormMail.cgi&=date/time:Mon/Feb/17/7:55am HTTP/1.0" 200 873 "-" "Mozilla/?"
68.33.10.10 - - [17/Feb/2003:12:32:50 -0800] "GET http//www.blah.com/cgi-bin/FormMail.pl?email=FormMail@mail.com&recipient=<formmailss@aol.com>blah.com&subject=www.blah.com/cgi-bin/FormMail.pl&=date/time:Mon/Feb/17/7:55am HTTP/1.0" 200 873 "-" "Mozilla/?"
68.33.10.10 - - [17/Feb/2003:12:32:50 -0800] "GET http//www.blah.com/cgi-bin/formmail.pl?email=FormMail@mail.com&recipient=<formmailss@aol.com>blah.com&subject=www.blah.com/cgi-bin/formmail.pl&=date/time:Mon/Feb/17/7:55am HTTP/1.0" 200 873 "-" "Mozilla/?"
68.33.10.10 - - [17/Feb/2003:12:32:50 -0800] "GET http//www.blah.com/cgi-bin/formmail.cgi?email=FormMail@mail.com&recipient=<formmailss@aol.com>blah.com&subject=www.blah.com/cgi-bin/formmail.cgi&=date/time:Mon/Feb/17/7:55am HTTP/1.0" 200 873 "-" "Mozilla/?"

I'll include reports to abuse@aol.com and abuse@mail.com.

12.254.253.196 - - [19/Feb/2003:17:13:07 -0800] "GET http//www.blah.com/cgi-bin/formmail.cgi?email=FormMail@mail.com&recipient=<testfommail2@married-not.com>blah.com&subject=www.blah.com/cgi-bin/formmail.cgi&=date/time:Wed/Feb/19/6:12pm HTTP/1.0" 200 903 "-" "Mozilla/?"
12.254.253.196 - - [19/Feb/2003:17:13:07 -0800] "GET http//www.blah.com/cgi-bin/FormMail.cgi?email=FormMail@mail.com&recipient=<testfommail2@married-not.com>blah.com&subject=www.blah.com/cgi-bin/FormMail.cgi&=date/time:Wed/Feb/19/6:12pm HTTP/1.0" 200 903 "-" "Mozilla/?"

In the above case - after one initial report bounced back, I preceded 'married-not.com' with www - plugged that into my browser and it redirected to My Own Email to which I re-sent my complaint.

For the record, I deleted my CGI-BINs so any request is considered an intrusion.

On another note: Not long ago I posted that I'd closed an open proxy, (not relay - although I do have several of those to my credit) and the response was disheartening to say the least.

One thing I've noticed about WebmasterWorld is it's reluctance to take a stand on UCE/SPAM.

Maybe I should ask you this: Don't you feel like you're trying to pull someones teeth in this endeavor?

I wish you luck. As for me? Well, I'm going to continue doing what I do whether there is support within these forums for it or not. I know where my motivations are.

Pendanticist.

I'm way off topic here, forgive me:

One thing I've noticed about WebmasterWorld is it's reluctance to take a stand on UCE/SPAM.

On one hand, some of our members feel that spam is a viable marketing tool. On the other hand, [webmasterworld.com...]

Our goal is to provide "News and discussion for the advanced web professional," not to crusade for or against any particular webmastering tools or techniques.

On one hand, some of our members feel that spam is a viable marketing tool. On the other hand, [webmasterworld.com...]

Our goal is to provide "News and discussion for the advanced web professional," not to crusade for or against any particular webmastering tools or techniques.

<sigh>

Pendanticist.

A couple ideas to improve your spambot crapper. First, whose to say you can't register a couple domains and generate addresses for them. This would mean 0 chance of spreading spam, and 0 chance of being filtered. Sure there is a cost, but it's small ($20-$30 year aint bad) and you could claim it as a business expense while justifying it as a donation. As for someone checking against dictionaries or character chain probabilities, you could generate names with the same resources getting around that. Another idea is to limit the number of emails put out on any given page / site to maybe 100 so as not to arouse much suspicion. This makes things more difficult, but who cares.

Another interesting idea I've heard is to insert a single bogus email address into a web page hidden somewhere. Make the email address at your own domain, so it appears legit, and figure out a way to encode the ip address of the user requesting that page into the email address itself, for example (123-12-34-56spam@mydomain.com). Then set a rule on your mail server to catch all messages sent to *spam@mydomain.com to a single mail account. Check this periodically, and see which new email addresses showed up. You now have an ip list of the harvesters. You can look at logs to see if there are any interesting patterns for these addresses and also contact the ISP's of the harvesters themselves. Most spammers conceal themselves when sending spam, but not necessarily when they are harvesting.

Also, remember that whenever you are talking about spammers being technologically advanced, you have to realize that what they are doing is SO easy that they generally dont care if some of the email addresses are invalid.

How's this for a new idea to end spam?

Virus writers are evil as are spam senders, right? But they are not the same type of evil. So there must be at least one virus writer who hates getting spam.

Perhaps one day, they'll get so sick of getting spam they'll write a virus that propagates everywhere and -- then on the stroke of midnight -- shuts down any machine it is on that has an open relay.

With a bit of luck the anti-virus people will produce a fix that refuses to run if the relay is still open. And the job's done!

The residual virus floating round the internet will automatically shut down remaining or new open relays. And the spammers will have to go back to snail spam.

It's a dream, true. But that's better than having a nightmare :)