Save Your Site from Spambots
Techniques to Prevent Address Scraping
By Steven Champeon
The problem: too much spam. Unsolicited advertising email continues to account for untold business losses each year. To give you an idea of the scope of the problem, in 1998 AOL reported that of the approximately 30 million email messages its servers handled each day, between 5 and 30 percent were spam. Assuming that this rate is true for other email providers as well, spam takes a significant economic toll on business, not merely in terms of Internet resources, but in lost employee productivity as well.
Sometimes, whether you receive bulk email is just the luck of the draw. Target addresses are often generated at random, or constructed from common usernames and domains. My own mail server is configured to forward any mail sent to my domain, regardless of address, straight to my account. Among the legitimate mail, I notice lots of spam for variations on hesketh.net (for example, ed@hesketh.net), even though there are very few real email addresses in that domain (which is just the Web hosting arm of my business).
There are many other ways in which real email addresses commonly fall into the hands of spammers. Any publicly available source of email addresses can be considered fuel for their activities. Usenet newsgroups and mailing lists have long been gold mines for spammers, who happily steal return addresses from posts.
One of the most popular sources of addresses for bulk mailings, however, is the Web. Software packages, known informally as "spambots," spider the Web collecting information in much the same way that search engines do.
