Waxy.org is the sandbox of Andy Baio, a journalist/programmer living in Portland, Oregon. I'm the CTO of Kickstarter, created Upcoming.org, and some other stuff too.

Contact Me: log@waxy.org or waxpancake on AIM

Spambots and Dynamic E-mail Addresses

Posted Apr 16, 2002

Phil just came up with a clever variation of Andre's spambot-defeating e-mail trick. On his old site, Andre dynamically displayed the current date as his contact e-mail address (a la 04162002@example.com), and wrote a procmail script to weed out e-mails sent to addresses older than a week.

Instead, use SSI and environment variables to include the client's IP address in the e-mail address. So, @example.com becomes 38.107.191.84@example.com. Now that you have the spambot's IP address, do something creative with it.

8 Comments (Add Yours)

Apr 19, 2002
8:45 PM

Phil wrote:

I think what I'd do is use a procmail script that does a dns lookup on the IP in question, and forwards a copy of the spam to root, abuse, webmaster, and postmaster @ both the ip address in question and the host/isp/etc determined during the lookup. I imagine most would be ignored, but if the generated email was well worded, maybe 1 in 100 would nab someone and get their account suspended/removed, and that would be good enough for me :)

Apr 19, 2002
11:13 PM

Andy Baio wrote:

Yeah, but how would you know which incoming e-mails were spam and which were from unsuspecting people who thought you had a bizarre e-mail address?

Apr 22, 2002
8:15 AM

Phil wrote:

well, if integrated w/ spam assassin, the emails would be passed to the script only if they pass the spam assassin test.

Apr 22, 2002
9:31 AM

Andy Baio wrote:

So if Spam Assassin flags it as spam, add the IP address in the e-mail address to the ban list. Neat.

May 2, 2002
3:20 PM

Ben wrote:

This might be of interest, if you've not seen it already: Address Munging.

Oct 21, 2002
1:08 PM

bk wrote:

Hahaha, did you just pull that IP out of the air? It's mine! lol. I was here looking for the backlinks script and got sidetracked... :P

May 8, 2003
1:28 AM

J i m s t e r wrote:

string1="my.address"
string2="@mydomain.com"
myemail=string1+string2

Implemented in your fave language. Just as long as the complete string is never quoted in full on the page, then the trawlers never get it.

Whaddevva.

Aug 14, 2003
11:03 AM

BEN GRANT wrote:

I really want to know I could get use the spambots. It is interesting to know how it works. Just educative.

Waxy Links

November 7, 2009

NYT visualizes the unemployment rate for different demographics — 48.5% of young black men without a high school degree; 3.6% of college-educated white women over 25

November 6, 2009

Another World level ported to Javascript — in other emulation news, a NES and Gameboy emulator in JS and SNES9x ported to Flash (via)

Blocktronics' ANSI art tribute to RaDMaN — powered by Viewtronics, Peter Nitsch's gorgeous new Flash 10 ANSI viewer (via)

Aaron Straup-Cope leaves Flickr, joins Stamen Design — one of my favorite geeks joins one of my favorite companies

Unreal Engine 3 development kit now free for non-commercial use — huge announcement, along with the recent free release of Unity Indie

The Big Picture's series on Martian landscapes — Kai's Power Tools in real-life (via)

November 5, 2009

Preview of McSweeney's Panorama, their one-shot newspaper — as expected, looks incredibly great (via)

The Grant-Pattishall Award — congrats, Kellan! (via)

Birdhouse for Your Soul — Greg Knauss finds one small piece of the historical web

Google open-sources Closure Tools — JS compiler, along with Google's huge widget library (via)

Video montage of actors speaking the movie's title — great comments with some missed opportunities; "You talkin' to me? You talkin' to The Taxi Driver?"

The Morning News' Cloud of Atlases — impossible to guess, but look at all the pretty colors

American Airlines fires UX designer for explaining why their UX isn't great — a lapse of judgment from both American Airlines and an employee who cared too much

November 4, 2009

Overheating, photo series of gadgets thrown through walls — from issue 6 of Amusement, the incredible French gaming culture magazine (via)

Ricardo Autobahn's The Golden Age of Video — insane pop culture video mashup

November 3, 2009

The Last Days of Gourmet — sad photo series, reminds me of the dot-com carnage photos

Put This On — first episode of Jesse Thorn and Adam Lisagor's Kickstarter-funded video series on clothing

Jono Bacon's The Art of Community released for free download under CC license — looks fantastic and worth buying (via)

Eric Testroete's papercraft portrait Halloween costume — incredibly creepy, like videogames leaking into the real world (via)

November 2, 2009

Mark Pilgrim's history of the IMG element — told through annotated conversations from 1993 (via)

Every vandalism edit to Nickelback's Wikipedia page — I wonder which edits managed to stay in the longest without detection

November 1, 2009

Mike Pusateri's Halloween costume data collection — for the fifth year, he's collected every costume name; this year, "nothing" spiked to #2

XKCD's movie narrative charts — here's a more serious attempt at Primer's timeline

October 30, 2009

GameCity Squared's 15-Pixel Megamix — extremely minimalist interpretations of 12 different games

October 29, 2009

Lauren McCarthy's Happiness Hat — it measures your smile and stabs you if you're not smiling sufficiently (via)

October 28, 2009

Auto Tune de Nieuws — needs an angry Dutch gorilla

Facebook prank memorializes living person — the Facebook team should allow an email veto, or at least require better documentation (via)

2D Boy's pay-what-you-like World of Goo results wrapup — don't miss the breakdown by OS and country (via)

FreeForm's short film on the Open Internet — impressive set of interviewees, directed by Jesse Dylan of Yes We Can fame

Using Flickr as a paintbrush — coloring overhead maps based on the dominant colors of photos taken on the ground (via)