Spam Victims Take Action!

Spam (by misterbisson)

There are plenty of wrongs to right in the world. We can but deal with one at a time…

I don’t know about you, but email spam really annoys me. There’s something repulsive about deceitfully and repeatedly forcing useless products onto millions of people who really couldn’t care less about viagra logo enhancements or anything else on offer. So…

Take Action
If you’ve ever made your email address public on a website, the chances are that it’s been detected by a spam robot and added to its database.

For the benefit of such bots, I’ve written a little script to churn out scores of random addresses, with a link to a page that has more of the same. The result is the SpamPit. May they never come out again…

To Add a SpamPit to your Website…
Either download the code (simply unzip it and upload the three files into the main directory of your site) or go through each part of the code below. You are welcome to modify it and redistribute.

This PHP function will return random addresses within <a> tags:

function getEmails(){
  // Settings
  $num_letters = 10;
  $num_emails = 70;
  $tld = array('com', 'org', 'net');
  // Generate addresses
  $emails = '';
  for($i=0; $i<=$num_emails; $i++)
      $email = '@';
      for($j=0; $j<=$num_letters; $j++)
          $email = chr(rand(ord('a'), ord('z'))) . $email;
          $email .= chr(rand(ord('a'), ord('z')));
      $email .= '.' . $tld[rand(0, count($tld)-1)];
      $emails.= "<a href='mailto:$email'>$email, ";
  return substr($emails, 0, -2);

Simply call the function within the body of your page:

<?php echo getEmails(); ?>

If you want to have an infinite number of urls that call the same page, as in my version, you’ll need to do the following (assuming your site is hosted on an Apache server):

  • Save your page as spampit.php
  • Create a .htaccess file in your main directory, if you don’t have one already.
  • Add this to turn on the rewriting of urls:
    Options +FollowSymLinks
    RewriteEngine On
  • Add this rule to capture requests to any url that starts /spampit/:
    RewriteRule ^spampit(/?.*?(\d*)/)?$ /spampit.php?depth=$2 [L]
  • Add this PHP function to spampit.php, which returns the url of the next page:
    function getNextUrl(){
      if (!isset($_GET['depth']))
        { $depth = 1; }
      elseif ($_GET['depth'] != '')
        { $depth = intval($_GET['depth']) +1; }
        { $depth = 1; }
      $pattern = '/\/spampit\/?.*?\d*\/?$/';
      $replace = "/spampit/$depth/";
      $str = $_SERVER['REQUEST_URI'];
      return preg_replace($pattern, $replace, $str, 1);
  • You can now add an HTML link within the page to link it to the next page. You can get the href of the link by calling the function you just added:
    <?php echo getNextUrl(); ?>

    For example:

    <a href="<?php echo getNextUrl(); ?>">More addresses</a>
  • Finally, you may want to create a robots.txt file so that genuine search engine bots don’t choke on your infinite address book… Add these lines to the file:
    User-agent: *
    Disallow: /spampit/
    Allow: /spampit/$
    Disallow: /spampit/*/

    The first line addresses all (well-behaved) robots.

    The second line is a standard robots.txt rule that to prevent bots indexing any part of the /spampit/ directory.

    The third and fourth lines are extensions to the robots.txt format, followed by some robots, which will enable them to crawl only the first spampit page.

    We are assuming here that a spambot will not care about a site’s robots.txt file and will just go ahead and crawl through everything… Well, let them!

This entry was posted in Activism, Ethics, Technology. Bookmark the permalink.

15 Responses to Spam Victims Take Action!

  1. jiivan says:

    You’ve just made a nice copy of

  2. Premasagar says:

    Aha! I knew I can’t have been the first person to have thought of this! Thanks for link, Jiivan.

    SpamPoison seems to generate a list of random usernames at domains that are hosted by known spammers. Slick! That way, they get spam directed back to them.

    However, one disadvantage of that approach is that the number of domains is limited and addresses with those domains could be bypassed if the spambot was programmed to do so. My script generates random domains, which could not be known by the spambot in advance.

    Another difference is that the SpamPoison addresses are hosted on the SpamPoison severs, which could be avoided entirely by a spambot programmed to do so. By putting your own code on your own site, no spambot could know which sites to avoid…

  3. JohnnyTangent says:

    Hey there.

    I agree with the sentiments, but not sure about the solution.

    Basically the bots get fed lots of email addresses, yes? Problem there is that the bots’ll likely still send junk to those addresses (whether they exist or not), so you’re adding to the spam problem, which isn’t just about you and me having crap fed to us, but is also about clogging up the networks.

    A better solution might be to use your pit idea to trap the bot. They follow links. Generate a web of internal links (to more intrenal links etc) – all of which obviously are not proper pages – so that is gets stuck looking for emails instead of with finding them.

    Here are some tips to spam-proofing (obviously you’ll be aware of these, but perhaps your readers aren’t):

    Bear in mind that the bots are constantly updated. I’ve been using Hivelogic’s email enkoder for some sites

    But I’ve noticed that something about the code seems to get specifically targetted. This I imagine will be true with any well-known solutions.

    There’s a good discussion about blocking bots here:

    And followed up:

    Personally, I think it’s all an arms race, and thus ultimately self-defeating. But there are others playing the game and forcing the evolution so it’s a good idea to take basic precautionary measures.

  4. Premasagar says:

    JohnnyTangent – This is a good point. I hadn’t considered the issue of blocking up the networks… I’ll have to think on that one.

    Thanks for posting all those useful links.

  5. Lisa says:

    what does email spam do to people?
    what does it do to make them victims?

  6. bob marvin says:

    This is a devious idea….I like it! Does hostgator use apache servers? Thanks

  7. movie says:

    nice post and great information thank you very much.

  8. Action says:

    So cute! Keep up the good work!

  9. Go says:

    I really liked your idea for protection against spam.

  10. Vic says:

    Well its about time someone did something in reverse.

    @ Bob: I’m on hostgator and yes they do!

  11. Hi.. I get here from google.
    Looking for best spam plugin for wp actually cause my blog is always spammed very often, even when antispam plugin installed.

    I’m not good on those codes. What plugin do u think best?
    I found many plugins didn’t satisfy me.

    thanks :D

  12. I’m here.. again. ;)

    I installed WP-SpamFree finally. It’s good.. too good actually.
    It leaves no more spam in my blog.
    Sometimes I wonder if it also deletes comments that’s not considered as spam.

  13. i had this trick of my blog, look gut, great solusion thank you

  14. semangat says:

    nice post thank you very much

  15. nice code, i’ll try this because this is what i need.