E-mail address on webpage

David Mackenzie <dcm@tarbrax.freeserve.co.uk> wrote:

>Every so often, someone posts a method for obscuring their e-mail
>address on a webpage - normally to attempt to defeat spambots.
>
>These methods either rely on Javascript which is unreliable at best,
>or "encrypts" the characters to their HTML entities which shouldn't
>defeat even the simplest spambot.

Character references are surprisingly effective according to this study:
http://www.cdt.org/speech/spam/030319spamreport.shtml

Note that this email address harvester optionally uses IE, in that mode
it translates character references flawlessly:
http://www.mailutilities.com/aee/


Headless

Sam Hughes <me@privacy.net> wrote:

> A linked image would still have <a
> href="mailto:email@asdfsdfdf.com"> and </a> around the IMG tag, so
> that would do nothing.

Indeed, it would do nothing to help the user who needs the address e.g.
in order to use a special E-mail program (which has nothing to do with
Web browsers).

But it would naturally help spammers' robots get the address. After
all, mailto:... (in content or in attribute value) is a most obvious
candidate for E-mail address harvesting.

--
Yucca, http://www.cs.tut.fi/~jkorpela/
Pages about Web authoring: http://www.cs.tut.fi/~jkorpela/www.html

"Jukka K. Korpela" <jkorpela@cs.tut.fi> wrote in message
news:Xns93A3CEDC9CE34jkorpelacstutfi@193.229.0.31. ..
> "Freeserve" <thaynes@herfarm.freeserve.co.uk> wrote:
>
> > What about if your mail to link is a picture??? Does this fool the
> > spam bots?
>
> Well, it surely discriminates against blind people. This would be
> criminal in some civilized countries (like the UK) for public Web sites
> at least.
>
> I recently read an estimate (in a newspaper article that _favored_
> munging E-mail addresses) that an average user gets 6 or 7 spam
> messages daily. So it takes a few seconds a day to delete the spam. All
> those attempts to "fight against spam" by intentionally forging
> addresses surely cause more trouble than that.
>
> --
> Yucca, http://www.cs.tut.fi/~jkorpela/
> Pages about Web authoring: http://www.cs.tut.fi/~jkorpela/www.html
>
>
The problem is not only about receiving spam, but also the "stealing" of
addresses for the "from" field.
One of my clients got 500 return notifications in one day, obviously from a
mass mail out that someone had done using his address as the sender.
I am looking now for ways to avoid putting addresses on any new sites I
write to avoid this in the future.

cm

>The obfuscators no longer are a safe way to keep harvesters at bay.
>The only way is to use scripting. If your host has PHP capabilities, I can send
>you a PHP script that will show you how. You can also be modify it to work with
>ASP, if you'd like.
I'd be interested in receiving that, please.

>The only way is to use scripting. If your host has PHP capabilities, I can send
>you a PHP script that will show you how. You can also be modify it to work with
>ASP, if you'd like.

I'd be interested in receiving that, please.

Yoooooors,

Iain.

In article <nvbgfvckh0ihmrf0ce9la5vq84sckqa0ch@4ax.com>,
FatBlokeOnBikepins@pinsmother-truckers.co.uk says...
> >The only way is to use scripting. If your host has PHP capabilities, I can send
> >you a PHP script that will show you how. You can also be modify it to work with
> >ASP, if you'd like.
>
> I'd be interested in receiving that, please.

I already posted it...

[PHP CODE]
<?
// email.php
// usage:
//
// <A HREF="email.php?to=me&domain=mydomain.com">E-Mail Me</a>-->
//
//

if(!isset($_GET["to"]))
{
// $_GET["to"] = "info";
$to = "info";
}

if(!isset($_GET["domain"]))
{
// uncomment this to have it retrieve the domain
// from the URL.
//$_GET["domain"] = "mydomain.com";
$domain = "mydomain.com";
}

$email_address = $to."@".$domain;

// send email header to page
header ("Location: mailto:$email_address");
?>
[/PHP CODE]

In post <j8a4gv8l1vl1cj7206heh9jaajph58at5l@4ax.com>
Leslie said...
[spam]

> What really pisses me off, though, is the amount of hard core porn
> spams I'm getting. These aren't just text emails with a clickable
> link to "Pink City," but embedded pictures of oral ***, bestiality and
> other activities I don't care to view while enjoying my morning
> coffee.

if the email contains remote images as soon as you view the email you
may be confirming that your address is "live" you should turn off the
loading of remote images (and all scripting) or better yet
automatically delete from the server any emails but plain text to save
you having to download them in the first place.

