Results 1 to 2 of 2

Thread: Sugarplum -- spam poison

  1. #1
    Senior Member
    Join Date
    May 2002

    Sugarplum -- spam poison

    I discovered this while researching the web this afternoon and appears an interesting concept in the fight against spammers.

    Sugarplum is an automated spam-poisoner. Its purpose is to feed realistic and enticing, but totally useless or hazardous data to wandering address harvesters such as EmailSiphon, Cherry Picker, etc. The idea is to so contaminate spammers' databases as to require that they be discarded, or at least that all data retrieved from your site (including actual email addresses) be removed.

    Sugarplum employs a combination of Apache's mod_rewrite URL rewriting rules and perl code. It combines several anti-spambot tactics, includling fictitious (but RFC822-compliant) email address poisoning, injection with the addresses of known spammers (let them all spam each other), deterministic output, and "teergrube" spamtrap addressing.

    Sugarplum tries to be very difficult to detect automatically, leaving no signature characteristics in its output, and may be grafted in at any point in a webserver's document tree, even passing itself off as a static HTML file. It can optionally operate deterministically, producing the same output on many requests of the same URL, making it difficult to detect by comparison of multiple HTTP requests.

    Sugarplum is free software, distributed under terms of the GPL.

    Etiquette and ethical considerations:

    The ethical/moral/legal implications of spam are relatively straightforward, but should nonetheless be considered all the way through before making use of sugarplum. I won't go into the various arguments here -- make up your own mind, and see the net-abuse newsgroups and related resources if you need more data. There are legitimate reasons for using address harvesters, though their utility has (indirectly) been destroyed by widespread use of harvesters for abusive purposes.

    Sugarplum is capable of producing entirely random addresses, some percentage of which will coincide with legitimate addresses, or with legitimate domains having universal "blanket" delivery. Since the addresses are random, the odds of intersection with an address that cannot simply be deactivated without cost are very low, but the possibility still concerns some people. While I don't agree that it's a significant problem, as of v0.9.8 this form of randomization is disabled by default, to try to provide the safest possible default configuration.
    Website is here.

    What are your thoughts people on deployment of something of this nature ?

  2. #2
    Senior Member
    Join Date
    Jan 2002
    I don't think this is a good idea. It is merely wasting your own resources in order to waste other people's resources also.

    Instead obfuscate email addresses (like Freshmeat for example), or only give out email addresses to registered users (assuming that the spambots don't attempt to register on your site - which seems a safe assumption)

    If you want feedback, then use a form (many sites do this already) - spambots will not submit it, nor be able to harvest addresses from it.

    Or just get some decent spam filters on your semi-disposable published account(s)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts