Slashdot Mirror
Honeypot For Identifying Email-Harvesters
Cheese Man writes "Mark Pilgrim describes a simple way to identify email-harvesters: "In each page I serve, I include a bogus email address, encoded with the date of access as well as the host IP address ... This has allowed me to trace spam back to specific hosts and/or robots." There's even a simple one-line example done with PHP. (Thanks to BoingBoing for the links.)"
That there should be email addresses that the big companies "float" out onto spamming lists. When a mass email comes back with these email addresses, it's a flag that its spam, and block the whole message from going into the system. Of course, security on what those email addresses are would have to be pretty tight...
In fact, it's been covered on Slashdot for a while. You can also set up similar honeypots for bad web robots in general (where they get 403 after a certain number of bad hits).
Unfortunately, there is still no law against email harvesting, so there is nothing you can do to them unless you want a little vigilante justice.
Repeal the DMCA!
Exciting. Glad to see Slashdot is on top of things.
I did something similar for a while but stopped because I didn't really have any use for it. Using primarily my ISP's mail service theres not much I can do to customise it. At some point I intend to set up some sort of thing that feeds into a dns blacklist, but when that will be I just don't know. Its probably already been done, but heck, its the taking part that counts. Or something like that
Lots of people, including me, use different middle names or initials when applying for something in writing, by snail mail or by telephone. When junk mail comes back in the mailbox, it's easy to know what company sold your information to whom, or at least which company was the initial recipient of the bogus info and which was the last.
...
Old new
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Try wpoision, it's a CGI script to generate a random set of email address, infinitely deep. Very fun.
I want to delete my account but Slashdot doesn't allow it.
Last line of the article:
title edit (6/19, 6:47am): Honeypot not "honey hole." Thanks, Cory.
What's the difference between the two? Computer geeks have experience with honeypots!
You are just going to get a list of open proxies, comprimised windows machines, throw-away dialup addresses and so on. Useless.
What is it? Do you politely ask the spammers / bots to stop? Why should they. You have a server, they are looking for information.
I am plesently suprised that my anti-spam encoded email address still has not been spammed. And even a recent spam study found that only normal email addresses got spam.
It wouldnt take much to find and decode most of the simple spam-protected email addresses. And I dont think it would take long for the spammers to detect a system such as this and bypass it, but I dont think they will bother at the current climate.
But pretty soon I suspect we will get much cleverer email collecting tools and the problem is going to get to the scale of the virus/anti-virus stage.
Mouse powered Chips, Open source Processors and Lego
What can you do with somebody's IP address (that was in the email they harvested)? Resolve it and hope email sent to abuse@theirdomain.com does something?
John Kerry is a Joke!
I wonder if maybe someone could create a network of honeypots, and feed the data into a database that could be accessed in real time by web servers, to deny access.
It would probably impose too much of a performance hit for a popular site, but maybe for smaller stuff -- your bio page, or whatever -- it would be appropriate.
Come on, you can't have it both ways. You're either pro government control or against it, you can't say "these people can't have freedom because i don't like them, but don't take away my freedom because people don't like me"
-Jon
this is my sig.
These guys come like a thief in the night. They load your page like any other search engine spider. Its like knowing the face of the guy who went through your neighborhood, trying every door knob in the guise of distributing an advertising flyer, then later he disclosed to other thieves, unknown to you, whose at home during the day and who is not.
Yes, its helpful in building a case, like knowing who is going through a neighborhood trying all the doors, but catching the actual guy in the act is not as easy.
Some of this spam is really getting nasty. Just two days ago, I received this spam in my box purporting to be from the fraud department of Best Buy regarding CD players some guy in New York is trying to buy with my credit card. It seemed a really professional email, except they didn't know my name, and apparently had to get my email addy from a national credit bureau agency. When the links did not point as shown, I really became leery. The whole thing was apparently a ruse to get me to log into their site and disclose all sorts of personal information, playing on my fear that if I did not do so, the fraudulent transaction would complete.
Watch out, guys. There's a lot of deception going on out there.
Any tools and techniques we make to help us find out who these little rascals are is really welcome. Being some students just got nailed for their life savings for just their involvement in sharing a few songs, I trust this same environment can be used for those involved in internet scams which often cost not just a few record sales, but often substantial, I mean really substantial, grief for the victim.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
It will be permanently ./'ed by lop.com within weeks
Surely the email harvester will just 'learn' to remove it's own IP number and possibly a date (or even better, just increment the IP number date to generate an infinite number of email addresses)
A more advanced method would probably hash the ip with the date in a non-obvious way, but it'd have to be a one-to-one mapping of IP's at least and a two way hash to retreive the IP number.
Even storing the IP number as the apache-log line (if that's possible) would work, but real addresses would always work better but would require a dummy domain (e.g a dictionary of names stuck together with ._-). But unless you encode the IP you need a lookup table from your logs which is overhead.
Of course, this still doesn't address the real problem, the people who should be traced and punished are not the spammers but the companies that use the spammers, there will always be foreign companies willing to spam for you if the law makes it illegal. Few of the spams I see are international companies (ok, most of them are porn sites which are probably just harvesters).
The first link in the story also had a link to Cyveilance, which keeps appearing in my spamcop reports as "3rd party interested in spam), apparently their a chase (suspected) copyright infringement on the web....not sure I want to help them anymore..
BBAnd also not require register_globals be on (better for security if you can set it to "off"):
@ EXAMPLE.COM'; ?>" title="Go ahead, Spam me">Here is my email address</a>
<a href="mailto:<?php echo $_SERVER['REMOTE_ADDR'],'_on_',date('y_m_j_Gi'),'
(Slashdot adds an extra space before example.com)
I didn't see any code.
What did you see?
The only email address I have on my site is blockme@mydomain and if anyone sends an email to that one they get blacklisted. Easy but effective.
This is probably the better way to do this, since $REMOTE_ADDR may or may not work on your php config, and... boy does he have a lot of echo statements in there
" title="Go ahead,spam me">Here is my email address
" title="Go ahead, Spam me">Here is my email address
an idea that I had went a little something like this. You get a few dozen sysadmins together and have them create thousands of dummy email accounts, sell that list to the spammers as if they were a list of valid addresses.
Hit them where it really hurts, in their pocketbooks.
So then they have to worry about 1. getting caught running afoul of the law. 2. getting a bunch of useless email addresses. and 3. getting ripped off by the people that they fight tooth and nail to outsmart.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
I do this; the only spammers who have harvested my email address this way are TrafficMagnet. Perhaps because the actual email-address generator has a cgi-bin in the URL, and ends with a ".cgi" suffix.
The relevent user-agent strings which spambots have used are "Mozilla/3.0 (compatible; Indy Library)" and "Zeus 2.6".
Not much... the site is apparently not designed for Lynx. I see [EMBED] and that's about it.
Dude.. its not the 1970's anymore. Get a real browser.
You can often do this even without a throwaway domain. Many addresses can be tagged by adding a "+" (plus-sign) and anything between the user name and the @-sign.
For example wheany+sd@iki.fi, wheany+SpamTastesGood@iki.fi, wheany+glahglahglag@iki.fi, wheany+spammer.com_on_06_22_2003@iki.fi all go to the same mailbox.
And you want me to waste my time how? Now there is an idea to make some serius money: ... *ughh* Outlook
1) Run those honey pots on lots of different web servers.
2) Flag the spam ip's.
3) Sell black list as a service the intigrates with... you guessed it
4) Make millions
5) Get capped by the spam kings
6) Die rich
What a plan!!
GPLv2: I want my rights, I want my phone call! DRM: What use is a phone call, if you are unable to speak?
> Come on, you can't have it both ways.
> You're either pro government control or against it,
Why not?
Things are rarely polar opposites. You can't just say, "Well kid, are you a communist or for a lassiez-fair market." There's tons of middle ground.
The formal name for this is the False Dichotomy. More
Extremes only really exist as abstract concepts.
Advocating regulation or laws to protect against abuse is hardly pro-DMCA.
I've been using:
function nospam(user,domain) {locationstring = "mailto:" + user + "@" + domain; window.location = locationstring;}
emailme@domain.com
This has greatly cut down on spam harvest parasites grabbing my email on sites I develop - but like anything it is not a perfect solution
Combining this method on the web server with something like this on the mail server could be fun.
bemis
forgot his password
Why bother with honeypots when a Payback Page is far more satisfying :-)
OOOOps -
" >emailme@domain.com</a>
function nospam(user,domain) {
locationstring = "mailto:" + user + "@" + domain;
window.location = locationstring;
}
<a href="javascript:nospam('webmaster','domain.com')
Nasty pictures, do NOT go there.
How Cheese Man got mixed up is beyond me, as comment by George A. Theall is clearly displayed at the bottom of the comment.
Comment removed based on user account deletion
the idea behind having a throwaway domain was so that they wouldn't harvest the domain and start sending email to something like info@yourdomain.com or do a dictionary attack or something. and you would know that any and all spam sent to this domain would be spam.
it's an interesing idea but likely more for fun than any real effect
The downside is 2 selects and an insert on a DB for every page, but most sites are database-driven now anyway, and those that aren't probably don't care about the delay...
As for getting the spammers not the harvesters, surely it's the spammers you pick up on
Simon.
Physicists get Hadrons!
I have often wondered about the feasibility of setting up a national email and database to which everyone could forward their spam to. Then setting up a perl script which would strip the header information from the spam and post the information real time on a website. We could block the worst offending nets?
1) Set up a honeypot to get info about spammers
2) WHOIS them
3) Send E-Mail saying "give me $1000 or I sign you up to every known spam list and catalog order on the planet"
4) ???
5) Profit!
Interestingly, I've received a few emails from Best Buy over the last couple of days to a couple of addresses I've registered with them.
They are basically anti-fruad messages saying that those fraud alert emails are not from Best Buy, they are investigating them with law enforcement officials, reiterating that their online store is safe, etc.
CyberDave
Why go through all this trouble, just use session data and keep track of how many requests in a minute - if they pass some threshold just give them a plain text file that says you exeeded the qoute for one minute - please stop requesting so much (make better sentence). They still get to request pages and get something like a few kb worth of data - but it stops them from hoggin the real data...
You could bite back. Instead of trying to track them how about including the email address of the postmaster at the machine calling the page. That way when a harvester at j3rk.ugh.com calls your page it sees an address postmaster@j3rk.ugh.com. The harvester then sells his own address to the spammers. Then sit back and hope that the harvester decides to try to grow his organ enough that he doesn't need to do this stuff....
Comment removed based on user account deletion
cb@cs.man.ac.uk
You should do what I do, and set up a "tar pit" on your website, with a bunch of bogus randomly generated e-mail addresses, and links back to itself. On last count, I've handed out over 100,000 false e-mail addresses.
Michael C. Hollinger
Another tool to throw a spanner in the works for spammers is mod_spam_die for Apache. It generates a random page with recursive links and fake addresses, thus causing the spammer's database to fill up with useless addresses. There's an example at chaz6.com/spam_die.
can be linking to a php script which generates n random email addresses in your site. For example this. The link doesn't even have to be visible, it'd take a fairly smart harvester to notice you've stuck it behind a <div> tag or made the font appear in the background colour.
Although it isn't cutting-edge (most of the domains would fail a dns lookup for starters) it should succeed in polluting lists generated by most dumb harvesters. Crude but effective since every spam sent to a non-existent address means one less sent to a real human.
With the number of people using web based email, how usefull is the mailto tag anyway?
This is beautiful. And all the other suggestions bring joy to my heart!
I just wish someone would invent a way that sends a 100,000 volt/amp jolt back to the spammers so that all that's left to be found is a pile of smoking ashes where they were sitting when they went to check their in box...
postmaster@j3rk.ugh.com doesn't really care.
If, perchance, it is a company that makes its bread and butter collecting and selling e-mail addresses to the gullible, they probably already KNOW what they are doing, and you reminding them does nothing but give you a warm feeling.
Another option is some retail user - there probably is no postmaster@CPE0080c6ef6343-CM0143000000054.cpe.net .cable.rogers.com just to pull a random IP address out of my log file.
And finally the last case -- you hit the 'jackpot' -- you find the email address of some overworked sysadmin at medium-nsp.net who COULD do something if she could.
An anecdote to illustrate:
I was working as head network/system administration guy for a very successful NSP in the S.F. bay area in the mid 90s, when spam REALLY began to take off. We had a customer who had the domain name PASTA.COM (not really -- to preserve his anonymity I have substituted an equally common word for his).
A very vigorous spam organization was sending out tens of thousands of emails advertising their spaghetti-sauce and accessory business, directing people to call 1-800-PASTA.CO (M)
They had no relationship to our (domain-squatter) client, who did not even sell pasta products. He was just hoping that some pasta-manufacturer would give him ten large for the name.
Every day, my postmaster@... inbox would be filled with vitriolic e-mail demanding that I terminate his connectivity for violating our AUP. (Sadly, our AUP had been drafted before anyone had imagined that spam would be a problem. The closest we had was a paragraph "protection of network")
Sometimes, if I was feeling argumentative, I would correspond with these sub-people asking exactly how is this customer violating any AUP? By having a domainname that is a common five-letter english word that someone else happened to use in a piece of spam?
I had my own real job to do -- helping our customers track down and eliminate open mail relays, sending out bills for rack space, taking my turn standing in front of the idiot with the backhoe so he couldn't dig up our OC3, keeping usenet working.
Eventually, I developed a tecnique that satisfied everybody. I would send out a polite form-letter saying, "Thank you internet user for your vigilance. Please be assured that the most appropriate action is being taken immediately."
Then I moved their original message into /dev/null.
How does the Slashdot Effect happen given that no slashdotters ever RTFA?
That's a great idea.
If I ever turn to the dark side and support spam, I'll have to modify my email harvester to discard those. I actually only spent a few hours working on it, but it overcomes some email protection techniques by using a real browser to load the pages (minus images & such), allowing any email descrambling scripts to run. A way to improve it might be to have it "click" all the javascript links on the page, catching attempts to browse to an email link but not actually allowing the browser to go to another page. I suspect that one day pages will use hidden "crash browser" links to stop such email bots.
So what happens under this scheme when a harvester bounces all their page requests through an open proxy? Does the recorded IP address mis-identify the proxy as the harvester?
I have Zope running on an unpublished IP address and port on one of my machines. About once a day, someone tries to reflect a connection through it, like so:
66.118.187.8 - Anonymous [30/May/2003:09:10:05 -0700] "CONNECT 64.12.136.89:25 HTTP/1.0" 404 264 "" ""
Apparently there are enough mis-configured Web proxies out there (like older RedHats running Squid) to make this type of probing worthwhile. Does this honeypot account for this?
Schwab
Editor, A1-AAA AmeriCaptions
Ponder this:
The fake addresses actually bother to 'click' on the links sent to them. Do this from 'the cheap seats - cable modems' or people who need more inbound traffic to balance their loads.
Benefits:
1) The 'buy' rate drops. Alot. Hopefully to a point where the people decide spam is no longer worth it.
2) The spammers think the address is ligit.
3) The outgoing bandwith of the spammers/people who use spammers will rise.
Just using spammers to load-balance (You need more incomming traffic - keep requesting the spammers's pages) (Need outgoing traffic? Host the sites that poison the spammers boxes)
Is to use some scheme to encode the IP address. Slashcode won't let me post the code here, but look at Perlmonks for an example.
I am not quite sure if this is the proper term for it, but
when a person attempts to brute force email addresses against smtpd, it was called a rumplestiltskin attack. Sendmail allows you to throttle that back. I just thought i would throw that in to the mix, since we are talking about harveting.
later
<?
// custom prefix (for your mail filter) // your mail honeypot domain // whatever you like
( [0-9]{1,3})", $IPquad, $result)) // arbitrary offset to foil simple spambot honeypot detection // crappy workaround PHP << leftshift 32bit limitations.
r esult)) .= ($MyIP >> ($i*8)) % 256; .= ".";
// spam bait with host signature by sonny w.
// use freely
// this creates dummy email address with IP
// of email harvester, but it is less obvious
// than some examples posted earlier.
define( "_SPAM_SIGNATURE","goatse");
define( "_MAIL_HOST","mydomain.com");
define( "_SPAM_OFFSET",131435);
function SpamCode($IPquad)
{
if (ereg("([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.
