Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Do You Fool Spam Bots?

Posted by Cliff on from the email-armor dept.

ThisIsAnExampleAccou asks: "I am currently researching Spam Bots, and the various methods by which they collect addresses. While doing my research, I have started to notice the various ways that people post their email addresses to fool spam filters (i.e. bob@hottroutmail.com - go fishing to mail me) What clever ways have you seen/done to fool spambots while still letting people know how to get in contact with you?"

5 of 87 comments (clear)

  1. Add both From: and Sender: headers by Tor · · Score: 2, Informative

    You could add both a "From: " and a "Sender: " header to your usenet/mailing list postings:
    From: you@yourdomain
    Sender: blockme@yourdomain

    You'll gets tons of spam to both addresses (not neccessarily the same spam, unfortunately - that would make filtering real easy). You run SpamAssassin (or similar) to filter mail to your real address, and you run "spamassassin -r" or "razor-report" to handle mails sent to your spamtrap address (making the Razor service, and in turn, SpamAssassin, more efficient at identifying these spams).

    Better yet, if your MTA is Exim, use SA-Exim to add teergrubing functionality to SpamAssassin. Oh, the satisfaction! :-)

  2. My solution... by cmowire · · Score: 3, Informative

    I encode the IP address of whoever's requesting the email address and the current date and time. So each request gets a unique email address.

    The file is forbidden by the robots.txt file. I don't think that it surprises anybody that it still has gotten spambotted. ;)

    --
    Gentoo Sucks
    1. Re:My solution... by Anonymous Coward · · Score: 1, Informative

      Usually the "Remove Me" option is just a method the spammer uses to verify which email addresses are real. If you reply to it, they know you are a real email address and will do quite the opposite than remove you :-)

  3. Shoulders of Giants... by GeorgeH · · Score: 2, Informative

    There's been some research on what methods work best. The CDT put out a paper in March detailing their experiment and its results. It was also covered on Slashdot.

    --
    Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?
  4. Re:Block spammers via DNS by bluelip · · Score: 2, Informative

    for sites that require registraion I identify them in the address itself. It you control the domain, it's ccake to setup/use.

    www.realplayer.com@mydomain.com
    www.gatorbuddy. com@mydomain.com
    www.reallydoesn'tfollowitsprivac ystatement.com@myd omain.com

    It INSTANTLY identifies where the email was scarfed from.

    This also works for snail mail also. I usually use the store/companies name as my firstname. For example, I wanted a Black Diamond catalog. The companies initials are bdel. For my name I gave:

    Bdel Coles

    It was humorous watching the junk mail arrive sent to bdel. Easily tell whether or not your address was sold/rented.

    --

    Yep, I never spell check.
    More incorrect spellings can be found he