Drowning spammers

This article by Dan Gillmor gives me an idea: The deployment of “honeypot” snares to trap and study malicious computer hacking is gaining credence in the networked world. But the practice, however useful, raises legal and ethical issues. The idea is to set up a server that holds no crucial data. Then you wait for … Continue reading “Drowning spammers”

This article by Dan Gillmor gives me an idea:

The deployment of “honeypot” snares to trap and study malicious computer hacking is gaining credence in the networked world. But the practice, however useful, raises legal and ethical issues.

The idea is to set up a server that holds no crucial data. Then you wait for the bad guys to invade — it typically doesn’t take long — and figure out what they’re doing, so you can prevent them from doing it to more valuable machines.

Spammers, as we know, harvest e-mail addresses from the web, which is why people go to great pains not to make their e-mail addresses known except in some form that requires a bit of translation. So what would happen if every blog and personal web site was to sport a few hundred completely bogus e-mail addresses? The spammers would harvest them as well, and their mailing lists would grow longer and longer, with a noise-to-signal ratio going in the right direction. It seems to me that spammers probably limit the number of e-mails they send out at any given time to certain number that is somewhat less than the size of their entire database, which means that the likelihood of a given spam reaching a real address would decline.

So this would be the equivalent of releasing sterile fruit flies into the environment to prevent real ones from reproducing. It may not be completely successful, but it couldn’t hurt.

Update: this page generates bogus e-mail addresses to screw-up the address harvesting activities of spammers. It would be better if it used valid domains, but this is a good start, and somebody else did it already.

Here’s a couple more scripts a little more subtle.