Invalid e-mail address e-mail harvester trap

[cppgenius]

We want to create a page that generates round about 50 unique invalid e-mail addresses for all the spam bots and e-mail harvesters crawling our site each day. This will fuel the spammers' lists with hundreds of invalid e-mail addresses, cause hundreds of bounce backs for them and waste valuable time of their harvesters.

Is this a safe thing to do, can we walk the risk of getting banned or get into trouble because of some kind of law that we are not aware of prohibiting something like this?

We will appreciate any advice or suggestions.

Thanks.

[Miss Betsy]

I don't know much about spam traps except that they never send email, but I don't think that the spammers get the bouncebacks because so many spammers use zombied machines that rejecting at the server level doesn't go anywhere (since the sending machine does not accept incoming email). If you are accepting the spam and then sending an email bounce, it will only go to the forged return path (an innocent party).

AFAIK, spam traps are used to collect spam so that future email from that IP address can be blocked. If you use spamcop to identify the IP address, then the source IP address is notified just in case it is an error on the part of the server admin that whitehats immediately correct.

I don't think the spammers care either about their spiders gathering invalid addresses. Spammers even /create/ addresses that are probably invalid just hoping to hit one that is valid.

IMHO, the only thing that will hurt a spammers' business is to block the IP addresses that they are using to send the spam. That prevents any customers from buying their products and also if they are using a legitimate mail server to send spam, then the customers of that mail server do not get reliable service and can complain so that the server admin does something to stop the spammer. Content filters alone allow too many spam through (or if set high enough, will lose good email) though they need to be used in conjunction with blocking to identify new sources.

Miss Betsy

[Wazoo]

We want to create a page that generates round about 50 unique invalid e-mail addresses

The word "generates" and "unique invalid" are possible problematic.

"Poison" has been around for years. Those 'random' addresses it develops may have been "invalid" way back when, but .... as the 'net' population has exploded so much over the years, those 'unique' addresses seem to get fewer and fewer . again, with some spammers burning up hundreds of Domain names a month, that 'random' sample of non-unique names tends to be shrinking ....

This will fuel the spammers' lists with hundreds of invalid e-mail addresses, cause hundreds of bounce backs for them and waste valuable time of their harvesters.

Not sure how your "50" translates into "hundreds" .. and again, how exactly are you going to guarantee that your "generated invalid addresses" really are .... noting that if in fact they are truly "invalid" ... there would be no "bounce back" .... The scenario of an address that does end up with a valid Domain name also runs you into the scenario described under the definition of a "mis-directed Bounce" .... joining that 'party' would definitely end up causing you some issues in the end ...

Is this a safe thing to do, can we walk the risk of getting banned or get into trouble because of some kind of law that we are not aware of prohibiting something like this?

I've only touched on a few of the issues ...

[cppgenius]

Not sure how your "50" translates into "hundreds" .. and again, how exactly are you going to guarantee that your "generated invalid addresses" really are .... noting that if in fact they are truly "invalid" ... there would be no "bounce back" .... The scenario of an address that does end up with a valid Domain name also runs you into the scenario described under the definition of a "mis-directed Bounce" .... joining that 'party' would definitely end up causing you some issues in the end ...

Wazoo, I see what you mean. What we had in mind was a dynamic page generating more or less 50 unique invalid e-mail addresses on each page load, so if you refresh the page you will get another set of 50 e-mail addresses.

I never thought about mis-directed bounces. I see where you are going with this. I may be able to generate an invalid mailbox, but accidentally generate a valid domain and that will put yet another target on the spammer's list. For all I know I may be the indirect cause when the spammer overloads the server with tons of invalid e-mails until the spammer guesses a valid mailbox.

After reading your post I guess that spammers will welcome these bounce backs (if any) because then they can set their spamming software loose on that server until it finds a valid mailbox. The idea doesn't look that great anymore, good thing I asked before launching the project and perhaps causing loads of problems for my organisation.

Thank you for your insightful answers I appreciate it.

[btech]

Maybe link SpamPoison on your page?

http://spampoison.com/

[Farelf]

Maybe link SpamPoison on your page?...

I'm not sure if that actually averts any of the problems mentioned by Wazoo.

...dynamically generated fake email addresses, mostly on known spammer owned domains!

It is taking a lot on trust to imagine they are not actually contibuting to the problem. I'm sure they don't intend to but I would like some assurances before I used it. I guess they imagine that once a spammer knows the list is poisoned he will abandon it. Evidence (anecdotal and going by memory alone) seems to be that this is not always the case.

A definite "maybe" on that one, for mine.