views:

212

answers:

2

Technically this might not be classed as a programming question, since I have already implemented a solution. But it's an interesting issue in the tech field nonetheless.

Anyway... I set up a basic contact form, without any spam protection. On discovering that it wasn't working, I ignored it and set up a Javascript to change all links pointing to the contact page to use mailto: links instead. (I intended to replace the form with an appropriate message about contacting me.) I discovered yesterday that the form is now suddenly working, because I'm getting spam from it. Here's an example:

Message received from contact form.

Name: pvenvoqks
Email: [email protected]

Message: Mx7orZ iafgvohkzxmv, [url=http://wxmrsloamyhf.com/]wxmrsloamyhf[/url], [link=http://gloukuwmttnj.com/]gloukuwmttnj[/link], http://vmekxmqouktx.com/

It's obviously just gibberish. I checked the links and they don't work. It seems like there is a robot just submitting random data in forms - although note that it managed to pick up that an email should be submitted in the appropriate field.

My question is, is this spam trying to serve a purpose? I would understand if the links led to real websites for viagra or malware or something, but they don't. It just seems totally random.

Aside: if anyone is interested, I used the "hidden field" solution to combat the spam. I used a hidden field called "Website", which, if filled in, does not send the email.

+2  A: 

The purpose of the email may have been to determine if your address bounces, if not then the address could be resold.

It could also be that the URLs were valid at one point in the past but have been taken down.

Don Neufeld
How would a bot know if the message bounced? They wouldn't know the email address the form is sent to, that's the point of having a form! I also checked several of the URL and they're not even *registered* so it's very unlikely they were active in the past (AFAIK you have to register a domain for at least a year, right?)
DisgruntledGoat
Ah, I had read the part about using mailto: links and thought that's how you'd gotten the email, in which case it might have had a from or reply-to header where the bounce could go.
Don Neufeld
+1  A: 

A possibility is that this gibberish spam was sent to mislead spam filters and reduce their effectiveness. Some spam filters are designed to change their strategy and settings in response to the data they receive - what spam is caught by the filter, and what the user marks as spam. It's just meant to confuse things and add garbage data points - in essence, spamming the spam filter!

calico-cat
That is certainly valid reasoning.
DisgruntledGoat