LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

How the spammers find you

How the spammers find you

Posted Apr 17, 2003 12:52 UTC (Thu) by hansl (subscriber, #5086)
Parent article: How the spammers find you

"By far the most spam was sent to addresses harvested from web pages"

This little trick that we apply here might interest you. Put this in the source of
one (or more) of your web pages:

<!-- Don't send e-mail to this address!!! It is used to catch spammers -->
<a href="mailto:spamtrap@lwn.net"></a>

Next, create a script that can

1. extract the IP adres of a mailserver that delivered a message to
spamtrap@lwn.net from your mailserver log file.
2. Add an entry to your mailserver blacklist

Then create an account called spamtrap and e.g. spend it an appropriate
.procmailrc or alias spamtrap to "|/somewhere/script.sh". Anything to
cause the script to get run when a mail is sent to spamtrap@lwn.net
will do. That's it, you'll receive a lot less spam!

(Log in to post comments)

How the spammers find you

Posted Apr 17, 2003 17:08 UTC (Thu) by cpeterso (subscriber, #305) [Link]

what happens when the IP address of the spam origin mailserver belongs to AOL? Should you block all AOL users? ok, AOL might be a bad example, but blindly blocking any mailserver might be too aggressive.

How the spammers find you

Posted Apr 18, 2003 13:06 UTC (Fri) by hansl (subscriber, #5086) [Link]

I should have mentioned that besides the blacklist we also maintain a
whitelist where most mailservers are listed now from which we have
received one or more legitimate emails.

I agree that this is a forceful method, but since the introduction of
DNS blacklists a couple of years ago spammers have not been sitting
still, and are moving towards the use of dial-up networks on which they
try to plant trojans and virii that will act as spam injectors.

Blocking dial-up networks is not too agressive in my opinion, since you
can expect ISP's to provide an MTA to their customers (that usually sits
outside their dial-up range). You can trust most ISP's mailservers like
AOL's a lot better than Joe User's PC running LookOut. And I've found
that when it happens that an ISP's mailserver does get blacklisted, they're
usually very fast at correcting the situation. They have an incentive to do
so, because it being blocked makes a lot of customers unhappy...

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds