Spam: Poison Pill
By Richard Lowe
Posted Wednesday, December 8, 2004
A common way for spammers to create their vast lists of email addresses is to cull web pages for "mailto:" tags. There are many different programs, available for small to huge costs, which will do this automatically, easily and efficiently.
I monitor my web site log files on a regular basis, and I'm always amazed at the vast numbers of spam harvesting programs that regularly scan my pages. Not only do these obnoxious things steal email addresses, they use bandwidth which I pay for without any kind of compensation. I put up my web pages for people to read not for some scumbag spammer to scan them.
There are many ways to combat the spammer. None of these methods are perfect. As in any war, both sides are continually developing new weapons to use against the other. New methods work for a short time until the enemy comes up with countermeasures and overcomes the weapon.
One of the more effective ways to confuse the spammer (not hard because they don't tend to be very bright) is the "poison pill" defense. This consists of handing the spam harvesting robots some pages which appear juicy, full of yummy email addresses ripe for the picking.
The email address on these pages are fake. They have nothing to do with reality and exist only to choke the spam robots, causing them to overflow and possibly even crash.
Here's how a typical poison pill works. A script is created which performs all of these tasks. It is important that the scripting be done on the server, so CGI, ASP, PHP or a similar scripting language must be used. Server side scripting must be used because many spam robots are not smart enough to understand client-side scripting languages such as JavaScript.
The script creates a page which appears in all ways to be a normal document in a web site. The page may include some text informing human visitors of the intention (this is important so any people who see the page are not confused).
It also needs to include a meta tag informing all robots not to index the page. This is critical, as you do not want robots such as googlebot or scooter (the spiders for Google and Altavista, respectively) seeing this stuff. Don't worry, spam harvesters ignore these meta tags.
The script gives the page a name, usually randomly picked from a database or made up somehow, and fills it with a few dozen (at the most) email addresses. These email addresses are cleverly created to appear perfectly valid but actually are useless - they are just made up.
Links to other fake pages are created for the spam harvester to follow. Any robot (or human being, for that matter) that follow these links will find similar pages, full of desirable email addresses.
Depending upon the robot, it's possible the spammer could gather tens of thousands of totally fake, unusable email addresses before his robot blows itself out of the water. It's even better if the robot survives, as the spammer now wastes his time sending messages to nonexistent email addresses.
In the meantime, the harvester has been lured away from valid pages which may or may not contain email addresses.
My site, Internet Tips and Secrets, uses one of these poison pills. It is called wpoison and it really works well. If you want to see it, look at this page.
(http://www.internet-tips.net/cgi-bin/guestlist.pl)
If you want to get a copy for yourself, check out the wpoison page.
(http://www.monkeys.com/wpoison/)
This is just another weapon in the war against spam.
Is it effective?
I know from personal experience that it does trap spam robots, and it does seem to lure them away from real, useful email addresses.
Is it ethical?
I believe so, as long as you are careful to include the meta tags to inform "good" robots to leave the pages alone as well as some text to let your visitors know what's going on.
It's not as satisfying as spamcop.net, and there is no where near that pleasant glow of success upon learning that some scum spammer has had his ISP cancel his account, but the poison pill is useful nonetheless. My advice is to include it in your arsenal along with the other weapons and tools at your disposal.
To see a list of article available for reprint, you can send an email to: mailto:article-list@internet-tips.net?subject=send_article_list or visit (http://internet-tips.net/requestarticles.htm)
About the Author
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at (http://www.internet-tips.net) - Visit our website any time to readover 1,000 complete FREE articles about how to improve your internet profits, enjoyment and knowledge.