Waxy.org is the sandbox of Andy Baio, a journalist/programmer living in Portland, Oregon. I work on Kickstarter, created Upcoming.org, made an album, and some other stuff too.

Contact Me: log@waxy.org or waxpancake on AIM

Spambots and Dynamic E-mail Addresses

Posted Apr 16, 2002

Phil just came up with a clever variation of Andre's spambot-defeating e-mail trick. On his old site, Andre dynamically displayed the current date as his contact e-mail address (a la 04162002@example.com), and wrote a procmail script to weed out e-mails sent to addresses older than a week.

Instead, use SSI and environment variables to include the client's IP address in the e-mail address. So, @example.com becomes 38.107.191.117@example.com. Now that you have the spambot's IP address, do something creative with it.

8 Comments (Add Yours)

Apr 19, 2002
8:45 PM

Phil wrote:

I think what I'd do is use a procmail script that does a dns lookup on the IP in question, and forwards a copy of the spam to root, abuse, webmaster, and postmaster @ both the ip address in question and the host/isp/etc determined during the lookup. I imagine most would be ignored, but if the generated email was well worded, maybe 1 in 100 would nab someone and get their account suspended/removed, and that would be good enough for me :)

Apr 19, 2002
11:13 PM

Andy Baio wrote:

Yeah, but how would you know which incoming e-mails were spam and which were from unsuspecting people who thought you had a bizarre e-mail address?

Apr 22, 2002
8:15 AM

Phil wrote:

well, if integrated w/ spam assassin, the emails would be passed to the script only if they pass the spam assassin test.

Apr 22, 2002
9:31 AM

Andy Baio wrote:

So if Spam Assassin flags it as spam, add the IP address in the e-mail address to the ban list. Neat.

May 2, 2002
3:20 PM

Ben wrote:

This might be of interest, if you've not seen it already: Address Munging.

Oct 21, 2002
1:08 PM

bk wrote:

Hahaha, did you just pull that IP out of the air? It's mine! lol. I was here looking for the backlinks script and got sidetracked... :P

May 8, 2003
1:28 AM

J i m s t e r wrote:

string1="my.address"
string2="@mydomain.com"
myemail=string1+string2

Implemented in your fave language. Just as long as the complete string is never quoted in full on the page, then the trawlers never get it.

Whaddevva.

Aug 14, 2003
11:03 AM

BEN GRANT wrote:

I really want to know I could get use the spambots. It is interesting to know how it works. Just educative.

Waxy Links

September 1, 2010

Bear's Double Rainbow ad for Microsoft — also: meet Bear (via)

First details on Telltale's episodic Back to the Future game emerge — they also secured rights to make games based on Jurassic Park

Cee Lo Green's official video for F**K YOU — even better than the typography video, I'm perfectly content to have this song stuck in my head 24/7

Slate interviews Innocence Project cofounder about false convictions — over 250 people have been freed by new DNA evidence, many of them with false confessions

Unreal Engine 3 tech demo Epic Citadel for the iPhone/iPad — impressive tech demo, now available for free

GameSetWatch covers Assembly 2010's PC demo contest — if you have the hardware, I highly recommend trying out the two winners yourself

Apple announces Ping, a social network built into iTunes — their first foray into social, finally; seems inevitable that app/location/TV/music sharing will follow

August 31, 2010

All four issues of Daniel Raeburn's The Imp available for free download — highly recommended, covers Daniel Clowes, Jack Chick, Chris Ware, and dirty Mexican comics (via)

Eclectic Method's 8-bit Mixtape — not particularly great music, but the visuals make it (via)

Vanity Fair's glimpse into the day in the life of the President — long, must-read look at the insane complexity of today's political landscape

Lanyrd, social conference directory — brilliantly executed social event discovery; it should be pronounced "La Nerd"

Copyrighting Fashion — a new bill would subject fashion to copyright, but at what cost?

Tom Scott's Evil hack shows phone numbers exposed by Facebook users — culled from public "lost my phone" groups

Unhear It — replace one earworm with another

August 30, 2010

Stay Free's Illegal Art mix tape — the files all moved here

Mads Peitersen's paintings of gadget anatomy — love the iPhone guts (via)

Hark! A Vagrant's Nancy Drew covers — previously: the Gorey covers

Markov chaining Kickstarter blurbs — this also doubles as a Kickstarter project idea generator

Pomplamoose teams up with Ben Folds & Nick Hornby — Hornby wrote all the lyrics for Folds' new album (via)

The Wilderness Downtown — an HTML5 music video for Arcade Fire with some fun geo integration

August 29, 2010

Swarmation — like musical chairs for pixels (via)

August 28, 2010

Disney remixes old cartoons into "Blam!" — truly awful

August 27, 2010

PieLabPDX food cart makes customers play games to buy pie — they had to win a game of Rock Scissors Paper to get their choice

Dirpy — convert YouTube videos to MP3s with surprisingly deep transcoding options

Indie Game: The Movie interviews Adam Saltsman on Canabalt — every one of these shorts gets me more excited for the full-length film

August 26, 2010

Jerry Stiller Unscripted — an adorable encounter with the owners of the Costanza house

Members of Paramore, New Found Glory, and Relient K cover "Bed Intruder Song" — the original broke the Billboard Top 100 (via)

Happylife — prototype device ambiently shows a family's collective mood (via)

"Learning to Be Me" by Greg Egan — a better-written short story with a similar theme as "Where Am I?"

"Where Am I?" by Daniel Dennett — short sci-fi story from 1978 about where consciousness resides (via)