Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is E-Mail Obscuration Worth It?

Posted by Cliff on from the minor-annoyances dept.

ThenAgain asks: "Many sites obscure e-mail addresses by adding noise (like 'STOPSPAM') or by translating the punctuation into words (Ex: 'me at domain dot com'). This makes users feel good but does it actually help? Ten lines of perl could defeat any of the present schemes with ease and the spammers have shown plenty of adaptability. So if we're not helping hold back the flood of spam, why are we decreasing the utility of the web by eliminating mailto tags and forcing users to hand-correct the addresses in their mail clients?"

14 of 204 comments (clear)

  1. first post? by Sdevine · · Score: 5, Insightful

    I'd say the obfuscation makes us feel better and the spammers don't care anyway. they have millions of addresses and more everyday from folks who don't take a second to obfuscate..

  2. 10 Lines? by swdunlop · · Score: 4, Insightful

    Cool.. So, what ten lines do you recommend?

    Give us 10 lines of perl that will harvest armored email accounts out of a large document, with at least half of the harvested addresses actually usable, and at least half of the potential addresses harvested.

    The point is to make the harvesting costly, and reduce the usefulness of spam address harvesting. I maintain three email accounts. One that is used publicly, like here on Slashdot, one that is used for business transactions, like ordering things from Amazon, etc, and one that is a throwaway for registering accounts with various online services.

    Of the three, the first one, which is displayed widely, on K5, Slashdot, Groklaw, LiveJournal, and a lot of other heavily trafficed community sites, does not receive any spam of note. The second gets a pretty steady flow.. And the third.. Well.. The third is redirected to /dev/null most days, unless I'm looking for one of those precious "email validation" messages.

    Btw, that first email address has been in use for over three years, now.

    --
    Weapons of Mass Analysis
    1. Re:10 Lines? by daviddennis · · Score: 4, Insightful

      I could picture someone writing a truly humungous program to get all known variations. You could get one or two variations with 10 lines of Perl, but there are hundreds of different NOSPAM schemes out there, and each one would need a few lines to parse.

      davidNOSPAM@amazing.com
      david at amazing.com
      davidATamazingDOTcom
      david@amazing.M OC (with verbal instructions to reverse it)
      etc

      I don't bother spamguarding my address because I like to make it easy for people to contact me, and because my email address, in use since 1993, is pretty much everywhere anyway.

      Quite honestly postal spam bothers me more than email, since I have to physically dispose of it all ...

      D

  3. try this by Joe+the+Lesser · · Score: 3, Insightful

    email:(Thecapitalofnewyorkstate)354@hotmail.com.fi llintheblank.

    no program is gonna figure it out, unless they knew the algorithm, which they likely don't. It's always *possible* to outmanuever the spammers in some way or another.

    Whether it's worth the hassle, is of course, your call.

    (albany354@hotmail.com is not my actual email address, so feel free to spam it.)

    --
    "I only speak the truth"
    Karma: null(Mostly affected by an unassigned variable)
    1. Re:try this by Craigj0 · · Score: 3, Insightful

      >email:(Thecapitalofnewyorkstate)354@hotmail.com.f i llintheblank.
      >no program is gonna figure it out, unless they knew the algorithm, which they likely don't. It's always *possible* to outmanuever the spammers in some way or another.
      >Whether it's worth the hassle, is of course, your call.

      Remember it is not just a hassle for the creator of the email address. It is also a pain in the ass for everyone else. I for one hope I never have to send an email to someone doing that type of masking. How many of us non americans know what the capital of new york state is? I for one will not be looking it up unless I really need to email you.

  4. Re:Because... by Babbster · · Score: 4, Insightful
    A couple things:

    1. Writing those "ten lines of perl" is indeed worth it if you want the addresses from the site doing the obfuscation, especially if you know something about those contributing to the site and want to target particular types of people (probably not done often by spammers as they obviously prefer the shotgun approach). Spamming is a business and they can afford to pay programmers - and they DO, given that there are companies out there making software to service spammers.

    2. If the obfuscation is automatic or defaults to "on" there really is no message being sent by the owner of the address.

    I leave my address open (here and elsewhere) for two reasons: I don't really care what drops into that particular inbox and there's enough filtering on it, local and remote, that it's still useful as an open contact point.

  5. spamcop.net makes me feel good by njchick · · Score: 2, Insightful
    I don't obscure my e-mail address. My e-mail is filtered by spamcop.net. All the spam sent to me gets reported without taking too much of my time. It's the feeling that I fight spammers rather than hide from them that makes me feel good. The filtering costs $30 a year, and it's an excellent value. No, I'm not affiliated with spamcop.net in any other way.

    My less technical friends have no problem mailing me because I use a mailto link on my homepage.

    I use a separate yahoo address for shopping. I don't want my shopping information to be linked to my personal website. The spam from the yahoo address is also fed to spamcop.net. Sometimes I also use one-time hotmail addresses to buy from dealers with high spam risk. I simply stop using those accounts and forget the password once the transaction is complete.

  6. Re:My sig by Lukey+Boy · · Score: 2, Insightful

    Maybe the bots filter the word spam.

  7. Server side scripting by mikeswi · · Score: 2, Insightful

    I don't obfuscate at all. I use a server side script to generate a form. The client (browser, spambot, whoever) never sees the address. It is not possible to figure out the address, no matter how determined the spammer is.

    I VERY HIGHLY recommend this free php or asp email form.

    --
    Only on /.
  8. Re:In heavy traffic and Distinct sites ..Re:10 Lin by swdunlop · · Score: 2, Insightful

    Excellent point; the Slashdot demographic is pretty narrowly focussed, compared to the market at large, and, as such, is extremely valuable for a someone targeting that demographic. Unfortunately, as another poster mentioned, they tend to be predispositioned against spam. I'd like to think that more people in the /. community are less likely to fall for the Niagra scam than your average bumpkin.

    Then again, when I start making optimistic guesses about /. readers, some silly new fad starts up (Russia, fp's, grits, etc.) , and I wind up reconsidering my position.

    --
    Weapons of Mass Analysis
  9. Think out of the box by Kris_J · · Score: 2, Insightful

    Given that inserting the word "SPAM" into an email address is a typical way of attempting to block spam, such that email harvesters might remove the word "SPAM", the trick is to have an email address that legitimately contains the word SPAM, preferably after the @, such that email harvesters bugger up the address. Spamcop.net and Spamgourmet.com both offer this feature. Makes life even harder for the little bots if you put a "NO" before the "SPAM", eg: blah@NOSPAMcop.net, then include a human readable "my address has no no in it".

  10. 10 lines of perl can pass the turing test? by You're+All+Wrong · · Score: 2, Insightful

    Sure, using YoureAllWrong(at)yahoo(dot)com is trivial to detect, but there are an infinite number of schemata that can be used. Just use your imagination.

    YAW.

    --
    Your head of state is a corrupt weasel, I hope you're happy.
  11. Re:Because... by Weh · · Score: 3, Insightful

    I suspect that the email harvesters don't really care about the person behind the email address, all they want is lots of valid email addresses which they can sell to spammers.

  12. Re:Future solution... by Grhm · · Score: 2, Insightful

    If you start hiding your email address in blurred or obsured images, you also end up pissing of those with poor eyesight.

    My dad can read email and surf fine without his glasses but sometimes he has to go get his glasses to work out what the "anti-automated-signup" image says.