Attack of the Spambots!

by Don Lipper and Elizabeth Sagehorn – Technology Writers

I wonder what the heck I did in my life that made the internet think I need Rolex replicas, sex drugs, unspeakable porn and investment opportunities that require me to send my life savings to some corrupt official in Nigeria. Somewhere on the internet I’ve been attacked by a spambot.

Spambots are like the web crawlers or spiders Google and other search engines send throughout the web to index the words on a page. Unlike Google, all a spambot cares about is harvesting any email address it finds. Those email address are then sold to spammers around the world.

If you posted to a discussion group, signed an online petition or visited a chat room, a spambot has your address. In business your email address is probably the major point of contact for your customers. That’s why email addresses are often put on your business’s web site and that’s why you’re getting so much spam.

Spam is an arms race. With every advance by the forces of good, the forces of darkness find a counter-measure. So today’s solution may only work for a short time. With that depressing caveat aside, here are a few ways to prevent a spambot from harvesting your address.

The first approach is called address munging, in which you modify your email address so that people can decode the real address but spambots can’t. (Example: me@FORTHELOVEOFGODPLEASEDONOTSPAMMEexample.com) Unfortunately spambots have mostly evolved to read through such munging.

Another technique is to save the email address text into an image file and display the image on the web page, where users are then able to see the address. Although this method combats spambots, it is not compatible with web page accessibility. Some sophisticated spambots have built-in optical character recognition that allows them to read the image as text.

If you want to take a big bite out of your spam, get rid of any “mailto” hyperlinks that automatically generate a pop up email. Move to a forms-based email system where new customers must enter their email in a web form. This may cut down on your sales a little bit, but it will cut down on your spam by an even greater percentage.

These spambots are the reason some web forms require you to type in a random string of characters that you can read in a distorted or skewed image. Such images are called a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). While these are sometime effective against spambots, they are also a problem for regular users because the images can be so distorted they are difficult to read. If you are blind, these CAPTCHAs can be replaced by an audio file that the user must identify. If you decide to use CAPTCHAs on your web site, be sure you follow accessibility guidelines.

You can find a variety of very detailed techniques to try to thwart spambots at:

http://www.turnstep.com/Spambot/

http://www.neilgunton.com/doc/spambot_trap

Ultimately the war against the spambots is unwinable. Instead of wasting all your resources trying to limit the spambots, your best bet is investing in strong anti-spam software. That way you will still get mail from your customers, but all those corrupt Nigerian officials will just have to live in your spam folder.