Forum Moderators: phranque
Then I decided to put a mailto: link and use disposable email addresses, to make it easier for people to contact me. 'Disposable' addresses, because I would dump them as soon as they got spammed.
I went through info001@mydomain.com, info002@mydomain.com, info003@mydomain.com and info004@mydomain.com. Surprisingly I haven't had to replace the last email address (info004@mydomain.com) since last October. It never gets spammed, even if it's in a mailto: link on my site.
The reason for all this is that last September I started implementing a download protection script, to prevent people from downloading my entire site. The protection basically consists of a series of robot traps - hidden links which only bad bots find (not normal users) and which automatically ban the IP address of the bad bots. (By the way I also keep a bad user agent block list in .htaccess up to date.)
Now, although I can't prove it, I'm pretty sure that this download protection also blocks spambots. Spambots crawl the entire site, essentially behaving like website dowload tools and can therefore be blocked with traps.
I've had for instance 30 bad bot alarms in the last four weeks. A number of them must have been caused by email harvesters (and I'm not counting here the stupid EmailSiphon users who forget to hide the user agent string).
Basically now it seems that my entire site, including the guestbook, is protected against email harvesters.
Cool- good for you!
Does it not cause some confusion with PREVIOUS customers that come in on an OLD e-mail address? How do you handle that?
I agree- I think the spider traps are the way to go. Wonderful little things. I use a modified version of Keymasters script, posted elsewhere on this site. That is all you need. I would suggest using MULTIPLE copies, and use it in multiple ways (No more hints than that!)
Saw this wonderful post elsewhere on spam:
[cdt.org...]
Worth reading, and provides a link (at the bottom) to help obscure plain text e-mail addresses (hint- if you have a mailto: link, you have to obscure THAT, too!)
dave
In theory with a robot trap it would be possible to trace back the bad guy who launched the email harvester, since IP address and time are known. But that would require the cooperation of the internet provider.
This asumes the harvester is the spammer.... probably not always the case! People sell e-mail lists...
dave
Worth reading, and provides a link (at the bottom) to help obscure plain text e-mail addresses (hint- if you have a mailto: link, you have to obscure THAT, too!)
Wouldn't this be fairly easy to reverse engineer into a "harvestable" e-mail?
[hiveware.com...]
It's basically a whitelist/blacklist combo.
You define while list for people who should be able to mail you and you define a black list to block.
If someone's e-mail is not on either list, he gets a reply asking to confirm his email, and if he confirms, his address is also added to the white list for the future.
Not full-proof, but much safer than arbitrary and less complicated than bayesian filters.
I'm plagued with tons of spam and I've never used my email address on any of my pages. 95% my spam started when Alexa posted my (WhoIs) contact info!
>>> Wouldn't this be fairly easy to reverse engineer into a "harvestable" e-mail?
Yes, it WOULD (and is). However, if you read through the link I gave above to the sppam test, you will see that spammers are not decoding it. Possibly because they are lazy, possibly because it is a hassle, possibly because there are too many other, easily harvestable e-mails, and probably a combination of all three reasons.
The report shows that decoding, while VERY easy, is just not being done. Who knows if it will be tomorrow, though.
Best bet- use an image (jpg/gif) file to display your e-mail address, and forms to take user feedback. (Some of these may have your e-mail addy in a hidden field- note that it is NOT hidden from an e-mail harvestor!)
dave
It seems that the SPAMBots are getting smarter now and they can grab email addresses even if you obscure it.
They will convert the HTML equivalent of whatever is after mailto: link, so I have no choice but to obscure even the "mailto:" on the link.
Seems to work for now, but for how long I don't know. Would go for the javascript option if I were to choose.
