What is OpenID?

Getting info about spam harvesters

March 24, 2006 - 8:19am
bobbymac
bobbymac's picture
Joined: 11/28/2008

I was thinking about how it would be nice to know who it is who harvests email addresses from web pages. I mean, it's easy enough to try to get info about who sends the spam, but what about the dudes up the food chain who sell those email addresses. Here's my plan.

On pages generated by PHP (or other server-side languages), I put the following code:

CODE
<?php
echo "<a class="hidden" href="mailto:{$_SERVER['REMOTE_ADDR']}_{$timestamp}_{$pageid}@myspamdomain.com">Haha</a>
?>

Have a catchall email address at myspamdomain.com (which could have a server-side processing script atttached), and log the results.

What do you reckon?

Paul Davey
Whitford Church
"Everyone who calls on the name of the Lord will be saved." Romans 10:13
"For all have sinned and fall short of the glory of God, and are justified

March 24, 2006 - 2:11pm
songdove
songdove's picture
Joined: 11/28/2008
That wouldn't tell the

That wouldn't tell the difference between someone legitimately wanting to click the email to send legit feedback/questions/etc, and a spammer, but it would potentially allow for reporting to find out if the same IP is being used too often. Knowing that the harvester and the sender can be two different IP addresses, the chances of finding links to prosecute with might be at best 50%. We do know that harvesters are out there and finding a way to clamp down on them might be closer to hitting spammers than simple filtration software.

We sacrifice all that we are and all that we love for the greater good -- the One above.
Visit me at http://www.thesswatteam.org, http://ww

March 24, 2006 - 2:39pm
Sun&#39;d
Sun&amp;#39;d's picture
Joined: 11/28/2008
Very interesting idea...Have

Very interesting idea...Have you noticed any trends yet?

QUOTE
That wouldn't tell the difference between someone legitimately wanting to click the email to send legit feedback/questions/etc

I think he was going to hide it via CSS, so only bots would be picking it up.

Elliot Swan |

March 24, 2006 - 7:56pm
songdove
songdove's picture
Joined: 11/28/2008
Ah, that would work for the

Ah, that would work for the desired test then. You know, if it gets usable stats, maybe you could hook up your results with a couple of the antispam registries out there who try to prosecute those they track. I can't remember their names now, but alot of the spamfilter software programs pull their information from these repositories.

We sacrifice all that we are and all that we love for the greater good -- the One above.
Visit me at http://www.thesswatteam.org, http://ww

March 25, 2006 - 2:23am
bobbymac
bobbymac's picture
Joined: 11/28/2008
I haven't actually done it

I haven't actually done it yet, sorry I was just talking my way through it. But I will let you know.

Paul Davey
Whitford Church
"Everyone who calls on the name of the Lord will be saved." Romans 10:13
"For all have sinned and fall short of the glory of God, and are justified

March 25, 2006 - 2:45am
bobbymac
bobbymac's picture
Joined: 11/28/2008
Problem is, if their server

Problem is, if their server checks for existence of the mailbox (as opposed to just sending it), the catch-all doesn't get the email, it bounces. At least, I haven't been able to test it out myself. But maybe spammers are less discerning.

Hmmm /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />

Paul Davey
Whitford Church
"Everyone who calls on the name of the Lord will be saved." Romans 10:13
"For all have sinned and fall short of the glory of God, and are justified

  • Read Reviews
  • About The Show
  • View Tutorials