Email Harvesting Techniques

Ron, Good article. I have almost completely eliminated spam as a problem by using spam gourmet. It is web based, free, and once used you'll think it's the greatest thing ever. It works like this - You sign up for an account, no personal info necessary except a legit email to forward all "good" mail to. Let's say that the username you select is ronjor. From that point on, everything you signup for on the net like e-commerce, required emails for downloads with confirmation numbers, all of those kinds of things, can be given like this:
wilders.5.ronjor@spamgourmet.com There are other domains you can use as well, dfgh.net for example. With the above email address you have allowed Wilders to send you five emails before that "address" is shut off. The number is configurable down to one and up to whatever. If you put a "1" in the address, you would get your confirmation email address with password, for example, and never again hear from them again. There is no need to sign in and out of Spam Gourmet as all emails are created "on the fly" with no need to set up any address. Just give it out, with your desired number of times you wish to hear from them and it goes to work. All mail is forwarded to your "real" email address. If you decide you want to continue hearing from someone at an address you gave them, just sign-in and "whitelist" the address. It is seamless, simple, and has made spam a thing of the past for me.
http://www.spamgourmet.com/
Gerard

------

 

Yeah i use it too.

But very persistant spammers have tried to work around it too.

 

That's why SpamGourmet offers prefixes and watchwords. With a prefix, you prevent the desperate spammers that try emails like asdfsadfdsf.5.myaccount@spamgourmet.com since the prefix has to be included (prefix.real-account.5.myaccount@spamgourmet.com). Watchwords are more powerful, but limit your choice of email IDs since they have to include at least one watchword (e.g. with a watchword of spamme, real-account.5.myaccount@spamgourmet.com would not work but real-spamme-account.5.myaccount@spamgourmet.com would. See the SpamGourmet Advanced page for more details on these and other options.

 

Another one is Trashmail.net. It only sends one email before deleting the address so it's not quite as versatile as spamgourmet, but for those sites where you know you're just getting one email, it's great.

 

Believe you me, I have tried those techniques and spammers still work around them! prefixes were beaten simply by adding 1 or 2 to the string. I had to resort to regexp +watchwords, so far, finger crosses it is working.

 

All these are aimed at cures - how about prevention? We should avoid giving out our mail addresses to malicious forms in the first place.

I've always wished we had a toolbar (like the Google/Alexa bar) which would rank the trustability of web forms. A high rank would indicate that you could type your email address without second thoughts and a low rank would mean we should close and exit, these forms are used to harvest your email for distribution.

Something on the lines of this article on <a href=http://www.orchy.com/fg/> black listing forms helping mail harvestors.<a> Has something like this been attempted before? Is there a product out there doing this "form trustability ranking thing" or is it in the pipeline?

The logic is simple. Nothing complicated is attempted - he will attempt to post to all forms on the web with an unique URL being submitted for every form. Then he will track the spams received for each address. He will thus rate the web forms as malicious/good depending on the number of spams received.

If there are products out there on this line, I would be very interested in knowing about them.

 

Use SpamGourmet to create temporary addresses for every website (though it did have an outage recently). Sneakemail and SpamMotel offer similar services but without as many features.