Anti-Spam Mail Address Encoding (with encrypted IP-Address)

   1: #!/usr/bin/perl
   2: # spamtrap_encode/spamtrap_decode
   3: # zeitform Internet Dienste (c) 2003
   4: # alex@zeitform.de - Version 0.1
   5: #
   6: # encrypt timestamp and ip address for random mail-addresses
   7: #
   8: # spamtrap_encode creates a blowfish encrypted hex string
   9: # based on a given ip address and timestamp to construct
  10: # dynamic mail addresses for online publishing
  11: #
  12: # If you publish your email address on your web site, you will
  13: # be spammed. To minimize this, you can use methods to
  14: # trick address harvesters:
  15: # 
  16: #   * "user at domain dot com"
  17: #   * "user-nospam@domain.com"
  18: #   * HTML encoded mailto
  19: #   * JavaScript generated mailto
  20: #   * other methods
  21: #
  22: # The method proposed by this encoder creates mail addresses
  23: # that include a timestamp and the ip address of the remote
  24: # host (i.e. of the harvester). This enables you to reveal
  25: # the harvester's ip adress for received spam. 
  26: #
  27: # usage:
  28: #
  29: # my $ip   = $ENV{REMOTE_ADDR};   # e.g. "146.140.8.123"
  30: # my $time = time;                # unix timestamp
  31: # my $key  = "0123456789ABCDEF";  # key for Blowfish
  32: #
  33: # to generate the spamtrap string:
  34: #
  35: # my $string = spamtrap_encode($ip, $time, $key);  # e.g. 78c1ed6da0322b3a
  36: #
  37: # to decode:
  38: #
  39: # ($ip, $time) = spamtrap_decode($string, $key);   # returns ip address and timestamp
  40: #
  41: # Example:
  42: #
  43: # If you have an E-Mail address "joe@domain.com" and use qmail
  44: # extensions to have addresses like "joe-anything@domain.com"
  45: # you could publish your E-Mail address on websites with:
  46: #
  47: # print '<a href="mailto:joe-' . spamtrap_encode($ip, $time, $key) . '@domain.com">Joe</a>';
  48: #
  49: # which prints:
  50: #
  51: #  <a href="mailto:joe-78c1ed6da0322b3a@domain.com">Joe</a>
  52: #
  53: # A perfect trap for address harvesters!
  54: #
  55: # Many thanks to Daniel A. Rehbein (http://daniel.rehbein.net/)
  56: # for the idea to this code.
  57: #
  58: #### some dumy input
  59: #
  60: #  $ip   = quad-dooted ip address
  61: #  $time = unix timestamp
  62: #  $key  = your secret key
  63: 
  64: my $ip   = "146.140.8.123";
  65: my $time = time;
  66: my $key  = "0123456789ABCDEF";
  67: 
  68: #### end dummy input
  69: 
  70: my $string = spamtrap_encode($ip, $time, $key);
  71: 
  72: print "time:   $time\n";
  73: print "ip:     $ip\n";
  74: print "cipher: $string\n";
  75: 
  76: ($ip, $time) = spamtrap_decode($string, $key);
  77: 
  78: print "time:   $time\n";
  79: print "ip:     $ip\n";
  80: 
  81: exit;
  82: 
  83: ### sub land
  84: 
  85: sub spamtrap_encode
  86:   {
  87:     my ($ip, $time, $key) = @_;
  88:     return unless $key;
  89:     return unless $time > 0;
  90:     return unless $ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/o;
  91:     my $inkey = pack("H16", $key);
  92:     my $plaintext = join("", map { chr } split (/\./, $ip)) . pack("L", $time);
  93:     use Crypt::Blowfish;
  94:     my $cipher = new Crypt::Blowfish $inkey;
  95:     my $string = unpack("H*", $cipher->encrypt($plaintext));
  96:     return $string;
  97:   }
  98: 
  99: sub spamtrap_decode
 100:   {
 101:     my ($string, $key) = @_;
 102:     return unless $key;
 103:     return unless $string =~ /[0-9a-f]{16}/o;
 104:     my $inkey = pack("H16", $key);
 105:     use Crypt::Blowfish;
 106:     my $cipher = new Crypt::Blowfish $inkey;
 107:     my $plaintext = $cipher->decrypt(pack("H*", $string));
 108:     my $time = unpack("L", substr($plaintext, 4, 4));
 109:     my $ip = join(".", map { ord } split //, substr($plaintext, 0, 4));
 110:     return wantarray ? ($ip, $time) : "$ip $time";
 111:   }
 112: 
 113: ###-fin

Comment on Anti-Spam Mail Address Encoding (with encrypted IP-Address) Download Code

