We all know what sleazaeballs the spammers are - and we’re aware of all the sneaky tricks they use. For example, you might filter your E-Mail to reject anything with the word “mortgage” in the subject line. So, they either spell mortgage “m-o-r-t-g-a-g-e” or maybe they put spaces between each letter or they just might have the subject line Re: your last E-Mail.
So, what if a website owner sends a little grief in the spammers’ direction?
How about on the index page setting up 10 (or more) nonexistent E-Mail addresses and commenting them out so they are not visible to visitors but are visible to the spam bots? I do not recommend just inventing website names unless you are positively 100% sure that they do NOT exist.
For example, on an index page let’s suppose a person lists a bunch of phony E-Mail addresses such as : jsmith@1h2y3n6g7s8e9ko3j6n7s8q9x0a5f6.com
I imagine the “bots” would pick up on this and at least cause a little grief for the spammers by having a crapload of undeliverable spam sent back to them.
I’m sure that someone must have thought of this long beore I did. Is it frowned upon by webmasters in general because it only adds to the huge amount of Internet traffic (and/or spam) ?
I was just wondering what others thought of this “solution” and would it at least cause some inconvenience to the spammers?
I don’t think that your average spammer gives a flying fig at a rolling donut whether they get any returned email.
Lots of the stuff is sent from “disposable” email accounts (set up and used one time for that purpose), sent with forged “From” fields (so responses won’t go to the actual sender anyhow) and other obscuring tactics.
If they DID bother to monitor their returned email they’d doubtless see a ton of it already, from things like angry responses, Out Of Office replies, mailbox full messages and the like.
And finally, many spammers send to addresses that are generated automatically (for example, take a dictionary of twenty thousand first and last names and then send email to firstname.lastname@yahoo.com) - many of those will turn out to be non-valid in the first place so there would be millions of “undeliverable” replies already.
I don’t know how well the “Challenge-Response” systems worked overall but when I used Mailblocks on one account it seemed to get the job done. Those systems work by depending on the fact that spammers will not generally look at replies (the first time you email me, you get a response that makes you take a trivial action that is tough for a 'bot to do to prove that you are really a person who is trying to email me).
While causing grief to spammers is a great concept, this one wouldn’t work.
The spambots and zombies are generally sending out emails without valid return addresses (or with someone else’s return address). Not only won’t it inconvenience the spammers, but they won’t even notice it because none of the undeliverables return to them.
Oh, and for the gutter slime that send out spam with valid return addresses that they’ve stolen from others, it’s even worse. A spammer stuck my return address on a flood of garbage he spewed out, and all the undeliverable messages came back to me! My system’s clean, and I verified that none of this junk came from my server, but since the scuzzball used my return address, I got hundreds and hundreds of bounce messages.
Just hunt 'em all down, fine 'em, bankrupt 'em, jail 'em, and I’ll be happy.
I just thought the spammers might test the E-Mail addresses somehow.
So, are they deceiving their customers (who are equally deserving of a suitable place in Hell) by telling them “we send your message to 100,000 E-mail addresses” without mentioning that those addresses may be non-existant ?
Yeah, with loads of bandwidth or an army of spambots, they don’t care about undeliverable mail. There are a bunch of sites that have “invisible” links that lead to never-ending script-generated webpages of invalid email addresses (First simple one I could find), but it’s not generally believed to be an effective tactic.
Those who compile the email lists will test. That’s how they create lists of verified addresses they sell tp spammers.
Deception? Not really, unless they claim all the addresses in their lists are valid. Besides, lists generally run into the millions so a few tens of thousands of failed email accounts don’t matter much. It’s not like that plunked down 37 cents per stamp for those accounts.
How about this: maintain a few dummy addresses and scan all incoming e-mail. Anything received by the dummies gets compared against mail received by valid accounts. If they are similar, both get deleted.
Yes, but spammers are very good about making sure that all their emails they send out are unique. You could still conceivable write a smart filter, such as a bayseian filter, but even that won’t work all the time.
DarrenS
I knew I wasn’t the first to think of this and I’m glad you provided that link. One thing that bothers me is how does that program “know” that all those E-Mail links it generates are non-existant?
I noticed that the majority of those contrived E-Mail addresses are .gov domains. To me, that’s not a wise thing to do because:
Do spammers really send any of that shit to *.gov domains? If so, it would be so damned easy for spammers to program “bots” to ignore all .gov domains.
Should one of those computer generated addresses turn out to be real, I would not want any state or federal government getting angry at me.
Tuckerfan
That’s a nice story you found. I like stories with happy endings.
Spammers do not use genuine return addresses. Spammers don’t care if even 50% of their emails are to non-existent addresses and bounce.
What they do use for return addresses, however, is genuine domain names (the bit after the @ in the email address). This helps their spam get through filters. Guess where all the bounces from all those non-existent addresses go to? Yup, that’s right, the domain that they used as their return address. Hundreds & thousands of them get dumped on the mail server for that innocent domain.
So all you people creating fake email addresses for spambots to pick up are just increasing traffic for all of us who have to clear up after the bounces. You aren’t hurting the spammer in the slightest, and generating a whole lot of other traffic for innocent third parties.
Futile Gesture
Yes, I was aware of overloading legitimate domains and that’s why I stated in posting #1:
Still, from what you are saying, another problem exists.
If you try to fool a “bot” with a non-existent E-Mail address such as: gwashington@mountvernon867-5309-sdmb-hi-opal.com
this will get “bounced” back to the legitimate domain from which the spammers sent it. (and it sure as Hell won’t be the spammers getting the bounced E-Mails).
Thanks for that explanation. Since, I wasn’t too sure about the effectiveness of this strategy, I thought I should consult a “higher power” - the SDMB.
So, after all the spam that has headed in everyone’s direction for the last decade, why hasn’t a simple solution been found? How about making damned sure that the people who own the domain are the only ones that can send E-Mail using that address?
I’m sure I’ll receive a reply to that question too. I do appreciate all the replies so far.
Here’s the breakdown. Spammers use lists of millions of “targeted” e-mail addresses bought for $29.95. They don’t care if some of the addresses are bad. In fact, it would be surprising if less than 20% were bad. They make up for it with pure volume. So feeding spammers a few hundred or thousand bogus e-mail addresses won’t make much difference.
Additionally, spammers generally will NOT see bounce messages, nor would they care to. They just want you to place an order on the site mentioned in the e-mail before it is shut down. Spammers send their e-mails from servers hosted by tolerant or ignorant providers. Or, there are viruses that silently send millions of spams in the background, from user’s own machines. The messages are usually sent with fake return addresses. The fake addresses are often OTHER e-mail addresses from their address list. When a message bounces, it goes back to the “From:” address. So if someone sends a spam with your address in the From: field and it bounces due to a bad address, it comes back to you as if you sent it. If a spammer uses a real From: address, to me that means they’re ignorant of what they’re asking for, which is a very very very full Inbox with all the bounces and complaints.
If you are going to generate fake addresses, don’t use existing legitimate domain names because that domain’s mail server will have to deal with the traffic for no good reason. If you use, for example, mickeymouse@straightdope.com, then the Straight Dope mail server still has to deal with the transaction and tell the sending machine there is no account with the name mickeymouse.
There’s a project called WebPoison which elaborates on the OP’s theory. Webpoison generates pages of randomly created email addresses and links to more random pages… They use the < meta > tag to warn off legitimate site crawlers (such as Google). In their own words:
