I've seen people who generate unique e-mail addresses for each web page served up and then if they get spam to that one, they can simply block it. Instead of using a complex system to keep track of each hit and everything, I wrote a small script that will convert the IP address to a unique address with some randomness.
#!/usr/bin/perl
use CGI qw/:standard/;
use Socket;
my $domain="example.com";
my ($host, $user);
my @nums = (['m', 'l'], # 0
['q', 't'], # 1
['x', 'd'], # 2
['z', 'k'], # 3
['s', 'b'], # 4
['c', 'h'], # 5
['r', 'n'], # 6
['v', 'p'], # 7
['g', 'j'], # 8
['w', 'f'], # 9
['a', 'e'], # 10
['i', 'o'], # 11
['u', '1'], # 12
['2', '4'], # 13
['5', '6'], # 14
['9', '7']); # 15
$host = remote_host();
if ($host !~ /^(\d{1,3}\.){3}\d{1,3}$/) {
$host = inet_ntoa(scalar gethostbyname($host));
}
$user = "";
foreach $octet (split /\./, $host) {
$high = $octet>>4;
$low = $octet & 0xF;
$user .= $nums[$high][int rand 2];
$user .= $nums[$low][int rand 2];
}
$user = "webmaster" if (!$user);
print header;
print start_html, "E-mail me <A HREF=\"mailto:$user\@$domain\">$user\@
+$domain</A>", end_html;
And you use the following to decode:
#!/usr/bin/perl
#use CGI qw/:standard/;
use Socket;
my ($addr);
my @nums = (['m', 'l'], # 0
['q', 't'], # 1
['x', 'd'], # 2
['z', 'k'], # 3
['s', 'b'], # 4
['c', 'h'], # 5
['r', 'n'], # 6
['v', 'p'], # 7
['g', 'j'], # 8
['w', 'f'], # 9
['a', 'e'], # 10
['i', 'o'], # 11
['u', '1'], # 12
['2', '4'], # 13
['5', '6'], # 14
['9', '7']); # 15
my %backwards;
for ($i = 0; $i < 16; $i++) {
$backwards{$nums[$i]->[0]} = $i;
$backwards{$nums[$i]->[1]} = $i;
}
$addr = shift || die;
$addr =~ s/\@.*//;
if (length $addr != 8) {
print "Bad length\n";
exit;
}
@chars = split //, $addr;
for ($i = 0; $i < 8; $i += 2) {
push @octets, $backwards{$chars[$i]}<<4 | $backwards{$chars[$i+1]}
+;
}
$ip = join ".", @octets;
print "IP is $ip\n";
$host = scalar gethostbyaddr(scalar inet_aton($ip), AF_INET) || "unkno
+wn";
print "Host is $host\n";
The only to make sure of is that both @nums are the same in each program. Since each IP can been encoded to 256 (2^8), you don't run a high chance of blacklisting everyone from the same IP (if a spammer uses some AOL account to look at the page, then later someone innocent gets the same IP address and looks at the page, they'll likely get different addresses). No need to keep a separate database.