Replies are listed 'Best First'.
Re: Anti-Spam Mail Address Encoding (with encrypted IP-Address) by projekt21 (Friar) on Jul 14, 2003 at 13:23 UTC
Just to add some code that can be used as is, I have written a subclass for Apache::AntiSpam by Tatsuhiko Miyagawa, that implements this method. The code is not perfect but working. I also sended this to Tatsuhiko and asked him to bundle this with his modules. package Apache::AntiSpam::SpamTrap; use strict; use vars qw($VERSION); $VERSION = '0.01'; use Apache::AntiSpam; use Apache::Constants qw(:common); use base qw(Apache::AntiSpam); use Crypt::Blowfish; sub antispamize { my($class, $email, $orig) = @_; # this seems not very efficient my $r = Apache->request(); # better error handling? my $key = $r->dir_config('Key') \|\| return SERVER_ERROR; my $ip = $r->get_remote_host \|\| return SERVER_ERROR; my $time = time; my $string = spamtrap_encode($ip, $time, $key); $orig =~ s/\@/-$string\@/; return $orig; } sub spamtrap_encode { my ($ip, $time, $key) = @_; return unless $key; return unless $time > 0; return unless $ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/o; my $inkey = pack("H16", $key); my $plaintext = join("", map { chr } split (/\./, $ip)) . pack("L" +, $time); my $cipher = new Crypt::Blowfish $inkey; my $string = unpack("H", $cipher->encrypt($plaintext)); return $string; } 1; __END__ =head1 NAME Apache::AntiSpam::SpamTrap - Add SpamTrap suffix to local-part in Emai +l =head1 SYNOPSIS # in httpd.conf <Location /antispam> SetHandler perl-script PerlAddVar Key 0123456789ABCDEF PerlHandler Apache::AntiSpam::SpamTrap </Location> # filter aware PerlModule Apache::Filter SetHandler perl-script PerlSetVar Filter On PerlHandler Apache::RegistryFilter Apache::AntiSpam::SpamTrap Apache +::Compress =head1 DESCRIPTION Apache::AntiSpam::SpamTrap is a subclass of Apache::AntiSpam, filter module to prevent e-mail addresses exposed as is on web pages. This module adds a Blowfish encrypted string suffix to the local-part of e-mail addresses. This string contains a timestamp and the IP address of the remote host. This enables you to identify a spammer's address harvester by its IP address and take steps to prosecute him. The encryption prevents faking and may help in a prosecuting attemp. For example, C<apleiner@cpan.org> will be filtered to C<apleiner-78c1ed6da0322b3a@cpan.org>. This module is Filter aware, meaning that it can work within Apache::Filter framework without modification. You need to give the Blowfish key in your Apache configuration file. To decode a received mail's SpamTrap string use the following function +: sub spamtrap_decode { my ($string, $key) = @_; return unless $key; return unless $string =~ /[0-9a-f]{16}/o; my $inkey = pack("H16", $key); use Crypt::Blowfish; my $cipher = new Crypt::Blowfish $inkey; my $plaintext = $cipher->decrypt(pack("H", $string)); my $time = unpack("L", substr($plaintext, 4, 4)); my $ip = join(".", map { ord } split //, substr($plaintext, 0, 4 +)); return wantarray ? ($ip, $time) : "$ip $time"; } =head1 TODO =over 4 =item * should make local address part be configured. =back =head1 AUTHOR Alex Pleiner <alex@zeitform.de> - zeitform Internet Dienste 2003 This work is based on the Apache::AntiSpam::* modules provided by Tatsuhiko Miyagawa <miyagawa@bulknews.net>. The idea is taken from Daniel A. Rehbein (http://daniel.rehbein.net/). This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. =head1 SEE ALSO L<Apache::AntiSpam> =cut [download] alex pleiner <alex@zeitform.de> zeitform Internet Dienste	[reply] [d/l]
Re: Anti-Spam Mail Address Encoding (with encrypted IP-Adress) by allolex (Curate) on Jul 10, 2003 at 21:42 UTC
++ to you. I enjoyed this idea very, very much. I've never heard of this before, but it seems brilliant. /me stops gushing. Superaffenturbotittengeil! -- Allolex	[reply]
Re: Anti-Spam Mail Address Encoding (with encrypted IP-Adress) by Intrepid (Deacon) on Jul 10, 2003 at 20:01 UTC
corrected title (in English) for future searchers: Re: Anti-Spam Mail Address Encoding (with encrypted IP Address) You wrote: 21: # The method proposed by this encoder creates mail addresses 22: # that include a timestamp and the ip address of the remote 23: # host (i.e. of the harvester). This enables you to reveal 24: # the harvester's ip adress for received spam. I just noticed that you had no replies yet to this posting and I wanted you to know that I think its a bloody brilliant idea. Kudos! I will be trying it out when I have a chance to create content on a server where I can run perl. Soren A	[reply]
Re: Anti-Spam Mail Address Encoding (with encrypted IP-Address) by chanio (Priest) on Jul 11, 2003 at 05:40 UTC
Great idea! I am going to spread the voice at SourceForge to come and read this article- This would work great at that site! Because they manage all the developers' email addresses. Actually, I think that there is a way of including all the non-*NIX users as well to enjoy this great tool. (I mean that not everybody has lots of composed email addresses just a single one. ) But I heard something of putting 2 @domain.com endings at an email address. It was done for re-routing emails through a different path in the Internet net. Isn't it possible to apply that piece of password in some similar way so that it is not going to be interpreted by any email server and could reach to every email address? I would give you the NOBEL Price, if I could vote for it!	[reply]
Re: Anti-Spam Mail Address Encoding (with encrypted IP-Address) by YAFZ (Pilgrim) on Jul 14, 2003 at 10:10 UTC
I've already spread the news at the Turkish technology and opensource website fazlamesai.net. Nice idea, good implementation.	[reply]
Re: Anti-Spam Mail Address Encoding (with encrypted IP-Address) by OverlordQ (Hermit) on Jul 16, 2003 at 05:13 UTC
IIRC, I saw a PHP-implementation of this, and forgot about it, since I dislike PHP. Nice to find a perl-based version, since we all know Perl is the better answer :-)	[reply]


go ahead... be a heretic
	PerlMonks

Anti-Spam Mail Address Encoding (with encrypted IP-Address)

corrected title (in English) for future searchers: Re: Anti-Spam Mail Address Encoding (with encrypted IP Address)

corrected title (in English) for future searchers:
Re: Anti-Spam Mail Address Encoding (with encrypted IP Address)