How we webmasters can slow the spammers

[RepAlciere]

Here's a simple QBASIC program that generates an HTML page, maillist.htm, with
10,000 e-mail addresses at random. Run it, and then upload the page onto your
site, and link to it from your home page.

A sample of the output is at http://surnamesbytown.com/Italy/maillist.html

The spammers will slurp up all those bogus e-mail addresses and try to send to
them.

This should slow them down, if enough of us do it.

To change the quantity of bogus e-mail addresses, change the line that says
IF k > 10000 THEN GOTO 1000
to IF k> ...(some other number) ... THEN GOTO 1000

here's the program:



RANDOMIZE TIMER
OPEN "c:\maillist.htm" FOR OUTPUT AS #1
PRINT #1, "<HTML><HEAD></HEAD><BODY>"
100 PRINT #1, "<BR>": s$ = "": t$ = ""
IF k > 10000 THEN GOTO 1000

LET N = 3 + INT(9 * RND)
LET D = 3 + INT(9 * RND)
FOR X = 1 TO N
IF RND > .5 THEN LET s$ = s$ + LCASE$(CHR$(65 + INT(26 * RND)))
IF RND <= .5 THEN LET s$ = s$ + CHR$(65 + INT(26 * RND))

NEXT X
FOR X = 1 TO D
IF RND > .5 THEN LET t$ = t$ + LCASE$(CHR$(65 + INT(26 * RND)))
IF RND <= .5 THEN LET t$ = t$ + CHR$(65 + INT(26 * RND))
NEXT X
PRINT #1, "<a href="; CHR$(34); "mailto:"; s$; "@"; t$; ".com"; CHR$(34); ">";
s$; "@"; t$; ".com</A>"
LET k = k + 1
GOTO 100
1000 PRINT #1, "</BODY></HTML>"
CLOSE #1

 

[Cameron]

Here's a simple QBASIC program that generates an HTML page, maillist.htm, with
10,000 e-mail addresses at random. Run it, and then upload the page onto your
site, and link to it from your home page.

<snip>


So to help prevent spammers we are supposed to waste (as that page info
reports) 646.51 KB of our bandwidth? most spam messages aren't that
large and my filter works just fine, anyway, I aren't sure how smart
these spam bots are but all it would take is a tiny bit of code to check
if the @foobar.com is real or if it's not.

~Cameron

 

[RepAlciere]

There was one dumb flaw in the program, my forgetting that two consecutive
lines would produce different random numbers,

the corrected program follows:

RANDOMIZE TIMER
OPEN "c:\maillist.htm" FOR OUTPUT AS #1
PRINT #1, "<HTML><HEAD></HEAD><BODY>"
100 PRINT #1, "<BR>": s$ = "": t$ = ""
IF k > 10000 THEN GOTO 1000
LET n = 3 + INT(9 * RND)
LET d = 3 + INT(9 * RND)
IF n < 3 THEN STOP
IF d < 3 THEN STOP

FOR X = 1 TO n
IF RND > .5 THEN LET s$ = s$ + CHR$(97 + INT(26 * RND)) ELSE LET s$ = s$ +
CHR$(65 + INT(26 * RND))
NEXT X
IF LEN(s$) < n THEN STOP
FOR X = 1 TO d
IF RND > .5 THEN LET t$ = t$ + CHR$(97 + INT(26 * RND)) ELSE LET t$ = t$ +
CHR$(65 + INT(26 * RND))
NEXT X
IF LEN(t$) < d THEN STOP
PRINT #1, "<a href="; CHR$(34); "mailto:"; s$; "@"; t$; ".com"; CHR$(34); ">";
s$; "@"; t$; ".com</A>"
LET k = k + 1
GOTO 100
1000 PRINT #1, "</BODY></HTML>"
CLOSE #1

 

[Jason Henning]

Here's a simple QBASIC program that generates an HTML page, maillist.htm, with
10,000 e-mail addresses at random. Run it, and then upload the page onto your
site, and link to it from your home page.

This does nothing to reduce spam. If anything, it just more bad
address that waste more bandwidth. Spammers don't care about dead
addresses.

I've had an email account that's been disabled for 4 years. Once in a
while I'll activate it for a day or two. It'll catch 20 spams in a
day.

This approach solves nothing.

Cheers,
Jason Henning

 

[Toby A Inkster]

Here's a simple QBASIC program that generates an HTML page, maillist.htm, with
10,000 e-mail addresses at random.

See also: mod_spam_die for Apache.

 

[Hywel Jenkins]

There was one dumb flaw in the program

Yes - you assumed people have QBasic. You may as well have written it
in PERL or PHP, or some other server-side scripting language that
people here will use.

