Apache::AntiSpam::SpamTrap - Add SpamTrap suffix to local-part in Email


  # in httpd.conf
  <Location /antispam>
  SetHandler perl-script
  PerlAddVar Key 0123456789ABCDEF
  PerlHandler Apache::AntiSpam::SpamTrap

  # filter aware
  PerlModule Apache::Filter
  SetHandler perl-script
  PerlSetVar Filter On
  PerlHandler Apache::RegistryFilter Apache::AntiSpam::SpamTrap Apache::Compress


Apache::AntiSpam::SpamTrap is a subclass of Apache::AntiSpam, filter module to prevent e-mail addresses exposed as is on web pages. This module adds a Blowfish encrypted string suffix to the local-part of e-mail addresses. This string contains a timestamp and the IP address of the remote host. This enables you to identify a spammer's address harvester by its IP address and take steps to prosecute him.

The encryption prevents faking and may help in a prosecuting attemp.

For example, will be filtered to

This module is Filter aware, meaning that it can work within Apache::Filter framework without modification.

You need to give the Blowfish key in your Apache configuration file.

To decode a received mail's SpamTrap string use the following function:

  sub spamtrap_decode
      my ($string, $key) = @_;
      return unless $key;
      return unless $string =~ /[0-9a-f]{16}/o;
      my $inkey = pack("H16", $key);
      use Crypt::Blowfish;
      my $cipher = new Crypt::Blowfish $inkey;
      my $plaintext = $cipher->decrypt(pack("H*", $string));
      my $time = unpack("L", substr($plaintext, 4, 4));
      my $ip = join(".", map { ord } split //, substr($plaintext, 0, 4));
      return wantarray ? ($ip, $time) : "$ip $time";


  • should make local address part be configured.


Alex Pleiner <> - zeitform Internet Dienste 2003

This work is based on the Apache::AntiSpam::* modules provided by Tatsuhiko Miyagawa <>. The idea is taken from Daniel A. Rehbein (

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.