Gibberish spam - what does this mean?

Question

There seems to be a bot attempting to spam through my contact form - attempting to send hundreds of emails with PURE gibberish:

1vvQZe mnfxobzahiga, [url=http://dxicyigwtdyn.com/]dxicyigwtdyn[/url], [link=http://hhulyjnulbvz.com/]hhulyjnulbvz[/link], http://nfggzmenyqcl.com/

I'm really trying to keep from using captchas on my site, but this is getting ridiculous.

1. can anybody explain exactly what these spammers are trying to do?
2. what non-captcha lengths can i go through to detect them? keep in mind that they are switching IP's every email

Answer 1

A solution that often helps when fighting against spam, that is used by several blogging-engines (I use it on my blog, and it's not bad), is akismet : they provide a free service for personnal use -- and there is some service for commercial use too.

I've never used their API directly, but, basically, I suppose you send it the comment, and you get in return an information saying "spam" or not.

Answer 2

Re: non-captchas:

1) Many times these robots try to provide a value for every input. So add an input to your form which has css styling of display: none. Then, if the field has a value, you know the submittor was a robot.

2) Ask an easy question on your form: "What is 1 plus four: "

Added: For method 2, be prepared for answers of "5", "Five", "five", etc.

Answer 3

Most modern spam filters work by some form of Bayesian Analysis http://en.wikipedia.org/wiki/Bayesian_analysis

If these messages don't trigger the spam filter as "bad" they will end up in the "good" filter, weighting a future real spam message (Viagra ad or Nigerian scam or whatever) which also contains the same gibberish. So they are seeding your spam filter so they can get past it later.

My thoughts were quickly supported by analysis on many sites through a simple Google search. See, for instance, http://ezinearticles.com/?Gibberish-Spam-Email---Why-Do-Spammers-Send-It?&id=573584

Answer 4

They may be sending test messages to mailboxes they monitor to try to determine if your site can be used as a spam gateway. That's my suggestion.

Another possibility (as mentioned already) is that they're trying to improve the IP address reputation by sending apparently-good mails from the server.

---

As far as trying to block them is concerned - their bots are normally very stupid. They don't parse the HTML properly and they certainly don't read the form or support CSS. Add a field called something like 'email' inside a display='none' element. Ensure that this field is left blank by legitimate respondents, and bots are almost certainly going to fill it in anyway. Rename your real email field to something else.

Then any form submit with a value in the unfillable field is definitely spam and can be ignored.

Other options include using Javascript (which bots generally don't execute) to fill a hidden field, but these place more requirements on legitimate user agents (still better than a captcha though).

Provided the technique you use isn't too common or similar to those used by lots of other sites, the bots will not have a work-around for it.