{
$MyIP = _SPAM_OFFSET;
$Multiplier = 1;
for ($i=0;$i<4;$i++)
{
$MyIP += $result[$i+1] * $Multiplier;
$Multiplier *= 256;
}
$MyCode = base_convert($MyIP,10,36);
$Email = _SPAM_SIGNATURE.$MyCode."@"._MAIL_HOST;
return $Email;
}
}
function SpamDecode($Email)
{
if (ereg("^"._SPAM_SIGNATURE."([0-9a-z]+)@",$Email,$
{
$MyIP = base_convert($result[1],36,10) - _SPAM_OFFSET;
$outIP = "";
for ($i=0;$i<4;$i++)
{
$outIP
if ($i<3) $outIP
}
return $outIP;
}
}
$Email = SpamCode($_SERVER['REMOTE_ADDR']);
echo ($Email);
// use SpamDecode(email) to decode IP from spam email
?>
We started encoding the date/time/IP into spike addresses in August of 2001, and we still get hits on addresses from that month. We started obscuring contact addresses in January of this year, and those addresses get less spam than the unencoded addresses they replaced, but they do get spammed.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
So some spammers have figured out string manipulation.
The problem with this is that the bots work off links from other pages, primarily search engines.
So to create a 'honeypot' you have to create all these useless pages (you're not going to put these email addresses on a real site!), which would be just as bad as spam.
Imagine doing a legitimate search on google, and having to wade through loads of dummy pages just designed to catch bots.
Just for my own evil pleasure, it also adds postmaster@ the crawler's IP to the top of the list.
President ISES
(International Society for Elimination of Sigs)
I had already written one of these types of pages in ASP and have now added some code based on the original honeypot post so that if a crawler is identified it feeds them shitloads of emails and recursive URLs. Happy to share the code.
President ISES
(International Society for Elimination of Sigs)
Only just today I posted this article about how not to get spam for users of my servers. When 97% of all spam emails within a 6 month period come from website-harvested addresses, it's pretty clear that posting your email address on a website is just plain stupid. Use a form to allow users to contact you, but never allow them to be able to get your address.
This is easy enough to do. Check out my top level index (the one above this article) -- there's an email address there that delivers, and adds the delivering server to my local blacklist. It contains the harvester's (or other visitor's) email address, cheesily encoded.
;-) But if you really want to email me, my user name in my domain is the same as my user name here. Nuthin' to it.
Ya know what I've found? The harvester bots are almost all running on cable modems. They use them for a while, then throw them away. And they rarely, very rarely, send spam from the same host that's out harvesting. In my experience, the harvester runs on a cable modem in the US, and the spam comes from overseas, or an open relay on some network unrelated to that of the harvester.
Want to get your SMTP server blocklisted in my network? Send mail to the email address at the top of this message.
And not so creative ways to identify harvesters is not news.
Warning: This signature may offend some viewers.
use MIME::Base64;
use CGI qw/:standard/;
use Socket;
my $email_trap = encode_base64(inet_ntoa(scalar gethostbyname(remote_host() || 'localhost')));
$email_trap =~ s/=//g;
$email_trap =~ s/\n//g;
print "<a href=\"mailto:$email_trap\@xyz.com\">This is a spam trap</a>";
# my $remote_addr = decode_base64( $email_trap );
improvements welcomed
Internet Related Technologies - http://www.irt.org
I wrote something which I called SpamJavelin which does pretty much the same thing. It's not as short as the example {it runs to 17 lines not including the tags}, but it does give you a simple function to call and mung any old e-mail address.
..... I say go for it. Every website should have one!
Still, it's nice to see other people having similar ideas
Je fume. Tu fumes. Nous fûmes!
No he doesn't, George A. Theall does, in a comment attached to an article by Mark.
Okay, so I must admit that spam pisses me off bigtime. Hence my own spam policy is something more like this:
Okay, not quite. By default, all mail is rejected unless it comes from someone I know. If it's from someone I don't know, they get a mail telling them their mail has gone into my spam folder, and also tells them how to get it past the filter.
This works because it needs a human to read the reply email, and the best thing about it is that Apple Mail makes it deliciously easy to implement.
As if this wasn't enough, my web pages also have fake addresses that encode the harvester's IP etc. There's a bona-fide email link too, because real live people have complained at me for not having one. Of course, the email address does not appear in the text of the pages. Instead it's coded in some Javascript that renders a de-mangled mailto: link. The day that they make their harvesters interpret javascript correctly is... well... the day they leave themselves open to LOTS of malicious code on our end ;)
-- call
I did a few small honeypots for the spammers to play with. SMTP and proxy.
