I keep coming back to this spam-issue :p
Tar pits sounds like a good idea..
I've been thinking about how the spammers get their addresses, and how to prevent them from getting hold of real, valid emails.
Posted some on it here a month ago or something, on how to protect the mails on webpages.
As it seem, there are several methods in use:
Good ole webcrawling.
Wicked robots traverse the net collecting addresses by identifying syntax, then (maybe) "washing" it for validation.
The idea is based on bulk, and the syntax-checking must be simple - that is, if you screw up the syntax, the address will be discarded as a flunkie.
One must presume that measures as robots.txt and other NOINDEX-statements is set to be overrided by these robots. These measures are recommendations anyway, not prohibitions.
Domain spamming.
Find a domain, generate a few million combinations of letters (based on common nicknames from lists?), then "bruteforce" by sending all. Possibly there is some sort of validation based on wether or not the mail returns a daemon?
Anyway, who cares if two million mail flunks if 50 arrive?
It's all about computing power, and the "costs" are low.
Public shitlists.
Oh yes, they exist ;-)
I once reported a norw. guy posting child-porn at usenet, to abuse @ his provider. Stupid me felt that I should somehow inform him about this, and sent a copy to his emailaddress.
One week later the spamflow increased by 1500% ...
Wether or not it is a public shitlist: one must presume that there's some lists circulating among the spammers, lists worth gold because they contain checked, valid addresses.
Usenet.
Usenet was the origination of spam, and the spamflow, virus-spread and of course the long and grueling flame-wars has made usenet useless IMHO.
Especially the erm.. binary-groups are bad.
Anyway, posting to usenet requires a fake mailaddress in the user agent. NO_SPAM-statements and other obfuscation doesn't work, because of the protocol, which specifies fields like X-sender, From, Return-Path and so on. Actually there's no limit to what data the spammers may glean from posts, because each message has a full header containing loads of "personal" data.
What to do about it?
Well, one thing is legislation, but there's no real political will to do anything - especially in the US, where 90% of the spam originates.
One wonders if the emails of US senators and government are removed from the spammers lists, so they don't see it as a problem? :p
I've started thinking about striking back at these shitbags (the spammers - not the US. govt 😉 ), and provide some info on how to protect the address on the web.
Basically it all comes down to information: to fool the current generation of robots isn't difficult, just disturb the syntax, and they'll be off to somewhere else.
Here's one method:
http://www.boomdesign.no/files/zip/nospam_php_js_v1.zip
That's all about protection, but is there other ways to disturb their routine? Well, have a look at all my friends emails:
http://home.no.net/dorian/emails.php
This script generates 500 fake emails on load, designed to give them robots some fodder, heehheeh. I've put it in the root folder of all our domains.
Q: is this gonna help?
A: Haven't got a clue
It was fun to make, though. And just the picture of the little robots yelping happily over finding such an goldmine, then feeling snubbed when they all flunks on sending, well... 😃
Here it is for dld, anyway:
http://www.boomdesign.no/files/zip/email_faker.zip
Possibly this is gonna increase the spam-traffic on the net even further, and is a bad thing.
Opinions?
knutm :-)
