Spam: Poison Pill by Richard Lowe

Spam: Poison Pill by Richard Lowe

A common way for spammers to create their vast lists of email addresses is
to cull web pages for "mailto:" tags. There are many different programs,
available for small to huge costs, which will do this automatically, easily
and efficiently.

I monitor my web site log files on a regular basis, and I'm always amazed at
the vast numbers of spam harvesting programs that regularly scan my pages.
Not only do these obnoxious things steal email addresses, they use bandwidth
which I pay for without any kind of compensation. I put up my web pages for
people to read not for some scumbag spammer to scan them.

There are many ways to combat the spammer. None of these methods are
perfect. As in any war, both sides are continually developing new weapons to
use against the other. New methods work for a short time until the enemy
comes up with countermeasures and overcomes the weapon.

One of the more effective ways to confuse the spammer (not hard because they
don't tend to be very bright) is the "poison pill" defense. This consists of
handing the spam harvesting robots some pages which appear juicy, full of
yummy email addresses ripe for the picking.

The email address on these pages are fake. They have nothing to do with
reality and exist only to choke the spam robots, causing them to overflow
and possibly even crash.

Here's how a typical poison pill works. A script is created which performs
all of these tasks. It is important that the scripting be done on the
server, so CGI, ASP, PHP or a similar scripting language must be used.
Server side scripting must be used because many spam robots are not smart
enough to understand client-side scripting languages such as JavaScript.

The script creates a page which appears in all ways to be a normal document
in a web site. The page may include some text informing human visitors of
the intention (this is important so any people who see the page are not
confused).

It also needs to include a meta tag informing all robots not to index the
page. This is critical, as you do not want robots such as googlebot or
scooter (the spiders for Google and Altavista, respectively) seeing this
stuff. Don't worry, spam harvesters ignore these meta tags.

The script gives the page a name, usually randomly picked from a database or
made up somehow, and fills it with a few dozen (at the most) email
addresses. These email addresses are cleverly created to appear perfectly
valid but actually are useless - they are just made up.

Links to other fake pages are created for the spam harvester to follow. Any
robot (or human being, for that matter) that follow these links will find
similar pages, full of desirable email addresses.

Depending upon the robot, it's possible the spammer could gather tens of
thousands of totally fake, unusable email addresses before his robot blows
itself out of the water. It's even better if the robot survives, as the
spammer now wastes his time sending messages to nonexistent email addresses.

In the meantime, the harvester has been lured away from valid pages which
may or may not contain email addresses.

My site, Internet Tips and Secrets, uses one of these poison pills. It is
called wpoison and it really works well. If you want to see it, look at this
page.

http://www.internet-tips.net/cgi-bin/guestlist.pl

If you want to get a copy for yourself, check out the wpoison page.

http://www.monkeys.com/wpoison/

This is just another weapon in the war against spam.

Is it effective?

I know from personal experience that it does trap spam robots, and it does
seem to lure them away from real, useful email addresses.

Is it ethical?

I believe so, as long as you are careful to include the meta tags to inform
"good" robots to leave the pages alone as well as some text to let your
visitors know what's going on.

It's not as satisfying as spamcop.net, and there is no where near that
pleasant glow of success upon learning that some scum spammer has had his
ISP cancel his account, but the poison pill is useful nonetheless. My advice
is to include it in your arsenal along with the other weapons and tools at
your disposal.

To see a list of article available for reprint, you can send an email to:
mailto:article-list@internet-tips.net?subject=send_article_list
or visit
http://internet-tips.net/requestarticles.htm

About the Author
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets
athttp://www.internet-tips.net - Visit our website any time to readover
1,000 complete FREE articles about how to improve your internet profits,
enjoyment and knowledge.