Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Method For Foiling Email Harvesters?

Posted by ryuzaki0 on from the when-the-addresses-are-high-as-an-elephants-eye dept.

pjp6259 writes "One of the common ways that spammers generate email mailing lists is by harvesting email addressess from websites. But in many cases you also need to make it easy for your customers to reach you. I have found three common solutions to this problem: 1.) Use an image to replace your email address. 2.) Use ascii encodings for some/all of the characters. 3.) Use javascript to concatenate and/or obfuscate your email address. Which of these methods are most effective? Are email harvesters able to interpret javascript? What do you use?"

11 of 506 comments (clear)

  1. You can't have your cake an eat it too ... by un1xl0ser · · Score: 4, Insightful

    If you make it hard for 'bad guys', you make it hard for your customers/friends too. Some people like having mail-to links, and you won't be able to do that easily with an image.

    If you have a form to submit to on-line, tag it and let it go to the head of the class.

    --
    v4sw6PU$hw6ln6pr4F$ck 4/6$ma3+6u7LNS$w2m4l7U$i2e4+7en6a2X h
  2. Re:Make people think to figure out your e-mail by leonmergen · · Score: 4, Insightful

    Really, if all you want is your customers or prospects be able to reach you through a website, got yourself a contact form.. No way for a harvester to get your email address that way, and people usually don't mind filling in a contact form.. if you obligate your customers to "think" as you suggest, you're risking losing potential custemrs which is simply not worth it. Besides, it makes you look very unprofessional.

    --
    - Leon Mergen
    http://www.solatis.com
  3. Simply put the address in clear text by Colin+Smith · · Score: 4, Insightful

    With a mailto URL and deal with the resulting spam at the mail level, the cost of doing so is less than the cost of alienating potential customers.

    However, on a personal site, images.

    --
    Deleted
  4. Publish your email address. by gvc · · Score: 3, Insightful

    gvcormac@uwaterloo.ca -- Bring it on!

    Seriously, if we cower in fear, the spammers win. Obfuscating, Turing tests, whatever show fear.

    1. Re:Publish your email address. by wayne · · Score: 3, Insightful

      Seriously, if we cower in fear, the spammers win.

      Indeed. I have noticed that almost everyone who is involved with stopping spam does not munge or hide their email addresses. Julian Haight is the only person that I can think off of-hand that does not publish his email address.

      I've been publishing my email address since the late 80s, I'm not going to start hiding it now.

      --
      SPF support for most open source mail servers can be found at libspf2.
  5. Re:Make people think to figure out your e-mail by Ucklak · · Score: 4, Insightful

    You should have a hidden field with no value and make sure it returns no value.
    Bots tend to populate all form fields.

    That would be the easiest step.
    You could go a step further by having a text field that is hidden by a style="display: none;" and make sure that is empty as well.

    --
    if you steal from one source, that is plagiarism, if you steal from many, well, that's just research.
  6. Re:Make people think to figure out your e-mail by Compuser · · Score: 3, Insightful

    Two distinctions:

    1. The forms usually ask for your name, address, and other stuff.
    I have never seen an admin restrict themselves to just asking for your email.
    It's very typically set up along the lines of: tell us about yourself and we will
    respond.

    2. Your submission does not get copied to your "sent" folder so you forget you ever
    communicated with the company. I like to keep a record.

  7. Re:Make people think to figure out your e-mail by MightyYar · · Score: 3, Insightful

    As someone pointed out in that topic, make sure you don't make it impossible to use with a screen reader... blind people aren't necessarily spammers! :)

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  8. How my Host does it by sirgoran · · Score: 3, Insightful

    They use "sender verify" on the mail server.

    When the mail server gets an incoming email, it sends a request back to the "sending" email server listed in the headers. Since most spam is sent with falsified headers, the reply from the "sending" email server will respond that no mail was sent. Then my host mail server simply dev/nulls the spam. In the case of real mail, the sending server responds that it did indeed send the mail and my host then delivers it.

    The only troubles I've run into are servers that don't support "sender verify". If the email doesn't get a verification message, its returned to the sender. Oddly enough, of the servers I've found that don't support "sender verify" they have been IIS servers. While there are still other IIS servers that do support it, I find it interesting that most of the servers not running IIS seem to have this feature turned on.

    The nice thing about it is 90% of the spam never reaches a mailbox, and the filters from Spam Assassin catch the rest. This also removes the image only spam.

    -Goran

    --
    Carpe Scrotum - The only way to deal with your competition.
  9. Re:Make people think to figure out your e-mail by secolactico · · Score: 3, Insightful

    Problem with captchas is the accessibility issue. People using screen readers and the like (visually impaired) won't be able to contact you using the form.

    --
    No sig
  10. Re:Make people think to figure out your e-mail by m-wielgo · · Score: 3, Insightful

    confuse bots, and confuse the hell out of people at the same time. I seriously have no idea what address that is supposed to be.