It's also, as other have said, useless.

 

[Bruce Grubb]

Here's a simple QBASIC program that generates an HTML page, maillist.htm,
with
10,000 e-mail addresses at random. Run it, and then upload the page onto your
site, and link to it from your home page.

Instead of doing soemthing this stupid why not find a way to fix e-mail so
the spanners can no longer hide behind false addresses? Or is that going
to be royal pain to do?

 

[Richard]

Here's a simple QBASIC program that generates an HTML page, maillist.htm,
with 10,000 e-mail addresses at random. Run it, and then upload the page
onto your site, and link to it from your home page.

A sample of the output is at
http://surnamesbytown.com/Italy/maillist.html

The spammers will slurp up all those bogus e-mail addresses and try to
send to them.

This should slow them down, if enough of us do it.

To change the quantity of bogus e-mail addresses, change the line that
says IF k > 10000 THEN GOTO 1000
to IF k> ...(some other number) ... THEN GOTO 1000

here's the program:

The same thing could be done in javascript.

But why? Sniffers don't care if the addy is real or not. Neither does the
automated program that generates the mail.
Once the program knows an addy is genuine, that addy is placed into a "keep"
file.

I have my own domain name I use for a lot of my maill simply so I can get
away from the spam.
If I need to sign up for something at a website, I'll use a unique addy just
for that website.
When I see mail coming in for that addy, I know the source and how the
spammer got it.
Instant trash can material.

I used one addy on a certain bulletin board. Suddenly I was gettng spammed.
So after a few more spammers got the addy, I changed it. Now that first one
directs all mail to it to the trash can.

Don't want spam? Use your filter.

 

[Safalra]

Instead of doing soemthing this stupid why not find a way to fix e-mail so
the spanners can no longer hide behind false addresses? Or is that going
to be royal pain to do?

Basically the way it would be done is that we'd have a new delivery
protocol where each mail server that sees the message would ask the
sender 'did you really send this?' before passing it on - this could
even cope if some servers were malicious. This causes a lot of traffic
though. And it doesn't stop spammers hijacking machines to send spam
for them (though that's a different security issue).

--- Safalra (Stephen Morley) ---
http://www.safalra.com/hypertext

 

[Toby A Inkster]

Basically the way it would be done is that we'd have a new delivery
protocol where each mail server that sees the message would ask the
sender 'did you really send this?' before passing it on - this could
even cope if some servers were malicious.

I prefer "hash cash".

Basically, increase the "cost" of sending an e-mail: not monetary cost,
but processor time.

How? Insist that every e-mail that passes through your system is
cryptographically signed. If a spammer has to sign every mail, then it
limits how many e-mails they can send (say 500 per hour instead of 5000
per hour), so spam volume is reduced.

As processors speed up, we simply increase the strength of cryptography
required to send mail: say from 128 bit to 512 bit.

 

[Safalra]

Basically the way it would be done is that we'd have a new delivery
protocol where each mail server that sees the message would ask the
sender 'did you really send this?' before passing it on - this could
even cope if some servers were malicious.

[snip]
Insist that every e-mail that passes through your system is
cryptographically signed. If a spammer has to sign every mail, then it
limits how many e-mails they can send (say 500 per hour instead of 5000
per hour), so spam volume is reduced.

Which would of course also affect legitimate mass-mailing. And if the
spammers can access enough machines (by exploiting security holes, for
example), they'll still be able to send huge quantities of e-mail.

As processors speed up, we simply increase the strength of cryptography
required to send mail: say from 128 bit to 512 bit.

I still don't trust these cryptography schemes - until we've proved
one-way functions exist (which is an even stronger statement than P !=
NP), I'd rather not rely on them... (Recall that recently a
polynomial-time algorithm to determine whether a number was prime or
not was found, and it's incredibly short - we never know what new
algorithms may suddenly appear.)

--- Safalra (Stephen Morley) ---
http://www.safalra.com/hypertext

 

[Jbj4712]

Once the program knows an addy is genuine, that addy is placed into a "keep"

file.

But how does it know if (e-mail address removed) is genuine or not? Sometimes this can
be confirmed, but when it can't be confirmed, how does it know?

They can include IMG SRC="http:// (IP address ) /images/wejtrhgfh.jpg and
program the server to see whether that wejtrhgfh image gets called up. This is
a major invasion of people's privacy if they allow images in their e-mail
because snoops can notice that you only open e-mails after midnight, for
example.

But how can the program determine that an e-mail address is fake?

When they offer one million e-mail addresses, for a price, and only 13 of them
are good, the spammers are bogged down with junk addresses. That's the plan.