Is E-Mail Obscuration Worth It?
ThenAgain asks: "Many sites obscure e-mail addresses by adding noise (like 'STOPSPAM') or by translating the punctuation into words (Ex: 'me at domain dot com'). This makes users feel good but does it actually help? Ten lines of perl could defeat any of the present schemes with ease and the spammers have shown plenty of adaptability. So if we're not helping hold back the flood of spam, why are we decreasing the utility of the web by eliminating mailto tags and forcing users to hand-correct the addresses in their mail clients?"
I'd say the obfuscation makes us feel better and the spammers don't care anyway. they have millions of addresses and more everyday from folks who don't take a second to obfuscate..
Cool.. So, what ten lines do you recommend?
/dev/null most days, unless I'm looking for one of those precious "email validation" messages.
Give us 10 lines of perl that will harvest armored email accounts out of a large document, with at least half of the harvested addresses actually usable, and at least half of the potential addresses harvested.
The point is to make the harvesting costly, and reduce the usefulness of spam address harvesting. I maintain three email accounts. One that is used publicly, like here on Slashdot, one that is used for business transactions, like ordering things from Amazon, etc, and one that is a throwaway for registering accounts with various online services.
Of the three, the first one, which is displayed widely, on K5, Slashdot, Groklaw, LiveJournal, and a lot of other heavily trafficed community sites, does not receive any spam of note. The second gets a pretty steady flow.. And the third.. Well.. The third is redirected to
Btw, that first email address has been in use for over three years, now.
Weapons of Mass Analysis
email:(Thecapitalofnewyorkstate)354@hotmail.com.fi llintheblank.
no program is gonna figure it out, unless they knew the algorithm, which they likely don't. It's always *possible* to outmanuever the spammers in some way or another.
Whether it's worth the hassle, is of course, your call.
(albany354@hotmail.com is not my actual email address, so feel free to spam it.)
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
1. Writing those "ten lines of perl" is indeed worth it if you want the addresses from the site doing the obfuscation, especially if you know something about those contributing to the site and want to target particular types of people (probably not done often by spammers as they obviously prefer the shotgun approach). Spamming is a business and they can afford to pay programmers - and they DO, given that there are companies out there making software to service spammers.
2. If the obfuscation is automatic or defaults to "on" there really is no message being sent by the owner of the address.
I leave my address open (here and elsewhere) for two reasons: I don't really care what drops into that particular inbox and there's enough filtering on it, local and remote, that it's still useful as an open contact point.
I suspect that the email harvesters don't really care about the person behind the email address, all they want is lots of valid email addresses which they can sell to spammers.