How we webmasters can slow the spammers

Discussion in 'HTML' started by RepAlciere, Feb 16, 2004.

  1. RepAlciere

    RepAlciere Guest

    Here's a simple QBASIC program that generates an HTML page, maillist.htm, with
    10,000 e-mail addresses at random. Run it, and then upload the page onto your
    site, and link to it from your home page.

    A sample of the output is at http://surnamesbytown.com/Italy/maillist.html

    The spammers will slurp up all those bogus e-mail addresses and try to send to
    them.

    This should slow them down, if enough of us do it.

    To change the quantity of bogus e-mail addresses, change the line that says
    IF k > 10000 THEN GOTO 1000
    to IF k> ...(some other number) ... THEN GOTO 1000

    here's the program:



    RANDOMIZE TIMER
    OPEN "c:\maillist.htm" FOR OUTPUT AS #1
    PRINT #1, "<HTML><HEAD></HEAD><BODY>"
    100 PRINT #1, "<BR>": s$ = "": t$ = ""
    IF k > 10000 THEN GOTO 1000

    LET N = 3 + INT(9 * RND)
    LET D = 3 + INT(9 * RND)
    FOR X = 1 TO N
    IF RND > .5 THEN LET s$ = s$ + LCASE$(CHR$(65 + INT(26 * RND)))
    IF RND <= .5 THEN LET s$ = s$ + CHR$(65 + INT(26 * RND))

    NEXT X
    FOR X = 1 TO D
    IF RND > .5 THEN LET t$ = t$ + LCASE$(CHR$(65 + INT(26 * RND)))
    IF RND <= .5 THEN LET t$ = t$ + CHR$(65 + INT(26 * RND))
    NEXT X
    PRINT #1, "<a href="; CHR$(34); "mailto:"; s$; "@"; t$; ".com"; CHR$(34); ">";
    s$; "@"; t$; ".com</A>"
    LET k = k + 1
    GOTO 100
    1000 PRINT #1, "</BODY></HTML>"
    CLOSE #1
    RepAlciere, Feb 16, 2004
    #1
    1. Advertising

  2. RepAlciere

    Cameron Guest

    RepAlciere wrote:
    > Here's a simple QBASIC program that generates an HTML page, maillist.htm, with
    > 10,000 e-mail addresses at random. Run it, and then upload the page onto your
    > site, and link to it from your home page.
    >

    <snip>


    So to help prevent spammers we are supposed to waste (as that page info
    reports) 646.51 KB of our bandwidth? most spam messages aren't that
    large and my filter works just fine, anyway, I aren't sure how smart
    these spam bots are but all it would take is a tiny bit of code to check
    if the @foobar.com is real or if it's not.

    ~Cameron
    Cameron, Feb 16, 2004
    #2
    1. Advertising

  3. RepAlciere

    RepAlciere Guest

    There was one dumb flaw in the program, my forgetting that two consecutive
    lines would produce different random numbers,

    the corrected program follows:

    RANDOMIZE TIMER
    OPEN "c:\maillist.htm" FOR OUTPUT AS #1
    PRINT #1, "<HTML><HEAD></HEAD><BODY>"
    100 PRINT #1, "<BR>": s$ = "": t$ = ""
    IF k > 10000 THEN GOTO 1000
    LET n = 3 + INT(9 * RND)
    LET d = 3 + INT(9 * RND)
    IF n < 3 THEN STOP
    IF d < 3 THEN STOP

    FOR X = 1 TO n
    IF RND > .5 THEN LET s$ = s$ + CHR$(97 + INT(26 * RND)) ELSE LET s$ = s$ +
    CHR$(65 + INT(26 * RND))
    NEXT X
    IF LEN(s$) < n THEN STOP
    FOR X = 1 TO d
    IF RND > .5 THEN LET t$ = t$ + CHR$(97 + INT(26 * RND)) ELSE LET t$ = t$ +
    CHR$(65 + INT(26 * RND))
    NEXT X
    IF LEN(t$) < d THEN STOP
    PRINT #1, "<a href="; CHR$(34); "mailto:"; s$; "@"; t$; ".com"; CHR$(34); ">";
    s$; "@"; t$; ".com</A>"
    LET k = k + 1
    GOTO 100
    1000 PRINT #1, "</BODY></HTML>"
    CLOSE #1
    RepAlciere, Feb 16, 2004
    #3
  4. On 16 Feb 2004 23:19:55 GMT, (RepAlciere) wrote:

    >Here's a simple QBASIC program that generates an HTML page, maillist.htm, with
    >10,000 e-mail addresses at random. Run it, and then upload the page onto your
    >site, and link to it from your home page.


