Waxy.org is the sandbox of Andy Baio, a journalist/programmer living in Portland, Oregon. I'm the CTO of Kickstarter, created Upcoming.org, and some other stuff too.

Contact Me: log@waxy.org or waxpancake on AIM

Spambots and Dynamic E-mail Addresses

Posted Apr 16, 2002

Phil just came up with a clever variation of Andre's spambot-defeating e-mail trick. On his old site, Andre dynamically displayed the current date as his contact e-mail address (a la 04162002@example.com), and wrote a procmail script to weed out e-mails sent to addresses older than a week.

Instead, use SSI and environment variables to include the client's IP address in the e-mail address. So, @example.com becomes 38.107.191.98@example.com. Now that you have the spambot's IP address, do something creative with it.

8 Comments (Add Yours)

Apr 19, 2002
8:45 PM

Phil wrote:

I think what I'd do is use a procmail script that does a dns lookup on the IP in question, and forwards a copy of the spam to root, abuse, webmaster, and postmaster @ both the ip address in question and the host/isp/etc determined during the lookup. I imagine most would be ignored, but if the generated email was well worded, maybe 1 in 100 would nab someone and get their account suspended/removed, and that would be good enough for me :)

Apr 19, 2002
11:13 PM

Andy Baio wrote:

Yeah, but how would you know which incoming e-mails were spam and which were from unsuspecting people who thought you had a bizarre e-mail address?

Apr 22, 2002
8:15 AM

Phil wrote:

well, if integrated w/ spam assassin, the emails would be passed to the script only if they pass the spam assassin test.

Apr 22, 2002
9:31 AM

Andy Baio wrote:

So if Spam Assassin flags it as spam, add the IP address in the e-mail address to the ban list. Neat.

May 2, 2002
3:20 PM

Ben wrote:

This might be of interest, if you've not seen it already: Address Munging.

Oct 21, 2002
1:08 PM

bk wrote:

Hahaha, did you just pull that IP out of the air? It's mine! lol. I was here looking for the backlinks script and got sidetracked... :P

May 8, 2003
1:28 AM

J i m s t e r wrote:

string1="my.address"
string2="@mydomain.com"
myemail=string1+string2

Implemented in your fave language. Just as long as the complete string is never quoted in full on the page, then the trawlers never get it.

Whaddevva.

Aug 14, 2003
11:03 AM

BEN GRANT wrote:

I really want to know I could get use the spambots. It is interesting to know how it works. Just educative.

Waxy Links

March 16, 2010

Progress Wars — countless hours of fun

March 15, 2010

Piano Improvisation on Chat Roulette — amazing how much creativity the site's inspiring (via)

March 12, 2010

8-Bit Austin — I think I'll use this map to get to Datapop 2010

Spritely, jQuery plugin for sprite and background animation — see also: gameQuery

March 11, 2010

Trololololololo Shreds — some context (via)

Preview of Sword & Sworcery EP for the iPhone — looks unlike anything I've ever seen

Sitby.us — essential iPhone-optimized site for SXSWi session planning

Danc on the release of Ribbon Hero — turning Microsoft Office into a game, with competition against your friends (via)

March 10, 2010

"Play" by David Kaplan and Eric Zimmerman — avatars as Russian nested dolls (via)

Chatroulette Map — I think I'd rather not know, thanks (via)

Steamshovel Harry — not sure how I missed this one last year, metagaming with music by Brad Sucks

El Fin Del Mundo by Alberto González Vázquez — there's so much I love about this, I can't quantify it all (via)

March 9, 2010

Wired Reread, blogging the best ads from '90s-era Wired — also, the complete SPIN archives are on Google Books

Academy Award Winning Movie Trailer — related: McSweeney's categories for the meta-awards (via)

Chris Parnell and Andy Samberg perform Lazy Sunday live — for the first time, backed by The Roots

Adam Savage's pursuit of the perfect Blade Runner gun replica — related: his quest for the perfect replica Maltese Falcon and dodo skeleton

The Panic Status Board — the instant feedback made work more game-like

March 8, 2010

Valve ports game library and Steam service to Mac — Portal 2 will be released for Mac simultaneously with PC, along with "all of our future games"

Maciej Ceglowski on the discovery, loss, and rediscovery of the cure for scurvy — fascinating story of bad science and the unintended effects of new information

March 7, 2010

8-Bit NYC, Brett Camper's videogame map of New York — he's using Kickstarter to expand to 15 other cities worldwide

Sleep Is Death, Jason Rohrer's new conversational two-player game — watch the slideshow for details; I just wish it was on the web instead

Obama appoints Edward Tufte to advise on stimulus transparency — "Maybe I'll learn something."

PS22 Chorus sings Phoenix's Lisztomania — I love how expressive they are

Echo Nest and SCHED's guide to SXSW Music — very nicely done, uses Echo Nest's recommendation engine

GameInformer's Portal 2 exclusive cover story — scans, since it's not on GameInformer's site yet; Valve hired the TAG: The Power of Paint team right out of Digipen

March 5, 2010

Cal Henderson on gaming probability in World of Warcraft — he's collected 118 pets, some of which only drop 1 in 10,000 attempts

March 4, 2010

LiveJournal rewrites outbound links with affiliate codes — looks like the regex was a bit greedy

NYT on Chinese "human-flesh search engines" — very similar to the H+ article on the topic from last year

YouTube launches auto-captioning for all videos — a free, automated audio transcription service based on YouTube should be viable now

OK Go's "This Too Shall Pass" — Rube Goldberg machine built by Synn Labs in Los Angeles