How Do You Fool Spam Bots?

ThisIsAnExampleAccou asks: "I am currently researching Spam Bots, and the various methods by which they collect addresses. While doing my research, I have started to notice the various ways that people post their email addresses to fool spam filters (i.e. bob@hottroutmail.com - go fishing to mail me) What clever ways have you seen/done to fool spambots while still letting people know how to get in contact with you?"

Re:I don't.

[Alan+Shutko]

I post my address unobfuscated, you insensitive clod!

Ditto. Google my address and you'll find it in mailing lists, Usenet, web pages. It's everywhere. It's also about 4 years old, I think.

I don't believe in making people jump through hoops to get in touch with me. And as you've noted, you have to make your email address increasingly more obfuscated to keep it off of lists. And if one of your friends or family gets a virus or sends you an e-card, your address is "contaminated" and you'll get junk.

Instead, I run bogofilter and deal with it. I don't have to constantly send out new addresses to people. If a friend from elementary school wants to look me up, he can find me. (And yes, that's happened.) And people can actually hit "reply" on messages I post. Wow.

I have a million addresses....

[crstophr]

You just need your own domain... where you can recieve email for any address at that domain.

Every time I give out an email address to someone new I give them a unique email address. Every time I put my email into a web form for some company they get it in the following format:

companyname@mydomain.com

friends can get silly things like:
spankie@mydomain.com or whatever.....

other examples:
planetside@myname.com
jobs@myname.com
bioinformatics@myname.com

Then, if I begin recieving spam on one of the addresses I know exactly who it is coming from or who at least is responsible for giving out my email address. I can also go in and specifically turn off the offending email address, or better yet have each mail recieved fire off a "custom" error message or some script I have setup.

I've been using this method for a year and believe it or not I don't recieve more than 1 spam mail a week and never recieve it more than once on any given address. What is wonderful is that I have no fear or worry about giving out email addresses any more.

--Chris

Re:I have a million addresses....

[skinfitz]

This is a technique I described at DNSCON last year.

I go one further though - once you start to get spam to an address that you registered with a specific company (say ticketmaster@mydomain.com for example) then reroute all mail to that address to the relevant abuse reporting addresses.

The result? By spamming you they automatically report themselves while you never see the spam.

My solution...

[cmowire]

I encode the IP address of whoever's requesting the email address and the current date and time. So each request gets a unique email address.

The file is forbidden by the robots.txt file. I don't think that it surprises anybody that it still has gotten spambotted. ;)

GIF

[Detritus]

I recently tried to email the maintainer of a web page and quickly discovered that the listed email address wasn't text, it was rasterized text in a GIF file. Unless the bot can do OCR, it can't read it. The only problem is that this trick is hostile to the blind.

Block spammers via DNS

If you have your own domain you can do this:

I set up 1000 mx records like mail0001.mydomain.com, mail0002... etc. Then I setup my mail program with myaddress@mail0001.mydomain.com. Every time I sent mail to someone I would increment the number by one. Whenever one of those addresses got spammed I would delete the MX record. And I would know which asshole spammed me.

The nice thing about blocking spam via DNS is that the spammers never connect to your SMTP server, which saves a lot of bandwidth.