1: #!/usr/bin/perl
2: # spamtrap_encode/spamtrap_decode
3: # zeitform Internet Dienste (c) 2003
4: # alex@zeitform.de - Version 0.1
5: #
6: # encrypt timestamp and ip address for random mail-addresses
7: #
8: # spamtrap_encode creates a blowfish encrypted hex string
9: # based on a given ip address and timestamp to construct
10: # dynamic mail addresses for online publishing
11: #
12: # If you publish your email address on your web site, you will
13: # be spammed. To minimize this, you can use methods to
14: # trick address harvesters:
15: #
16: # * "user at domain dot com"
17: # * "user-nospam@domain.com"
18: # * HTML encoded mailto
19: # * JavaScript generated mailto
20: # * other methods
21: #
22: # The method proposed by this encoder creates mail addresses
23: # that include a timestamp and the ip address of the remote
24: # host (i.e. of the harvester). This enables you to reveal
25: # the harvester's ip adress for received spam.
26: #
27: # usage:
28: #
29: # my $ip = $ENV{REMOTE_ADDR}; # e.g. "146.140.8.123"
30: # my $time = time; # unix timestamp
31: # my $key = "0123456789ABCDEF"; # key for Blowfish
32: #
33: # to generate the spamtrap string:
34: #
35: # my $string = spamtrap_encode($ip, $time, $key); # e.g. 78c1ed6da0322b3a
36: #
37: # to decode:
38: #
39: # ($ip, $time) = spamtrap_decode($string, $key); # returns ip address and timestamp
40: #
41: # Example:
42: #
43: # If you have an E-Mail address "joe@domain.com" and use qmail
44: # extensions to have addresses like "joe-anything@domain.com"
45: # you could publish your E-Mail address on websites with:
46: #
47: # print '<a href="mailto:joe-' . spamtrap_encode($ip, $time, $key) . '@domain.com">Joe</a>';
48: #
49: # which prints:
50: #
51: # <a href="mailto:joe-78c1ed6da0322b3a@domain.com">Joe</a>
52: #
53: # A perfect trap for address harvesters!
54: #
55: # Many thanks to Daniel A. Rehbein (http://daniel.rehbein.net/)
56: # for the idea to this code.
57: #
58: #### some dumy input
59: #
60: # $ip = quad-dooted ip address
61: # $time = unix timestamp
62: # $key = your secret key
63:
64: my $ip = "146.140.8.123";
65: my $time = time;
66: my $key = "0123456789ABCDEF";
67:
68: #### end dummy input
69:
70: my $string = spamtrap_encode($ip, $time, $key);
71:
72: print "time: $time\n";
73: print "ip: $ip\n";
74: print "cipher: $string\n";
75:
76: ($ip, $time) = spamtrap_decode($string, $key);
77:
78: print "time: $time\n";
79: print "ip: $ip\n";
80:
81: exit;
82:
83: ### sub land
84:
85: sub spamtrap_encode
86: {
87: my ($ip, $time, $key) = @_;
88: return unless $key;
89: return unless $time > 0;
90: return unless $ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/o;
91: my $inkey = pack("H16", $key);
92: my $plaintext = join("", map { chr } split (/\./, $ip)) . pack("L", $time);
93: use Crypt::Blowfish;
94: my $cipher = new Crypt::Blowfish $inkey;
95: my $string = unpack("H*", $cipher->encrypt($plaintext));
96: return $string;
97: }
98:
99: sub spamtrap_decode
100: {
101: my ($string, $key) = @_;
102: return unless $key;
103: return unless $string =~ /[0-9a-f]{16}/o;
104: my $inkey = pack("H16", $key);
105: use Crypt::Blowfish;
106: my $cipher = new Crypt::Blowfish $inkey;
107: my $plaintext = $cipher->decrypt(pack("H*", $string));
108: my $time = unpack("L", substr($plaintext, 4, 4));
109: my $ip = join(".", map { ord } split //, substr($plaintext, 0, 4));
110: return wantarray ? ($ip, $time) : "$ip $time";
111: }
112:
113: ###-fin |
Re: Anti-Spam Mail Address Encoding (with encrypted IP-Address)
by projekt21 (Friar) on Jul 14, 2003 at 13:23 UTC
|
Just to add some code that can be used as is, I have written a subclass for Apache::AntiSpam by Tatsuhiko Miyagawa, that implements this method. The code is not perfect but working. I also sended this to Tatsuhiko and asked him to bundle this with his modules.
