Business-PHP -- Functionality. Security. Aesthetics.


cookie jar 1.01

The idea isn't new: A spambot's IP address can be found by "poisoning" it with information that can reveal its location, thus catching the address harvester with their hand in the cookie-jar!

This is intended to be a better mousetrap.

Every page that's served can include() a script that generates an email address. Unlike normal email addresses, this email address may reveal the date and time of the visitor:

Using the above example, if one was receiving mail for "" then one could track down a spambot when the mail comes in (especially if that machine name is used only for catching spam).

In most current scripts that do this, there are two ways that the information is passed to the bot. The first way, as shown above, is just a plain text address. This would be trivially easy for a bot to filter out, thus keeping its whereabouts secret. The other way that this type of poison is commonly dispensed is by generating an email address that contains either a hash (of the visitor's information) or a serial number. Here's an example using an md5 hash of the above address:
The hash or serial number is then stored in a database, where it can be looked up later. This method is good for generating large databases full of 99.99999% useless information, since the vast majority of visitors to a site are not spambots.

This script does not require a database of all visitors, nor does it use an email address that can be easily detected (and filtered out) by a spambot. The data containing the visitor's information is encoded into fairly small address. Aside from producing a smaller address than base64 encoding, this encoding method can survive being forced to all uppercase or all lowercase. This also produces some surprisingly pronounceable addresses, likely to trick any phonetic tests that a spam-bot might run against it:

The script can be included in each page on a server by doing this:
<!-- <?php include('/path/to/cookiejar.php'); ?> -->
which will produce:

Note that the PHP tags are inside of the HTML comment tags - this keeps the output from the script hidden from normal users but still available to bots. The output from the script can also be hidden with <FONT>, <DIV> or <SPAN> tags, to make the text either invisible or the same color as the background.

If (when!) mail comes to an address generated by this script, the script can be used to decode the address. Just go to the script, and append a '?' (question mark) followed by the address:

It may also be useful to feed these messages directly into a spam-filter application to train as spam.

This project was inspired by

More open source scripts

Contact & Support