Three spam-proofing techniques I've tried with at-the-time virginal email addresses: 1. Encoding a mailto: link -- for example, A HREF="mailto:declan@c etc. Ancedotally, this works reasonably well. After a year or so, I've received less than 10 spam messages at that address. 2. Using a standard mailto: link but hiding it behind a CGI script, with the assumption that spambots hesitante to enter a CGI thicket. After 18 months, this does not work well, with about one or two spam messages arriving a day. I also have an autoreply message set for this account, which may encourage smarter spambots. 3. Using an image file to store an email address. After eight months, *NO* spam messages so far. Yes, eventually spammers may start OCRing, but they haven't yet. -Declan --- Date: Wed, 28 May 2003 11:24:52 -0400 (EDT) From: Charles Platt <somewhereat_private> To: Declan McCullagh <declanat_private> cc: politechat_private Subject: Spam: A cautionary tale In-Reply-To: <5.2.1.1.0.20030528021944.0474b6d0at_private> A lighter note on the spam problem: I have been forced to abandon my old account at panix.com mainly because of spam. I made the mistake of posting messages to Usenet from that account, years ago, and ended up with at least 100 spam emails coming in each day. Various attempts at filtering were unsuccessful (panix.com is not very good at helping users do that kind of thing). So, I moved to a different hosting service and sent out a few hundred change-of-address notifications. However, once in a while I do still receive "real" email at cpat_private, mainly because that address appeared on every Wired feature I wrote for about six years. I didn't want to miss those "real" messages (hey, someone could be offering me a writing assignment!) so I set up an autorespond message. The question was, how to word the message in a way that would be intelligible to humans but impenetrable to spambots. In other words I was now in the position of doing the opposite of what the spammers do. They try to concoct subject lines and messages that spam filters will accept as "real" email. I was trying to concoct a subject line and message that the spammers would reject as "unreal" email. After various ideas I thought I had the perfect solution. I included my new email address written BACKWARD. There's no way a spambot would know that it was backward, because it still had an @ sign in the middle, and my new address does not end in .com. I was really pleased with my ingenuity until, THE VERY NEXT DAY, I received spam at my new address from a gentleman in Nigeria who had a truly amazing story to tell, involving unclaimed millions in a US bank account. Yes, some poor wretch, possibly in the third world, had actually taken the trouble to READ my autoreply, figure out the backward address, and remail his spam to me at my new location. And now today I have my second piece of spam, offering to enlarge my penis to truly amazing dimensions, presumably because the gentleman in Nigeria has resold my new address for 1 cent or so, thus recouping the time he invested decoding it. The moral of this story: When you are up against this kind of relentless, mindless mentality, the law is an inappropriate tool. In my long-forgotten book ANARCHY ONLINE, 8 years ago, I wrote that antispam laws would never work. I still believe this, because the ingenuity of spammers will always exceed the imaginations of legislators. Of course this won't stop the legislators from trying, and their antispam laws will have unintended consequences that will be damaging, as Tim May points out. My autoreply from panix.com now sends a message telling people my phone number and asking them to call me to get my new email address. This seems a safe strategy because of course phone calls actually cost money (unlike email which is virtually free), and consequently telephone spam is much less of a problem. The conclusion is obvious. --CP ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed May 28 2003 - 23:51:31 PDT