package Apache::AntiSpam::SpamTrap;
use strict;
use vars qw($VERSION);
$VERSION = '0.01';
use Apache::AntiSpam;
use Apache::Constants qw(:common);
use base qw(Apache::AntiSpam);
use Crypt::Blowfish;
sub antispamize {
my($class, $email, $orig) = @_;
# this seems not very efficient
my $r = Apache->request();
# better error handling?
my $key = $r->dir_config('Key') || return SERVER_ERROR;
my $ip = $r->get_remote_host || return SERVER_ERROR;
my $time = time;
my $string = spamtrap_encode($ip, $time, $key);
$orig =~ s/\@/-$string\@/;
return $orig;
}
sub spamtrap_encode
{
my ($ip, $time, $key) = @_;
return unless $key;
return unless $time > 0;
return unless $ip =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/o;
my $inkey = pack("H16", $key);
my $plaintext = join("", map { chr } split (/\./, $ip)) . pack("L"
+, $time);
my $cipher = new Crypt::Blowfish $inkey;
my $string = unpack("H*", $cipher->encrypt($plaintext));
return $string;
}
1;
__END__
=head1 NAME
Apache::AntiSpam::SpamTrap - Add SpamTrap suffix to local-part in Emai
+l
=head1 SYNOPSIS
# in httpd.conf
<Location /antispam>
SetHandler perl-script
PerlAddVar Key 0123456789ABCDEF
PerlHandler Apache::AntiSpam::SpamTrap
</Location>
# filter aware
PerlModule Apache::Filter
SetHandler perl-script
PerlSetVar Filter On
PerlHandler Apache::RegistryFilter Apache::AntiSpam::SpamTrap Apache
+::Compress
=head1 DESCRIPTION
Apache::AntiSpam::SpamTrap is a subclass of Apache::AntiSpam, filter
module to prevent e-mail addresses exposed as is on web pages. This
module adds a Blowfish encrypted string suffix to the local-part of
e-mail addresses. This string contains a timestamp and the IP address
of the remote host. This enables you to identify a spammer's address
harvester by its IP address and take steps to prosecute him.
The encryption prevents faking and may help in a prosecuting attemp.
For example, C<apleiner@cpan.org> will be filtered to
C<apleiner-78c1ed6da0322b3a@cpan.org>.
This module is Filter aware, meaning that it can work within
Apache::Filter framework without modification.
You need to give the Blowfish key in your Apache configuration file.
To decode a received mail's SpamTrap string use the following function
+:
sub spamtrap_decode
{
my ($string, $key) = @_;
return unless $key;
return unless $string =~ /[0-9a-f]{16}/o;
my $inkey = pack("H16", $key);
use Crypt::Blowfish;
my $cipher = new Crypt::Blowfish $inkey;
my $plaintext = $cipher->decrypt(pack("H*", $string));
my $time = unpack("L", substr($plaintext, 4, 4));
my $ip = join(".", map { ord } split //, substr($plaintext, 0, 4
+));
return wantarray ? ($ip, $time) : "$ip $time";
}
=head1 TODO
=over 4
=item *
should make local address part be configured.
=back
=head1 AUTHOR
Alex Pleiner <alex@zeitform.de> - zeitform Internet Dienste 2003
This work is based on the Apache::AntiSpam::* modules provided by
Tatsuhiko Miyagawa <miyagawa@bulknews.net>. The idea is taken from
Daniel A. Rehbein (http://daniel.rehbein.net/).
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.
=head1 SEE ALSO
L<Apache::AntiSpam>
=cut
alex pleiner <alex@zeitform.de>
zeitform Internet Dienste | [reply]
[d/l] |
Re: Anti-Spam Mail Address Encoding (with encrypted IP-Adress)
by allolex (Curate) on Jul 10, 2003 at 21:42 UTC
|
++ to you. I enjoyed this idea very, very much. I've never heard of this before, but it seems brilliant. /me stops gushing.
Superaffenturbotittengeil!
--
Allolex
| [reply] |
Re: Anti-Spam Mail Address Encoding (with encrypted IP-Address)
by chanio (Priest) on Jul 11, 2003 at 05:40 UTC
|
Great idea!
I am going to spread the voice at SourceForge to come and read this article- This would work great at that site!
Because they manage all the developers' email addresses.
Actually, I think that there is a way of including all the non-*NIX users as well to enjoy this great tool. (I mean that not everybody has lots of composed email addresses just a single one. )
But I heard something of putting 2 @domain.com endings at an email address. It was done for re-routing emails through a different path in the Internet net.
Isn't it possible to apply that piece of password in some similar way so that it is not going to be interpreted by any email server and could reach to every email address?
I would give you the NOBEL Price, if I could vote for it! | [reply] |
Re: Anti-Spam Mail Address Encoding (with encrypted IP-Adress)
by Intrepid (Deacon) on Jul 10, 2003 at 20:01 UTC
|
| [reply] |
Re: Anti-Spam Mail Address Encoding (with encrypted IP-Address)
by YAFZ (Pilgrim) on Jul 14, 2003 at 10:10 UTC
|
I've already spread the news at the Turkish technology and opensource website fazlamesai.net.
Nice idea, good implementation. | [reply] |
Re: Anti-Spam Mail Address Encoding (with encrypted IP-Address)
by OverlordQ (Hermit) on Jul 16, 2003 at 05:13 UTC
|
IIRC, I saw a PHP-implementation of this, and forgot about it, since I dislike PHP. Nice to find a perl-based version, since we all know Perl is the better answer :-) | [reply] |
|
|
