Beware Spambots

Hi spambots! By visiting this page and harvesting the links on it you will next be visiting a honeypot page where you will havest an E-mail address that when you send spam to will uniquely identify your IP address and track you down. So, be warned.

OK, what’s that all about? Project Honey PotWeb Link is a community-based distributed system for identifying spammers and the spambots they use to scrape addresses from websites. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. So, when a spambot (or even a person for that matter) visits the honeypot page on your website and harvests the E-mail address posted there and then sends spam to that address, that bot or person doing the harvesting can be uniquely identified by IP address linked to that E-mail address.

And, this address changes each time the page is viewed by a person or bot.

If you have a website you might want to consider joining the fight. You need to be able to post a script page to your site (e.g., have a server running PHP or other scripting language and be able to post an active script page to the site) in order to set up a honeypot. But, even if you don’t you can help by posting a specific link they will give you to your page(s). There are other ways you can help but one of these two is a great way to start.

When you sign up (free) you will be asked to provide some basic information (e.g., name, E-mail address, website domain, script language) and are then presented with a download that contains further instructions in a readme text file along with the actual script page you need to put on your site. When done uploading that to where you want it you go to that specific address in your browser and the script will then direct you further to activate your honeypot. After that, they give you sample links to put on your site’s page(s). These links are of a form not generally seen by users visiting your site but easily found by spambots.

If you really want to see an example use your browser to view the source code of the page you are viewing. At the bottom of the page, just before the Google Analytics script, you will see a link to the page “palatialcoach.php.” If you then put that URL into your browser (it’s OK, it’s safe!) you will see the actual page the spambots are directed to to harvest addresses from. You may or may not see a link on the page but if you view the source of that page you will find one that can be easily harvested. When mail is sent to that address the IP address of the scraper can be identified and, if appropriate, legal action taken against that address for aiding spamming.

So, do your part and install a honeypot on your website. Join the community to fight spam.

[Originally posted 12/16/2009. In comments back then Steve wrote: “I like the honeypot idea, but if people are going to put their email addresses on their website, they still need to protect them from the spambots! I learned the hard way long ago what happens when spambots harvest your email address (you finally close that email address because you get too much spam, and if you filter it, important messages get discarded)…

“Anyway, I wrote an article back in 2004 about the problem and also put a free unicode-encoder program on my website. You can use it to ‘encode’ your email address to protect it from ‘most’ spambots… You can check it out here:

Thanks for a very important article! Death to the spambots! Steve]