I got a couple spams through my Lime Daley contact form the last couple days, so I took another look at the script that I was using.  I wrote it a year or two ago, and was my first attempt at writing an anti-spam tool that was designed to have a 0% false negative rate (ie. humans can't possibly fail - as opposed to the image recognizer thing, which I fail about 20% of the time, so I imagine less technical people people must fail and/or give up more often than that).

The one on the Lime Daley page isn't as good as the one I wrote for this blog, but I took a look at the statistics this morning, and it blocked 544 spams last month, only allowing three through.

Unfortunately, I don't know how to tell people about the method, since presumably spammers are smart enough to go looking for anti-spam methods to figure out how to break them.  And really, my method isn't all that tricky, so once spammers discover it, it likely won't last very long.  Although, the version I wrote for LifeType is better, and is easily customizable, so will be a little harder to bypass.  I guess the next step I would need to take is to make the key change on every page refresh, rather than being static all the time; hrm... although if the spammer was really smart, he could look for what data was static and what data was dynamic to figure out a way to bypass it even then.

Anyway, if you know me, or can somehow verify that you are not a spammer, I can show you the method. 

Posted by Jon Daley on October 4, 2007, 8:36 am | Read 3598 times
Category Internet: [first] [previous] [next] [newest] Reviews: [first] [previous] [next] [newest]
Comments

Or you could offer it as a LimeDaley service.... :)

Posted by SursumCorda on October 4, 2007, 9:08 am

Yeah, I thought perhaps people would find this via a search engine and want to buy it, which that would work as well. I generally have given it to any of my web hosting customers; I can't remember if I have sold it to anyone who wasn't a customer.

Posted by Jon Daley on October 4, 2007, 9:13 am

Well... the spammers have gotten smarter.

I have blocked 1170 spams from the web contact form in the last two months.

But, over the last three days, I have gotten one spam through each day. Annoying.

In other news, Lime Daley is now blocking 5 spams a minute, all day long, and looks like we are heading towards 2 million spams blocked next year. (only 880,869 blocked last year)

Posted by Jon Daley on November 1, 2007, 4:53 pm

In your experience, do spammers spoof from addrs altogether or do they send from legitimate freemail accounts?

Posted by Mike on November 2, 2007, 1:43 am

Generally faked email addresses. (and sometimes use my own address - one customer of mine had a couple thousand bounces the other days, all "sent" from his domain, but with faked usernames. However, since he uses a wildcard on his domain name, he received all of the bounces.

The recent spams I have received on my website have @msn.com addresses, I assume they are faked, but I guess they could be legitimate. I don't think the spammers want a response via email, but just going to their website (which is either hijacked forums, personal websites, or else cheapo domains/hosting)

I see that my latest spam is hosted by bravehosting.com, a free web host. I don't exactly know how these free hosts exist - I guess they don't really care that they have spammers on their system - they presumably still get the ad revenue, so they are happy enough to have all the people visiting their spammer.

Posted by jondaley on November 2, 2007, 9:15 am
Add Comment
Add comment
E-mail me when comments occur on this article

culpable-adaptable