spam bots, this is for you!
 

[url=http://members.hostedscripts.com/antispam.html]Come and get some![/url]

This SEEMS like a good idea, but does it really work? It'd be interesting to find out how a spammer handles this, or if they can even handle it at all.

Spammers also forge return addresses using a name from their database. When they use my return address, will I be the one to get the bounced email?

Whether it works well or not, I like the idea of fighting back in whatever way we can!

It might work better if the bad e-mails weren't just on that one site that the spammers can block.

So here's a bunch copy/pasted from there!

[code]
onzbakzlkv@omhtlisuyvmzhes.net
emqsrxlsla@wzbrlmvaqibujod.com
dmbbrkdtmg@avhmoneydfrzfba.org
mqgisysful@tybpcxzubfuolia.org
pfnyggjxao@dyaitsxtgfxiyej.com
cztuegftmx@rcpnwofkxrujbot.com
uxvgjrjnrn@knsdasxyrrcbrts.org
xcalpavwdv@ikufntzygbwmjwp.com
ruswamsazh@otaecitnrgfjzzx.com
lubbzyewoh@zsdohylyoxuwxat.net
yqbyujpsrh@dowcqaheahrpjqb.com
byencyvemi@auycnccyjbjbuzd.net
uvguzifkmp@rjgctsmgbdqxpze.net
funjdajeub@ptajowdjblhdzjx.org
ibdmwgejmi@qzkfsgpvhystrks.net
xkbdofljyt@dtckvwgoezvupfc.com
wpujcbbnuj@bltubbmazwwphsd.com
xaczxfkvhx@ikydtoixbsfqyga.net
jwtftdqmio@ijmhgzekviwajtq.com
vlhsgvtgfh@jeobwvqkrqxlphs.com
ahqtexyvco@fuqngjnqozqmdcg.org
wovfgndqpo@exjnummcxalgtzw.com
cgxkenenob@eivdktqkdubgqfs.net
yqvtifogvp@fklhseeeyksoocb.com
iilatsucdd@hnvgxiyrzaenvop.net
vypjbibbov@clvdtbtvzlosyjj.org
kagfugyygo@mhmxfuxmzasrxmk.org
llzrkbvvtf@xzkxprsdloohjqp.net
uojswoiqdk@suwbgspandgdiew.org
wynexspdme@dhkdtibafqqzjzc.net
glmfabpslz@nyaanfjincdvwup.net
xlaenushkj@kpcfevfjjfogepy.net
fqsdlcidkx@wrsyrztpjpzmqyk.org
swlpiyesxd@ncapegaavyjajeh.net
stgzfnzxuj@pfofbuhqgsttkry.com
sislaazmhd@jhbktkspnowzzan.org
mwiawndhef@tysnzvdmhrssvpe.org
soufnixeat@stoxgrxyrsswswc.org
ncnhwupiri@eyycnpqkwqyvgbw.net
lmguaxuhrm@qztfcsauuxymgna.org
kyuzpxcuro@vbydwchtshkvgni.org
qjanhtwurv@ufhoquljydxfdka.com
mrtnahvztb@scsuieeoueeyagt.net
slbyoqqarp@zeixwfzkfyeezoq.com
ikmwjodzda@dsuhmozdjmsebky.org
licxshpdrf@wpquahyhjbcbtdo.com
adaxckibds@cwlysmvfisfmkqx.net
rmlvhptjpa@lnlfmdabmwydqbd.net
yaqqpboxbf@zxtybneoqcrpfjr.net
awmsoedhik@plrahpsongpnmwa.net
tcfxovzkzr@ylkmkkksgphzyel.net
jeuyjfmmxu@asbqrbzhglzdqiz.net
qfldxgtzzs@tcetddijlzzpmtv.net
dkzblzoalg@fmiremmvxzlguyg.net
dqdtgbyyae@aoaswzqngcmzmgm.net
reklwpriye@mbizkryclqqdgec.org
ezwdzyjqrw@xuonjrtvitrbzsz.net
rlxifofhpa@sehhotmuegfrgkv.com
yuinighqaf@omvyxmbczjjntpy.org
mystcqgpyh@svkhkmaqqzslmry.net
pagitxlufq@pehdatrsrgzgirr.net
hgmoymhujo@wvajrhqvcshfkds.org
nwhdczkibv@naxthbrbmzsndao.net
cbtcrojiob@wntyqrwukikajde.com
iqpotjkubd@bmwuxptmpkmccax.com
equlukqvue@burllsgnhrddunt.net
cgqqnjkbnp@ljnhwuizmynrwbz.org
fntgsrxesa@yewwnjpxsxkanvi.org
leuleebmzw@nekytovfmudikvg.org
dkmutmvipz@gosfqrldfhhjjbu.com
kygbotjfnf@zkuzdwgzglaffsn.org
qjmqwzogoq@dsalmmuqmthgfeu.net
evlucayqyv@xwmcuumevbgrvuh.com
stokgiympb@bbwkqsvswbsaykl.org
lgfdrpeudo@rubyvnwhhyihoya.net
wzsbyjlyqp@qjrewvtqtmodkry.com
rtuqigkopz@dvzxqcuqwcnizyi.org
averhoyezj@rcwobgvjobiviwt.org
fimjhokojh@rdrsxdduqzckkwy.net
rofbjghnzk@pvzeiwdbdmnavcd.net
lkhxfaqjjd@xlkbodfruavaxpa.net
mzdkvrenmf@rmkyidruugrfwdm.com
pjmflfugyh@ukcedxwmgrqoohx.com
vwippruigg@njcbfyfdoiivdpe.com
uyljoopint@wmusxrgehvozmer.net
ocyaxvzmvo@wejhhmgfrgenptq.net
mddxfquhoc@dzdmybxuhugotnh.net
ojmfedfclb@wvxbugctgfhnrqu.com
cldnvqhlot@tgfhwretwqhvsum.com
iqudupvtiu@avfsxohpswarybm.com
fnvqtrprhm@btnsoidubtqzpwm.org
rmbmhbwqyv@mvfggbkjljpazol.net
jmmjupeoas@wygtlsaatckmcqd.org
mihnndsrmd@qzyhsrkcilysvrb.com
tqvpzhfgvt@buigzhxriabvidc.net
dgkokwglke@abanwcjsnjkvjrr.com
yocxtiakog@pgbnlbyeafrgtvv.com
lacwotpuoh@huivpdmufobimhu.net
xskyimdxsd@ilupezedqqzkruz.net
tlzcpykyfq@kduomzwigeleavl.org[/code]

