while thinking about the CDT’s report on spammer address-scraping techniques again, it occurred to me that one finding is very significant; high-traffic websites probably get much more spam than low-traffic ones.
Now, I’ve got spamtraps up on pretty much all my sites, using a variety of methods:
- plain mailto links, with instructions to human users not to use them (don’t mail that one either, obviously ;)
- hidden mailto links in the page’s <head> block (browsers will not display text elements outside the <body> block)
- hidden mailto links in a <!– HTML comment –>
-
empty mailto links in the text (ie.
<a href="mailto:foo></a>
) - mod_rewrite pages, which are displayed to spam-scraping bots instead of the real thing
But all my sites are small-time, really. ;) So — anyone out there in the blogosphere care to help out the SpamAssassin project, by feeding us trapped spam? It’d be simply a matter of adding a mailto: link, hidden in a comment on a prominent page of your high-traffic website. Gimme a mail to this address if you do.
(warning: that address will expire in 6 months. if you’re reading this after Aug 2003, use the addr on this page instead.)
The spam trapped in such a way is fed into a number of spamtrap-fed network systems, like Razor, DCC, Pyzor, and the Blitzed OPM blacklist. It’s also used during the SpamAssassin score-regeneration process.