Comments on: Obfuscate email, but make your self email-able

By: Jack F

Jack F — Wed, 23 Dec 2009 15:19:02 +0000

@jestep

WordPress can also use privatedaddy to automatically obfuscate email addresses on their web sites. A plain-HTML (non-WP) version is also available at http://www.privatedaddy.com/ . Both are free. Why don’t you check it out?

By: Elton Hoxha

Elton Hoxha — Sun, 13 Sep 2009 17:02:44 +0000

Part 1
The first step I took was jumping on the other side of the river and think like a spammer. I started to search for software that does the harvesting of emails on the internet.
Using keywords such as “emails, harvest and extract” on Google and I ended up looking at hundreds of software listings, offering an easy way to attack unprotected emails in a few steps…
I picked up software, called EmailSpiderGold to test. Within a couple of hours I ended up in harvesting 15000 webmasters emails to use on my discretion.
Along the way I learned that, on the open are several ways to verify that those emails are active as the very developers also offer Email Verifiers which along many characteristics it checks the validity of recipient’s e-mails addresses by connecting to SMTP-servers and simulating the sending of a message and they work pretty smart too as they disconnect as soon as the mail server informs the program whether the address exists or not. On this conclusion we end up thinking that once the email is out there everyone can harvest it and use it without discretion for their own purpose.
Part 2
Solutions…
I came across to several solutions being offered to prevent the emails from harvesting campaigns. Amongst them I found some interesting ones using java scripts to obfuscate the coding on the page.
Strangely, I didnâ€™t come across with anyone using their own encryption to publish their email on the web page.
Their lack of confidence was the answer for me.
Accidentally I got in touch with an old time software developer that shared the same frustration named Peter Johansson; together we joined forces and experiences to develop a shield to the issue. Only recently we had a winner called ATG, an Anti-Spam Tag Generator with advanced features that hides the real address from robotic harvesters. We tested it and it has proved to work.

By: Jason Priem

Jason Priem — Tue, 19 May 2009 17:45:12 +0000

@Vladimir: This site offers some empirical data (although not addressing your specific quote), as does this one. Both are a bit out of date (especially the second), which is significant in the constantly evolving Spy vs. Spy of spam. And while these two rather informal studies to give some encouragement to obfuscation, I still say it's a bad idea. Entity encoding, as this post suggests, is the easiest thing in the world to "break." I made an that breaks this technique, as well as a variety of "foo[at] bar [dot] com" approaches; it took me a few hours. As for javascript, the post correctly points out that it's a bit of an accessibility/usability fail. Plus, there are plenty of ways to run JS on a server; it's only a matter of time before spammers catch on (here's a good example). More importantly, though, it's just bad form to spend time making information on your site harder to understand. The web is about making information public.

By: Vladimir Dzhuvinov

Vladimir Dzhuvinov — Sat, 14 Mar 2009 11:48:57 +0000

Well, what is the empirical evidence that “obfuscating script on your websiteâ€™s published email addresses can reduce the amount of email spam by 90% or more”?

By: Leafgreen

Leafgreen — Thu, 27 Nov 2008 22:45:31 +0000

This article is now obsolete regarding Flash. “Effectiveness” is no longer “Extremely Good” but ineffective. Google is now capable of indexing all flash text, and the email address in my Flash site is now visible in Google search results. Therefore, spam bots are not far behind, and there are scrape methods to gather email address from Google search results.

Leafgreen
Get your Gadgets at http://GadgetNation.net/store

By: Mike

Mike — Tue, 08 Jul 2008 01:27:19 +0000

Javascript and images can also be combined. For example you can place an image and then use JS to replace that image with a clickable mailto link that also allows the address to be selected and copied.

The only users who miss out then are those that have BOTH images and JS disabled.

By: SengHooi Dot Com

SengHooi Dot Com — Fri, 13 Jun 2008 03:54:29 +0000

I see a lot of people write their email in this way :
senghooi429[at]yahoo[dot]com.

I notice myspace and facebook will auto convert your email into this format.

So…its to preventing spam ?

By: Rich

Rich — Thu, 29 May 2008 00:07:33 +0000

@jestep: No need to worry about users not having javascript installed. Remember that you can use < noscript > tags to provide content for users that have disabled javascript. Then, you can provide an image (less usable, but very secure) or something like that. Check it out in action my site if you like:
http://featurific.com/node/23

By: Shopping Cart Software

Shopping Cart Software — Wed, 21 May 2008 15:23:15 +0000

This is actually a good idea. I might use this in my personal site aswell.

By: jestep

jestep — Tue, 20 May 2008 23:15:05 +0000

Flash is certainly a ridiculous method to obfuscate anything, but I included since I have seen it a few times. Javascript is probably safe nowadays since the vast majority of users have javascript enabled.