Spam Poison

I’ve never understood the rationale behind the various web scripts that claim that they are ‘poisoning’ spammers lists.

They claim that, by putting a bunch of garbage email addresses on a web page and encouraging spammers to harvest   the page, they are poisoning a spammers email list and thus making the list useless so that they will discard the list.

Where did they ever get the idea that spammers CARE about the good & bad addresses that they harvest.   Considering how much it costs them to send spam, they wouldn’t are one lick if 90% of the addresses on their list is valid or not.   Especially since most spam sent these days is done by infected personal computers controlled by ‘bot herders‘.

I often watch the log file on my mail server … and observe the servers trying to deliver mail to mangled and non-existent addresses.   It’s clear the sending system is just blasting names at my server without any consideration if the address exists or not.   My mail server software (sendmail) had an option to throttle the connection of any system that gets more than a certian number of bad addresses.   I also have a script that monitors for that behavior and adds a firewall rule to completely block such systems.

My advice to those who create such scripts … focus your energies elsewhere … right now you’re just wasting your time.

Oh, by the way, for those of you who are trying to use “User-Agent” lists to block harvesters … don’t waste your time on that either.   Harvesters, like spammers, will never clearly identify themselves as such … and will use a completely legitimate user agent when spidering your website.   Additionally, they will absolutely ignore any robots.txt file that you have in your site.

There are, however, systems that use a somewhat similar technique to stop spammers … but are much more effective.   Instead of just trying to poison a spammers list … they use traceable email addresses.   This means that, when a harvester visits a page with this traceable email address, they log the IP the harvester is using and the email address that is harvested.   This way, when spam is sent to the address, they know when and how the address was harvested and where it was sent from.   Theoretically the spammer is reported both to the ISP that the mail was sent through AND the ISP that was used to harvest the address.   Project Honeypot is one such anti-harvester organization.

5 thoughts on “Spam Poison

  1. Pingback: Spammy Harvesting | The Geekery

  2. Al Macintyre

    I use knujon (no junk backwards) which reports troublemakers to relevant e-police for whatever evil they pushing (phishing, scam, counterfeiting, id theft, whatever) and helps them with their change of address to live in prison. End result is astronoomical reduction in spam to me, by the e-criminals not yet behind bars.

  3. david

    Al: To be honest, I don’t see how knujon can do anything to reduce the amount of spam you receive. Reporting spammers to the authorities is a waste of time, because the authorities usually have no power to impose penalties.

    Only a handful of spammers have actually been prosecuted … and, in at least one case, the decision was overturned.

    Most spammers operate outside the US (even if they are located IN the US). The SEC, FDA, etc, have no authority.

  4. Al Macintyre

    Prior to joining KNUJON, I forwarded spam to the FTC & you are correct, the authorities just maintained statistics, my spam continued to grow. But since I joined KNUJON, my spam has taken a huge nosedive in volume, from hundreds per day to less than a dozen a week, the SEC enforcement division has taken punitive action against people doing stock swindles in the spam I forwarded, thousands of spammers have lost their ISP accounts, and some ISPs have been put out of business.

    Depending on how the current fight at ICANN goes (domain registrars that support large scale cyber crime, we may see a further drop.

  5. david

    What you are observing is, IMO, purely coincidence … a major spam hosting ISP was taken down last month (lifehacker had a article on it) … which probably accounts for the drop in spam you are receiving.

    Nobody is investigating individual spam reports these days.


Leave a Reply

Your email address will not be published. Required fields are marked *