Slashdot Mirror

← Back to Stories (view on slashdot.org)

Honeypot For Identifying Email-Harvesters

Posted by timothy on from the off-with-their-heads dept.

Cheese Man writes "Mark Pilgrim describes a simple way to identify email-harvesters: "In each page I serve, I include a bogus email address, encoded with the date of access as well as the host IP address ... This has allowed me to trace spam back to specific hosts and/or robots." There's even a simple one-line example done with PHP. (Thanks to BoingBoing for the links.)"

8 of 252 comments (clear)

  1. Nothing new by Rosco+P.+Coltrane · · Score: 4, Informative

    Lots of people, including me, use different middle names or initials when applying for something in writing, by snail mail or by telephone. When junk mail comes back in the mailbox, it's easy to know what company sold your information to whom, or at least which company was the initial recipient of the bogus info and which was the last.

    Old new ...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  2. wpoison by Gothmolly · · Score: 5, Informative

    Try wpoision, it's a CGI script to generate a random set of email address, infinitely deep. Very fun.

    --
    I want to delete my account but Slashdot doesn't allow it.
  3. You can do the same with a lot of addresses by wheany · · Score: 5, Informative

    You can often do this even without a throwaway domain. Many addresses can be tagged by adding a "+" (plus-sign) and anything between the user name and the @-sign.

    For example wheany+sd@iki.fi, wheany+SpamTastesGood@iki.fi, wheany+glahglahglag@iki.fi, wheany+spammer.com_on_06_22_2003@iki.fi all go to the same mailbox.

  4. Its called a false dichotomy by gad_zuki! · · Score: 4, Informative

    > Come on, you can't have it both ways.
    > You're either pro government control or against it,

    Why not?

    Things are rarely polar opposites. You can't just say, "Well kid, are you a communist or for a lassiez-fair market." There's tons of middle ground.
    The formal name for this is the False Dichotomy. More
    Extremes only really exist as abstract concepts.

    Advocating regulation or laws to protect against abuse is hardly pro-DMCA.

  5. Giving credit where it is due... by darkpurpleblob · · Score: 4, Informative
    It wasn't Mark Pilgrim that described a simple way to identify email-harvesters. The link shows it was George A. Theall in a comment on Mark Pilgrim's weblog.

    How Cheese Man got mixed up is beyond me, as comment by George A. Theall is clearly displayed at the bottom of the comment.

  6. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  7. mod_spam_die by c_g_hills · · Score: 5, Informative

    Another tool to throw a spanner in the works for spammers is mod_spam_die for Apache. It generates a random page with recursive links and fake addresses, thus causing the spammer's database to fill up with useless addresses. There's an example at chaz6.com/spam_die.

  8. Let's combine some ideas here. by The+Monster · · Score: 4, Informative
    1. Set up one or more machine names on your domain specifically for spam traps.
    2. All email addresses on your page are munged thusly: When a computer at 123.45.67.89 requests a page containing the email address
      Dr. John Q. Doe <john.doe@isp.com>
      it becomes
      Dr. John Q. Doe (john DOT doe A-T isp DOT com) <16552.IP.123.45.67.89@spamtrap.domain.org >
      where the exact formula should be a bit vague, so as not to be easily defeated by bots, but obvious to humans
    3. The email server for spamtrap.domain.org is Teergrube (tarpit) that locks up the spamming computer AND sends notification back to the web site to serve that IP links to a world-wide tarpit ring, so as to get the spammers as many tarpit email addresses as possible
    --

    [100% ISO 646 Compliant]
    SVM, ERGO MONSTRO.