Come an' get it! :devil:

But it may still do no good if the DNS names are invalid. :no:

Ken the email addresses you just pasted are static.

You probably didn't notice but the ones on the site were dynamically generated by a script on the server.

ie clicking the link which points back at the page would regenerate a DIFFERENT list.

I suspect that some harvesting software may be sensible enough not ignore following links to the same page address, so perhaps more than one dynamic page would be better.

Also one problem is that having harvested software spam generators will attempt to verify addresses. They will send out spam, for example with a very small image link .gif so that for valid addresses, a user viewing the spam will generate a web hit. This confirms that someone received mail to that address. Even if you delete the message, more will be sent. Clearly spam to these random addresses will never get verified this way so the advanced spammer will quickly remove the bogus addresses from their databases.

Another problem is that the domain names are random, as opposed to genuine ones. The spammer can quickly sift their database of garbage by doing domain name lookups for unknown domains. eg hotmail.com may be new so a DNS lookup verifies it, and future hotmail addresses are possible candidates whereas @myrandombogusdomainfdhjsjkfjhk will never be accepted as valid because a DNS lookup fails.

To save DNS lookups and associated time/bandwidth, a smart spammer may even decide to just accept harvested addresses using the 1000 commonest domains for addresses. They will quickly build their own list (or if you like "cache") of these eg yahoo.com, aol, etc. Therefore a domain never seen before (in the list) can simply be discarded.

I think the page is a good effort so the link to it here in the forum may inconvenience SOME spammers.

However as I have explained, there are some simple techniques that can severely diminish its effectiveness.

If for example the page were to generate random addresses AT common email domains like [email]gfhkdhgkdfh@hotmail.com[/email] etc then these would be more difficult.

Further if I include on such a page a [email]traceharvest@myantispamdomain.com[/email] then I could use custom software to recognise mail to that address as spam and contribute the message to a database of mails to be rejected (from any address)

Further, if these emails contain a hidden .gif or similar lookup (typically used to verify addresses) these can be identified and traced automatically. Unlike mail addresses which can be spoofed, these verifications must be made to real servers whose logs are used by the spammers to update their database.

Messages to the upstream ISP where these machines are hosted may point out if it violates their AUP agreement, and *might* get the site taken down.

All in all, spam is not a simple problem to solve, whatever is put forward.

One approach is to obfiscate email addresses online eg [email]johnremovethis.smith@microsoft.com[/email]

Another approach is to make your email address on your webpage in the form of an image.gif displaying the address in a particular font or mix of fonts.

Tests have shown that putting your address as a mail to link on your page typically gets harvested and spam sent to it.

Also be careful what sites you give your address out to, and whether they display this on pages in forums etc. mersenneforum.org is fine in this respect because it uses nicknames.

I'll have to say, this script is quite old. A lot of more advanced spam bots can probably auto-delete bounced mail, etc.

I'm hoping there's a DC aspect that can be used to help fight spam. If anyone knows of a way that a grunt like me can help fight spam, please send me a PM. Btw, I'm already familiar with the obvious ones: (1) Don't reply to an unsolicited email, don't hand out your email to a site you don't trust, etc.

thanks

[QUOTE=Peter Nelson]Another approach is to make your email address on your webpage in the form of an image.gif displaying the address in a particular font or mix of fonts.[/QUOTE]

eMail address harvesting scripts are often optimize for speed - so I guess most of them only check for traps, but don't do extensive scanning such as ORC of gif files or looking for "removethis".
It just takes too much time - you can find maybe 10 more addresses in that time. In addition, those who use these obfuscations aren't the target group for spammers...

[QUOTE=Peter Nelson]Also be careful what sites you give your address out to, and whether they display this on pages in forums etc. mersenneforum.org is fine in this respect because it uses nicknames.[/QUOTE]We have our member list disabled for this very reason...

[url]http://www.mersenneforum.org/memberlist.php?[/url]

Project Honey Pot
 

[url]http://www.projecthoneypot.org[/url]
Why not sign up for this to?
Get the harvesters :coffee:

[QUOTE=jasong]I'm hoping there's a DC aspect that can be used to help fight spam. If anyone knows of a way that a grunt like me can help fight spam, please send me a PM. Btw, I'm already familiar with the obvious ones: (1) Don't reply to an unsolicited email, don't hand out your email to a site you don't trust, etc.

thanks[/QUOTE]

Once upon a time there was a DC project called "Make Love Not Spam" but it was (unfortunately) illegal or something and got shut down.
[url]http://www.distributedcomputing.info/recent.html[/url]
Now the Net is crawling with viruses by that name, so don't try to download it from any place! It's dead! :sad: