Flaming Mountainside: Breeding Internet Superbugs

I get a LOT of junk mail in my USPS mailbox in front of my house, and I pretty much ignore it, as long as it doesn’t look terribly important. It goes right into the trash.

I have to agree with vixie in the above article; the issue is not being solved, just pushed away.

In the Linux Admin world, currently, in order to have a mail server that will send to Yahoo! and AOL, among others, you already have to jump through plenty of hoops:

• Email DNS – Forward and reverse DNS entries for the IP and A record.
• SPF – Sender Policy Framework
• DomainKeys - By far, the worst, in my opinion.

These are just a few things to try, and still, the spam keeps flowing, because the spammer has a need to get his message through.  I suppose I could try Spamassassin or Postini.  Some companies even offer to manage the spam problem for you (and they do a pretty darn good job of it, too!).

As the old saying goes, “Necessity is the mother of invention.” Continuing to “fix” the spam issue will cause the number of spammers fluent in loopholes to exceed the number of hackers available to fix the problem.

All in all, how do we fix the spam issue? The same way we fix the junk mail issue: The delete key.

/cs

• addy@DELETE_THISdomain.com
• mayemail @ mydomain com
• Please contact us for contact information

To me, these seem very creative (except for the last one which was really kind of a joke).

I have found and implemented a solution on my server that seems to work very well for eluding this issue. It’s a little piece of javascript I like to call menc.js.

Here is a look at the code for the foolwrite function:

function foolwrite(a,b,c,d){
var mail;
var linkname;
var link;

mail=a+”@”+b+”.”+c;
linkname=’Contact’
if(d == 0){
document.write(mail);
} else {
link=’<a href=”mailto:’+mail+’”>’+linkname+’</a>’;
document.write(link);
}
}

As you can see, the function takes three arguments, which are the address, the domain, and the tld. From there, it builds a mailto link from the three pieces, and returns the link. You can also change the linkname variable to something custom, such as “webmaster” or ‘<img src=”path/to/file.jpg”>’ or something like that. The cool thing is that the source doesn’t have a scrapable address anymore.

To implement this function, you can either embed it directly, or call it from an external file, as I did, in the same way that you would use any regular javascript. In your code, simply place this line in the place where you would normally put your mailto: link:

foolwrite(“email”,”domain”,”tld”);

Don’t forget to enclose it in <script> tags.

And there you have it! This will prevent any screen-scraping-caused-spam that you may be receiving from your sites, and still allow customers to click and send you mail. This means you don’t have to have any forms that can easily be compromised!

/cs