Spambots and Dynamic E-mail Addresses

Phil just came up with a clever variation of Andre’s spambot-defeating e-mail trick. On his old site, Andre dynamically displayed the current date as his contact e-mail address (a la [email protected]), and wrote a procmail script to weed out e-mails sent to addresses older than a week.

Instead, use SSI and environment variables to include the client’s IP address in the e-mail address. So, <!–#echo var=”REMOTE_ADDR” –>@example.com becomes @example.com. Now that you have the spambot’s IP address, do something creative with it.

8 thoughts on “Spambots and Dynamic E-mail Addresses

  1. I think what I’d do is use a procmail script that does a dns lookup on the IP in question, and forwards a copy of the spam to root, abuse, webmaster, and postmaster @ both the ip address in question and the host/isp/etc determined during the lookup. I imagine most would be ignored, but if the generated email was well worded, maybe 1 in 100 would nab someone and get their account suspended/removed, and that would be good enough for me 🙂

  2. Yeah, but how would you know which incoming e-mails were spam and which were from unsuspecting people who thought you had a bizarre e-mail address?

  3. well, if integrated w/ spam assassin, the emails would be passed to the script only if they pass the spam assassin test.

  4. Hahaha, did you just pull that IP out of the air? It’s mine! lol. I was here looking for the backlinks script and got sidetracked… 😛

  5. string1=”my.address”

    string2=”@mydomain.com”

    myemail=string1+string2

    Implemented in your fave language. Just as long as the complete string is never quoted in full on the page, then the trawlers never get it.

    Whaddevva.

  6. I really want to know I could get use the spambots. It is interesting to know how it works. Just educative.

Comments are closed.