    This does nothing to reduce spam. If anything, it just more bad
    address that waste more bandwidth. Spammers don't care about dead
    addresses.

    I've had an email account that's been disabled for 4 years. Once in a
    while I'll activate it for a day or two. It'll catch 20 spams in a
    day.

    This approach solves nothing.

    Cheers,
    Jason Henning
    Jason Henning, Feb 17, 2004
    #4
  5. RepAlciere wrote:

    > Here's a simple QBASIC program that generates an HTML page, maillist.htm, with
    > 10,000 e-mail addresses at random.


    See also: mod_spam_die for Apache.

    --
    Toby A Inkster BSc (Hons) ARCS
    Contact Me - http://www.goddamn.co.uk/tobyink/?page=132
    Toby A Inkster, Feb 17, 2004
    #5
  6. (RepAlciere) wrote in message news:<>...
    > There was one dumb flaw in the program


    Yes - you assumed people have QBasic. You may as well have written it
    in PERL or PHP, or some other server-side scripting language that
    people here will use.

    It's also, as other have said, useless.

    --
    Hywel
    Hywel Jenkins, Feb 17, 2004
    #6
  7. RepAlciere

    Bruce Grubb Guest

    In article <>,
    (RepAlciere) wrote:

    > Here's a simple QBASIC program that generates an HTML page, maillist.htm,
    > with
    > 10,000 e-mail addresses at random. Run it, and then upload the page onto your
    > site, and link to it from your home page.


    Instead of doing soemthing this stupid why not find a way to fix e-mail so
    the spanners can no longer hide behind false addresses? Or is that going
    to be royal pain to do?
    Bruce Grubb, Feb 17, 2004
    #7
  8. RepAlciere

    Richard Guest

    RepAlciere wrote:

    > Here's a simple QBASIC program that generates an HTML page, maillist.htm,
    > with 10,000 e-mail addresses at random. Run it, and then upload the page
    > onto your site, and link to it from your home page.


    > A sample of the output is at
    > http://surnamesbytown.com/Italy/maillist.html


    > The spammers will slurp up all those bogus e-mail addresses and try to
    > send to them.


    > This should slow them down, if enough of us do it.


    > To change the quantity of bogus e-mail addresses, change the line that
    > says IF k > 10000 THEN GOTO 1000
    > to IF k> ...(some other number) ... THEN GOTO 1000


    > here's the program:



    The same thing could be done in javascript.

    But why? Sniffers don't care if the addy is real or not. Neither does the
    automated program that generates the mail.
    Once the program knows an addy is genuine, that addy is placed into a "keep"
    file.

    I have my own domain name I use for a lot of my maill simply so I can get
    away from the spam.
    If I need to sign up for something at a website, I'll use a unique addy just
    for that website.
    When I see mail coming in for that addy, I know the source and how the
    spammer got it.
    Instant trash can material.

    I used one addy on a certain bulletin board. Suddenly I was gettng spammed.
    So after a few more spammers got the addy, I changed it. Now that first one
    directs all mail to it to the trash can.

    Don't want spam? Use your filter.
    Richard, Feb 17, 2004
    #8
  9. RepAlciere

    Safalra Guest

    Bruce Grubb <> wrote in message news:<>...
    > In article <>,
    > (RepAlciere) wrote:
    >
    > > Here's a simple QBASIC program that generates an HTML page, maillist.htm,
    > > with
    > > 10,000 e-mail addresses at random. Run it, and then upload the page onto your
    > > site, and link to it from your home page.

    >
    > Instead of doing soemthing this stupid why not find a way to fix e-mail so
    > the spanners can no longer hide behind false addresses? Or is that going
    > to be royal pain to do?


