You've never seen this before? That honestly surprises me. I've been getting spam for years with l33tsp33k and misspellings to make the spam comprehensible, while not using the keywords that a lot of filters block. At this very moment, I have a spam in my mailbox on the server with "VIA.GRA" in the subject. The problem with this is that there are only so many ways to break up the word without destroying its meaning. Some filters may even be smart enough to just weed the extra junk out. A rule something like "If word_in == a.b.c.d then word_out = abcd" that would convert the obscured word into the intended word, which could easily be filtered with the regular filtering rules.
You've all probably seen the %20 code in place of a space in a URL. Note that by the RFCs, there should never be a space in a URL, only a %20...
Anyway, you can use something similar to that with your email address. NATATA Anti-Spam
Encoder will convert your whole email address into the code for each character. Browsers automatically decode these (just like the %20 in a filename gets converted to a space when you save it), but there's no email address in the source of the page.
@ is the code for @. To get the code to appear on an HTML page, you have to use "ampersandampsemi-colon#64". If you just type out the four characters, the browser will decode it into @.
. is the code for . if you want to sub that in also.
I realize that these aren't the end-all solution to stopping harvesting programs, but they do work well. I downloaded Atomic Email Hunter (the only free harvesting program I could find) and did some testing. After just changing every @ to @ it did not find any email addresses on the page. In contrast, putting in the URL to a phpBB2 thread yielded the email address of every person who had posted in the thread. With the codes, it looks exactly the same to users but at least some spambots are stopped.
Unfortunately, the more this is used, the more bots will be coded to handle these things. For now though, it does help.
I have to disagree. I worked for a small company whose only connection option was a cable modem. We had a "business" account, with static IPs and servers specifically allowed by the ToS. I set up a Linux (E-smith to be exact) mail & web server/gateway. Not an open relay (authenticated SMTP for remote users).
We were put on some DNS blacklists just because the IP addresses were assigned by DHCP. Didn't matter that it was a business acount, with static IPs ("reserved DHCP"), running secure server software. Simply the fact that we were on a cable modem in the ISP's DHCP range got us on a couple blacklists. As far as I know, they're still on at least one of those.
That's the problem with server blacklists. Unless you manually verify each one, you're going to get collateral damage where innocent servers are blocked. Nobody seems to care about this until they're the innocent server.
Remember that we don't need to totally stop the transmission of all spam emails for spam to become ineffective. If everyone deleted every spam they got, spam would no longer generate any revenue. Actually, you'd only have to get rid of every spam going to everyone who actually buys the spamvertised goods. Once nobody is buying anything, the tiny cost of sending email (electricity, ISP, labor, etc.) will outweigh the advantages. The spammers who understand simple math will realize they're losing money overall by spamming, and will choose to stop.
So go install a good, easy to use spam filter for someone you think might actually buy something spamvertised. Once we stop all their spam, all spam will stop.
Another vote for domain registry. I registered a domain name through NameZero. Any unknown alias at my domain would go to my main mail account. NameZero used a "contact" alias for the registration. It had never been used up to that point, and I never used it for anything else afterwards. I'd say that about 90% of my spam came in under that alias.
I also downloaded an email harvesting program to test some anti-harvesting ideas on webpages. The user email buttons on each phpBB2 post are harvestable. I don't know how many people actually use the harvesters anymore, but some simple tests with the default settings on one thread gave me tons of email addresses.
Has anyone come up with a decent client program for any of these projects? I've been running distributed.net's RC5 client for years. Of all the projects I've tried, it's the only good program I've come across. It actually runs as a service with 0 priority, so it really does use unused cycles, unlike the screensavers which only work when you're away from your PC (and if you use a screensaver). Have the other programs gotten better, or are they the same as when I looked at them way back?
Slashdot Mirror
You've never seen this before? That honestly surprises me. I've been getting spam for years with l33tsp33k and misspellings to make the spam comprehensible, while not using the keywords that a lot of filters block. At this very moment, I have a spam in my mailbox on the server with "VIA.GRA" in the subject. The problem with this is that there are only so many ways to break up the word without destroying its meaning. Some filters may even be smart enough to just weed the extra junk out. A rule something like "If word_in == a.b.c.d then word_out = abcd" that would convert the obscured word into the intended word, which could easily be filtered with the regular filtering rules.
Anyway, you can use something similar to that with your email address. NATATA Anti-Spam Encoder will convert your whole email address into the code for each character. Browsers automatically decode these (just like the %20 in a filename gets converted to a space when you save it), but there's no email address in the source of the page.
@ is the code for @. To get the code to appear on an HTML page, you have to use "ampersandampsemi-colon#64". If you just type out the four characters, the browser will decode it into @.
. is the code for . if you want to sub that in also.
I realize that these aren't the end-all solution to stopping harvesting programs, but they do work well. I downloaded Atomic Email Hunter (the only free harvesting program I could find) and did some testing. After just changing every @ to @ it did not find any email addresses on the page. In contrast, putting in the URL to a phpBB2 thread yielded the email address of every person who had posted in the thread. With the codes, it looks exactly the same to users but at least some spambots are stopped.
Unfortunately, the more this is used, the more bots will be coded to handle these things. For now though, it does help.
We were put on some DNS blacklists just because the IP addresses were assigned by DHCP. Didn't matter that it was a business acount, with static IPs ("reserved DHCP"), running secure server software. Simply the fact that we were on a cable modem in the ISP's DHCP range got us on a couple blacklists. As far as I know, they're still on at least one of those.
That's the problem with server blacklists. Unless you manually verify each one, you're going to get collateral damage where innocent servers are blocked. Nobody seems to care about this until they're the innocent server.
Remember that we don't need to totally stop the transmission of all spam emails for spam to become ineffective. If everyone deleted every spam they got, spam would no longer generate any revenue. Actually, you'd only have to get rid of every spam going to everyone who actually buys the spamvertised goods. Once nobody is buying anything, the tiny cost of sending email (electricity, ISP, labor, etc.) will outweigh the advantages. The spammers who understand simple math will realize they're losing money overall by spamming, and will choose to stop.
So go install a good, easy to use spam filter for someone you think might actually buy something spamvertised. Once we stop all their spam, all spam will stop.
I also downloaded an email harvesting program to test some anti-harvesting ideas on webpages. The user email buttons on each phpBB2 post are harvestable. I don't know how many people actually use the harvesters anymore, but some simple tests with the default settings on one thread gave me tons of email addresses.
Has anyone come up with a decent client program for any of these projects? I've been running distributed.net's RC5 client for years. Of all the projects I've tried, it's the only good program I've come across. It actually runs as a service with 0 priority, so it really does use unused cycles, unlike the screensavers which only work when you're away from your PC (and if you use a screensaver). Have the other programs gotten better, or are they the same as when I looked at them way back?