Slashdot Mirror

← Back to Stories (view on slashdot.org)

Honeypot For Identifying Email-Harvesters

Posted by timothy on from the off-with-their-heads dept.

Cheese Man writes "Mark Pilgrim describes a simple way to identify email-harvesters: "In each page I serve, I include a bogus email address, encoded with the date of access as well as the host IP address ... This has allowed me to trace spam back to specific hosts and/or robots." There's even a simple one-line example done with PHP. (Thanks to BoingBoing for the links.)"

3 of 252 comments (clear)

  1. wpoison by Gothmolly · · Score: 5, Informative

    Try wpoision, it's a CGI script to generate a random set of email address, infinitely deep. Very fun.

    --
    I want to delete my account but Slashdot doesn't allow it.
  2. You can do the same with a lot of addresses by wheany · · Score: 5, Informative

    You can often do this even without a throwaway domain. Many addresses can be tagged by adding a "+" (plus-sign) and anything between the user name and the @-sign.

    For example wheany+sd@iki.fi, wheany+SpamTastesGood@iki.fi, wheany+glahglahglag@iki.fi, wheany+spammer.com_on_06_22_2003@iki.fi all go to the same mailbox.

  3. mod_spam_die by c_g_hills · · Score: 5, Informative

    Another tool to throw a spanner in the works for spammers is mod_spam_die for Apache. It generates a random page with recursive links and fake addresses, thus causing the spammer's database to fill up with useless addresses. There's an example at chaz6.com/spam_die.