    Basically the way it would be done is that we'd have a new delivery
    protocol where each mail server that sees the message would ask the
    sender 'did you really send this?' before passing it on - this could
    even cope if some servers were malicious. This causes a lot of traffic
    though. And it doesn't stop spammers hijacking machines to send spam
    for them (though that's a different security issue).

    --- Safalra (Stephen Morley) ---
    http://www.safalra.com/hypertext
    Safalra, Feb 17, 2004
    #9
  10. Safalra wrote:

    > Basically the way it would be done is that we'd have a new delivery
    > protocol where each mail server that sees the message would ask the
    > sender 'did you really send this?' before passing it on - this could
    > even cope if some servers were malicious.


    I prefer "hash cash".

    Basically, increase the "cost" of sending an e-mail: not monetary cost,
    but processor time.

    How? Insist that every e-mail that passes through your system is
    cryptographically signed. If a spammer has to sign every mail, then it
    limits how many e-mails they can send (say 500 per hour instead of 5000
    per hour), so spam volume is reduced.

    As processors speed up, we simply increase the strength of cryptography
    required to send mail: say from 128 bit to 512 bit.

    --
    Toby A Inkster BSc (Hons) ARCS
    Contact Me - http://www.goddamn.co.uk/tobyink/?page=132
    Toby A Inkster, Feb 17, 2004
    #10
  11. RepAlciere

    Safalra Guest

    Toby A Inkster <> wrote in message news:<>...
    > Safalra wrote:
    > > Basically the way it would be done is that we'd have a new delivery
    > > protocol where each mail server that sees the message would ask the
    > > sender 'did you really send this?' before passing it on - this could
    > > even cope if some servers were malicious.

    >
    > [snip]
    > Insist that every e-mail that passes through your system is
    > cryptographically signed. If a spammer has to sign every mail, then it
    > limits how many e-mails they can send (say 500 per hour instead of 5000
    > per hour), so spam volume is reduced.


    Which would of course also affect legitimate mass-mailing. And if the
    spammers can access enough machines (by exploiting security holes, for
    example), they'll still be able to send huge quantities of e-mail.

    > As processors speed up, we simply increase the strength of cryptography
    > required to send mail: say from 128 bit to 512 bit.


    I still don't trust these cryptography schemes - until we've proved
    one-way functions exist (which is an even stronger statement than P !=
    NP), I'd rather not rely on them... (Recall that recently a
    polynomial-time algorithm to determine whether a number was prime or
    not was found, and it's incredibly short - we never know what new
    algorithms may suddenly appear.)

    --- Safalra (Stephen Morley) ---
    http://www.safalra.com/hypertext
    Safalra, Feb 18, 2004
    #11
  12. RepAlciere

    Jbj4712 Guest

    >Once the program knows an addy is genuine, that addy is placed into a "keep"
    >file.


    But how does it know if is genuine or not? Sometimes this can
    be confirmed, but when it can't be confirmed, how does it know?

    They can include IMG SRC="http:// (IP address ) /images/wejtrhgfh.jpg and
    program the server to see whether that wejtrhgfh image gets called up. This is
    a major invasion of people's privacy if they allow images in their e-mail
    because snoops can notice that you only open e-mails after midnight, for
    example.

    But how can the program determine that an e-mail address is fake?

    When they offer one million e-mail addresses, for a price, and only 13 of them
    are good, the spammers are bogged down with junk addresses. That's the plan.
    Jbj4712, Feb 18, 2004
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeremy C. Morgan

    looking for webmasters

    Jeremy C. Morgan, Dec 28, 2003, in forum: HTML
    Replies:
    12
    Views:
    1,113
    Jeremy C. Morgan
    Dec 30, 2003
  2. Jeremy C. Morgan

    looking for webmasters

    Jeremy C. Morgan, Dec 28, 2003, in forum: HTML
    Replies:
    0
    Views:
    373
    Jeremy C. Morgan
    Dec 28, 2003
  3. Greg
    Replies:
    2
    Views:
    369
    mark | r
    May 11, 2005
  4. Replies:
    0
    Views:
    367
  5. lifewebmaster

    Webmasters

    lifewebmaster, Feb 5, 2007, in forum: Java
    Replies:
    2
    Views:
    371
    Mark Space
    Feb 5, 2007
Loading...

Share This Page