Spam: Poison Pill

A common way for spammers to create their vast lists of email addresses is to cull web pages for "mailto:" tags. There are many different programs, available for small to huge costs, which will do this automatically, easily and efficiently.

I monitor my web site log files on a regular basis, and I'm always amazed at the vast numbers of spam harvesting programs that regularly scan my pages. Not only do these obnoxious things steal email addresses, they use bandwidth which I pay for without any kind of compensation. I put up my web pages for people to read not for some scumbag spammer to scan them.

There are many ways to combat the spammer. None of these methods are perfect. As in any war, both sides are continually developing new weapons to use against the other. New methods work for a short time until the enemy comes up with countermeasures and overcomes the weapon.

One of the more effective ways to confuse the spammer (not hard because they don't tend to be very bright) is the "poison pill" defense. This consists of handing the spam harvesting robots some pages which appear juicy, full of yummy email addresses ripe for the picking.

The email address on these pages are fake. They have nothing to do with reality and exist only to choke the spam robots, causing them to overflow and possibly even crash.

Here's how a typical poison pill works. A script is created which performs all of these tasks. It is important that the scripting be done on the server, so CGI, ASP, PHP or a similar scripting language must be used. Server side scripting must be used because many spam robots are not smart enough to understand client-side scripting languages such as JavaScript.

The script creates a page which appears in all ways to be a normal document in a web site. The page may include some text informing human visitors of the intention (this is important so any people who see the page are not confused).

It also needs to include a meta tag informing all robots not to index the page. This is critical, as you do not want robots such as googlebot or scooter (the spiders for Google and Altavista, respectively) seeing this stuff. Don't worry, spam harvesters ignore these meta tags.

The script gives the page a name, usually randomly picked from a database or made up somehow, and fills it with a few dozen (at the most) email addresses. These email addresses are cleverly created to appear perfectly valid but actually are useless - they are just made up.

Links to other fake pages are created for the spam harvester to follow. Any robot (or human being, for that matter) that follow these links will find similar pages, full of desirable email addresses.

Depending upon the robot, it's possible the spammer could gather tens of thousands of totally fake, unusable email addresses before his robot blows itself out of the water. It's even better if the robot survives, as the spammer now wastes his time sending messages to nonexistent email addresses.

In the meantime, the harvester has been lured away from valid pages which may or may not contain email addresses.

My site, Internet Tips and Secrets, uses one of these poison pills. It is called wpoison and it really works well. If you want to see it, look at this page.

http://www.internet-tips.net/cgi-bin/guestlist.pl

If you want to get a copy for yourself, check out the wpoison page.

http://www.monkeys.com/wpoison/

This is just another weapon in the war against spam.

Is it effective?

I know from personal experience that it does trap spam robots, and it does seem to lure them away from real, useful email addresses.

Is it ethical?

I believe so, as long as you are careful to include the meta tags to inform "good" robots to leave the pages alone as well as some text to let your visitors know what's going on.

It's not as satisfying as spamcop.net, and there is no where near that pleasant glow of success upon learning that some scum spammer has had his ISP cancel his account, but the poison pill is useful nonetheless. My advice is to include it in your arsenal along with the other weapons and tools at your disposal.

To see a list of article available for reprint, you can send an email to: mailto:article-list@internet-tips.net?subject=send_article_list or visit
http://internet-tips.net/requestarticles.htm

Richard Lowe Jr. is the webmaster of Internet Tips And Secrets athttp://www.internet-tips.net - Visit our website any time to readover 1,000 complete FREE articles about how to improve your internet profits, enjoyment and knowledge.

Tired of Bogus Spam Complaints? United We Stand ....June Campbell

If you are distributing material to an opt-in email list, you need to know about a fledgling, grassroots organization called e-Crucible. The organization is committed to "opposing by any ethical, political, and legal means available the vigilante activities of "anti-Spam" fanatics and the unfair and unjust handling of 'Spam' complaints by certain Internet Service Providers."

According to the Executive Director, John Botscharow, e-Crucibles is in the process of acquiring non-profit status so it can exist as a legal entity.

But first, a little background.

As an online publisher, you already know what I mean by bogus spam reports. Either in error or with mischievous intent, a subscriber decides your ezine is spam. Quicker than you can say, "Hey, you subscribed!", s/he sends hostile, rude and often abusive emails to every web site or email address listed in your ezine. In some cases, the complainant includes a worm or virus with the email for added impact. Or maybe s/he reports you to SpamCop, CAUSE or a similar vigilante group.

The bad stuff hits the fan. You're deemed guilty and there is no wayto prove your innocence. Without contacting you, SpamCop emails your ISP, your web host, your advertisers and even the writers whose articles you have published. At best, you spend the next few days explaining and pleading your innocence to the people involved. At worst, your website host and your ISP shut you down. Your business is interrupted until you can make other arrangements. If you live in an area of the world where you have only one ISP available, this can mean the end of your Internet business.

This story is but one example of many. Frank Garon is a webmaster who publishes an opt-in ezine with a subscriber base of 12,000 (http://www.InternetCashPlanet.com). His ezine contains clear unsubscribe instructions. Sometime in April, 2001, a subscriber allegedly sent the entire ezine to SpamCop with the instructions to "shut down this American *&%^ spammer."

Garon reported that SpamCop contacted every email address and web host address contained in the ezine. One victim was a writer whose article had been published in the 'zine. She had the usual resource box at the end of her article, including a link to her site. The writer's email account was shut down, and at last report, her web site was in jeopardy. Remember that this writer did not send a single email. Common sense dictates that she could not possibly have been guilty of spam.

Garon and the writer sent an appeal to SpamCop. The response from SpamCop's "deputy" included the following:"..."If the admin of this ezine would like to pursue punitive action against the SpamCop user for filing a false complaint, we will need to see proof of opt-in confirmation. Otherwise, we will simply consider this matter closed..."

Now here's the kicker. SpamCop did not reveal the name and email address of the complainant. Without identification, how can Garon prove that the subscriber had opted-in? Worse, without the email address, how can Garon remove the subscriber from his list? What's to stop the same subscriber from filing the same complaint repeatedly? Again, it defies common sense.

As Garon wrote, 'To have to spend every day wondering if TODAY is the day some creep is going to falsely accuse you of Spam and cost you and your entire family everything you have put years of hard work into is MORE than a little scary."

To make the story even more bizarre, e-Crucible members state that they have reported real spammers to SpamCop with no results.

If you're an email publisher, the shark attacks come from three sources: odious subscribers, vigilante organizations and ISPs and web hosts who shut you down without giving you a chance to defend yourself. As an individual, you can do little to change the situation.

Please consider signing up for the free e-Crucibles mailing list and help strengthen this little organization with the big goals. Sign up at http://www.topica.com/lists/e-Crucible/ or send email to mailto:e-Crucible-subscribe@topica.com

Please note: e-Crucible is NOT pro-spam. They are opposed to spurious spam complaints that put legitimate marketers in jeopardy.

Visit June Campbell on the web for articles, a FREE ebook, or for guides to writing business plans, business proposals, joint venture contracts and more. http://www.nightcats.com