One of my customers gets this email today from his online forum system:
From: Idiot Russian Spammer [email@example.com]
Sent: Tuesday, October 27, 2009 12:08 AM
Subject: I am a forum spammer! Delete my account immediately!! Re: Welcome
This email address was created solely to register automatically at
thousands of forums for the purposes of spamming forums like yours.
Remove my account and any other account registered with my email
address, and strongly consider strengthening your forum’s password
A Random Digilante Who Is Sick Of Forum Spammers
Gotta admire the guy’s honesty, eh?
It appears that the bot posts a registration request to the forum, then waits for a verify-email-address message sent from the forum. Then an auto-responder on the email address he provided (in this case, firstname.lastname@example.org) sends the message above.
The bot seems to be active and from China.
Despite the fact that the message chastises the forum for its weak security, it’s not as bad as it seems.
Sure, a CAPTCHA or some other token-based system or even a call to the Akismet service would probably have prevented this. But at least in my example, the bot had not yet verified its email address by visiting the verification link we provide, which is required before the user can post.
Still, it sounds like it would be a pretty modest modification to make to the bot – rather than a mere auto-responder: he simply pipes the incoming message to a processing script that looks for links to “click”. But that would not be available on a gmail address; he’d probably have to host someplace. But that location would then represent a decent hook on which forums could ban access.
So it seems to be a cute novelty, an annoyance. Still, the advice it gives is worthwhile. Never hurts to employ better spambot detection.