> Then there are the emails that 'guarantee to increase my manhood to
> please ALL the women in my life.' Who the hell are they sending this
> crap to? I don't even have that body part!

i can get you a half dozen factory seconds for only $19.95 + P&H

--
brucie a. blackford. 02/July/2003 11:02:49 am kilo.
http://loser.brucies.com/

On Wed, 2 Jul 2003 11:08:43 +1000, brucie <brucie@loser.brucies.com>
wrote:


>> Then there are the emails that 'guarantee to increase my manhood to
>> please ALL the women in my life.' Who the hell are they sending this
>> crap to? I don't even have that body part!
>
>i can get you a half dozen factory seconds for only $19.95 + P&H

Nah, not interested in seconds, unless they're still sealed in their
original box. This implies, of course, that they've never been used.

Leslie

I just read through the thread, and I have a few thoughts.

On the account that I used for years and years, I now end up with
around 100 spam a day. Obviously, I had to stop using that e-mail.
No matter what I did, I could not get the spam to stop. Filtering
just didn't work - it just kept coming and coming. This, of course,
still causes strife because, since I used the address for years and
years, people still e-mail me there. So, I must still occasionally
sift through all that goddamn friggen spam. It really amazes me how
some people can e-mail me on the correct address one day... and the
very next day e-mail me at my old address. Brain fart or something?

My website e-mail gets about 2 spam a month. My "info@domain.com"
address gets spammed all the time.

I also may have come up with a decent and easy way to "hide" an e-mail
address.

I use a javascript trick to remove common markup and make it easier to
change multiple pages -

<script language="javascript" type="text/javascript"
src="filename.js"></script>

and in filename.js I write:

document.write('text HTML blah blah blah')

I have noticed that in doing this, that robots can't crawl the
javascript (to fix the linking problem, I have put a link to a site
map on the main page). Assuming that harvesting robots would work the
same as search engine robots - then the harvesting robots will never
be able to see the e-mail address if you put it in filename.js

So... what you could theoretically do is have this where you want your
e-mail:

<script language="javascript" type="text/javascript"
src="email.js"></script>

and put this in the email.js file:

document.write('<a href="mailto:me@domain.com">me@domain.com</a>')

and it would work... right? maybe?

Just an idea. Thought I'd throw it out there. I think I may just try
it now. Actually, I currently have my address as me(@)domain.com
'cause I figured anyone with any brain cells would realize to remove
the "( )" - but I think this javascript trick might just be better

Rob McAninch wrote:
> Jukka K. Korpela
> <news:Xns93A3CEDC9CE34jkorpelacstutfi@193.229.0.31 >:
>
>> "Freeserve" <thaynes@herfarm.freeserve.co.uk> wrote:
>>
>>> What about if your mail to link is a picture??? Does this
>>> fool the spam bots?
>>
>> Well, it surely discriminates against blind people.
>
> If you indeed intend it to be a mailto: link then you have to put
> the address in there.
>
>> I recently read an estimate (in a newspaper article that
>> _favored_ munging E-mail addresses) that an average user gets
>> 6 or 7 spam messages daily. So it takes a few seconds a day to
>> delete the spam. All those attempts to "fight against spam" by
>> intentionally forging addresses surely cause more trouble than
>> that.
>
> I probably get around 50 between two accounts each day - still
> doesn't take long to delete them.

OT ish but thought that it might bring a little joy - I have been the
defence witness for btopenworld in a case in which a company called cube80
were suing because BT had stopped their service after my spam complaints.
It's taken 6 months but yesterday, at Winchester Crown Court, the spammer's
case was thrown out - Yes!

The moral of the story - it is worth making those complaints to abuse@...
and good on BT for taking it seriously.

--
PeterMcC
If you feel that any of the above is incorrect,
inappropriate or offensive in any way,
please ignore it and accept my apologies.