Do you care about the security of your wireless mouse?
I would at least conver the IP address to hex (e.g. ef0f3bad) so its not really obvious what you're doing -- makes the address look more "real" too
agreed. A real conservative is not what current right wingers or republicans are mostly... I will have to agree with robert, using his form of the term. Same for so called liberals.
;)
But if we are going to talk about the true meaning of conservative, then my points change slightly. There really aren't many real conservatives left [in US, no comment on the rest], even while looking at today's liberals. "Liberals" mostly want change, or at least change of today's policy back in line with traditional values, or change in the direction of compassion to fellow individuals. And the people that call themselves conservative today mostly want radical change in government and society and in the opposite direction from traditional.
It would be easy for most of today's "Liberals" to call themselves conservative in dictionary.com's definition of the word. The only problem is not many of them will call themselves that because of all the lunatics who claim the same name, usually because they think that religious beliefs are the only "traditional" beliefs that matter, and smaller government only means larger military and law enforcement in place of compassionate government programs and reasonable laws [read: more social control and less social help]. See all the new legislation passed by so called "conservatives" for evidence. I wouldn't consider gutting the constitution as any shape or form of traditional or conservative values. The fact that our economy is dependant on war when we are at peace is some more evidence for my point.
all this IMHO of course
Two infinite things: your stupidity and mine. But I'm not sure about the latter. If my sig offends you, I'm sorry.
Charles Johnson is a very fine web designer and musician who runs a terrific [IMHO] weblog called Little Green Footballs.
He has a system for dealing with address harvesters which you can learn about here.
Or just post your email adress as a .jpg?
That's what I've done on websites I've built in the past... or at least that's what I'm saying NOW :D
Bored with karma, be a fan/freak
They are basically anti-fruad messages saying that those fraud alert emails are not from Best Buy, they are investigating them with law enforcement officials, reiterating that their online store is safe, etc.
The anti-fraud emails are not from Best Buy either. Hope you didn't click the links.
bp
Having my own domain name(s), every time I sign up for a service or download, my e-mail address with that group is something like
website@mydomain.com,
so winamp@mydomain.com, slashdot@my2nddomain.com, etc. The idea here is that you'll then know just who sold you out, and since I've started doing this, I have yet to receive any spam in the past 2 years. This furthers my theory that hotmail and aol spam or sell lists of their own users.
This post, like so much of Creation, is NotArt
Isn't it possible that some of these auto-generated e-mail addresses will actually correspond to real addresses and thus cause innocent people to get spam they otherwise wouldn't get?
I have a life. I really do. I've just chosen to ignore it.
On my old website I posted this paragraph at the bottom:
Thanks to spammers I'm not going to provide a nice simple email link. If you want to email me, I'm pecosdave at this domain. If you don't see the domain in the address bar for some reason it's geeksofrage.com so email pecosdave there.
(I had to add the last sentance to help non-geeks along, I use my family as a test bed for stuff like that)
The preceding post was not a Slashvertisement.
I built a Javascript function to build an e-mail address, so that the source code wouldn't contain the address but the rendered page would. I'm thinking this would stop most harvesters, since the complete address isn't even spelled out in the function's code. . .
Has anyone else done this? How does it work for you?
!#@%*)anks for hanging up the phone, dear.
Thats a very cool idea. I wanted to try it in ASP.Net, and found I could do it using this...
D R"] + "_on_" + DateTime.Now.Year + "_" + DateTime.Now.Month+ "_"+DateTime.Now.Day + "_" + DateTime.Now.Hour+DateTime.Now.Minute + "@domain.com"); %>'>go ahead, spam me!</a>
<a href='mailto:<% Response.Write(Request.ServerVariables["REMOTE_AD
What I do is I signed up w/ spamex.com and for each email address I have to give out (for anything but personal correspondance) I create a disposeable alias. Then if/when I get spam, a) I know where it came from and, b) I can turn that alias off, thereby stopping the spam. It's low-tech but it works for me.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
This feature has been incorporated into Seed Spambots as of version 1.01. Please see http://freshmeat.net/projects/seedspambots http://freshmeat.net/projects/seedspambots