As my email accounts get more spam everyday, I think more about how can we best fight off the spammers. And, as a programmer, I like to think of ways to automate processes.
Here’s one potential way to do that.. First, create an email account that would be the spam bait. For example, I created email@example.com. If anybody emails this account, they will be reported as spammers, so don’t do it. It is bait for the automatic email address harvesters to grab and use.
These spam-bait email addresses don’t even have to be visible to users. Hidden emails will still be gathered by the email collecting bots.
All email service providers should have a vested interest in fighting spam and getting rid of it.
- It would be less strain on their servers
- Better experience for the users
- Save money by having less paid employees to fight spam
- Good karma
By having the specific “spam bait” email addresses, it can provide more “official” data for Google, Microsoft, and other email companies to analyze emails specifically marked as spam and deleted, rather than just waiting in the spam folder. 100% known spam is already automatically deleted, we just need to help make it so that more spam is automatically deleted.
(Sidnote: Another title I was thinking about was “Experiment: Fight spam by increasing it!”, which may get a few more curious clicks compared to “Experiment: Fight spam with spam-bait email addresses”. Though, I wanted to be more straight-forward about this issue. It occurs to me that ideas may spread easier if they have a better name. My main idea so far is “NOS”. It can stand for “NO Spam”. It can also stand for boosting the speed at which we are able to get rid of spam.)
The end goal is to make sure that sending email spam is not a sustainable business model for anybody.
Entirely blocking/rejecting spam email by sending a “can’t send” message just lets the spammer use less resources by not contacting again. Instead, we can “allow” spam to go through then let email companies do their machine learning to block the spam for everybody, hopefully at the source. Another idea is to take a really long time to “accept” the email so that more spammer resources are used.
- Contact anti-spam companies (eg. Akismet) about being able to provide a spam-bait email address instead of blocking entirely.
- Post to HackerNews and Reddit after summarized better.
- Ask Gmail and Microsoft Outlook to comment.
- Create a “robot harvester”. Basically, provide a link on a page that contains 100s or 100s of generated links with auto-generated “content” and purposely make it very slow to load, and each link would provide even more links and content. The idea is to limit the robot’s resources more than our own resources. A “robots.txt” file can be supplied so that the “good” robots don’t get caught. (Sidenote: I’m likely not the first person to come up with this idea, so more research should be done to see if there is already a good open-source version of this.)
After writing about the idea, I performed a quick search and it looks like others have come up with the same email-spam-bait idea.
- 1998-2015: “Spam Archive”: This person has collected/archived all the spam received since 1998, using various spam-bait email addresses. The spam records are available for download.
- 2002-02: “Spam and web-visible email addresses”: An experiment was conducted to generate unique email address that were shown only once so that the source of the email-harvestor could be found.
- Unknown date: “Spam Bait”: Generally the same idea I had, except that it uses randomized (hopefully) non-existent email addresses. There also seems to be an sample “ad” similar to what email-harvestors would send out to people to use that harvesting service. The site also includes the Lisp program used to generate the random email addresses.
- Unknown date: “teergrube”: “[German for tar pit] A trap set to punish spammers who use an address harvester; a mail server deliberately set up to be really, really slow. To activate it, scatter addresses that look like users on the teergrube’s host in places where the address harvester will be trolling (one popular way is to embed the fake address in a Usenet sig block next to a human-readable warning not to send mail to it). The address harvester will dutifully collect the address. When the spammer tries to mailbomb it, his mailer will get stuck.”
Professional spammers might even be able to create the first “real AI”.
Note: This article was just about email spam itself rather than the scams that may come afterwards. If the email scam spam can be prevented, then it follows that there will be less scam victims also.