There are proven methods for hiding email (and/or contact) addresses within picture and maybe generation from jscript. Never-the-less - do you think there is a way email addr. to be hidden (and still in clear text) from common regexs like the following:
$_ = q{mitpoet "@" mit.edu};
$_ =~ s/^([\w+-?\.?]+)\W*[\@|at]\W*([\w+-?\.?]+)/$1\@$2/i;
die $_,$/
#output: mitpoet@mit.edu
Yes, I can put const. strings like "REMOVE thIS @ ... " but this is not clear solution.I belive that any systemacic clear-text solution (such as writing the address in reverse or ddoouubblliinngg eevveerryy lleetteerr) will be recognized by email harvesing bots as soon as they get wide-spreaded, so you have to use creativity and keep finding out new ways if you want to hide an e-mail address.
A recent discussion regarding tricks for concealing your email address may be of interest for some additional tactics to consider. In truth, though, I have to agree with ambrus-the arms-race between concealing and harvesting email addresses is much like that between spamming and spam filtering, in that any time an effective tool comes out on one side, it ups the ante to the other side to develop an effective countermeasure, and there is no end in sight.
Hope that helps.
The mere fact that if you even spend a tiny bit of time hiding an address makes you no longer the low-hanging fruit. As long as a spammer can claim "we will deliver to 80 Million Addresses" which they got from simple scraping, there's no need to decode your entities.
On the mail receiving side, nearly everyone is doing some sort of anti-spam things now, so the spammers have to get more clever, and that indeed results in the arms race you describe.
Thus, just do something small. It's likely to be enough, for the conceivable future.
-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.
CountZero
"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law
Your best bet might be to pick an email address that contains special characters. For example, to parse user-id -at- domain.com, the harvester would need to keep some dashes, but remove otheres.
perl -le 'print map{printf"&#%03d;",ord}split//,$ARGV[0]' the@address.net
the@address.net
Any method of conveying information that can be understood by a person can be programmed to be understood by a bot (and many a person can't even understand without technological assistance.) Popularity of an evasive method will determine the efficacy of using a particular counter-method, so a (currently) novel method is the best (current) approach. Even the image generating, mangled-text methods are only a stopgap. Running is the only way to keep one step ahead of the spider.
This is the same essential problem with creating an effective DRM- if people can perceive information, they can create ways of harvesting and manipulating that information in new, useful, harmful, or generally unintended ways.
Context seems to me to the best method to seperate the people from the bots. But it's hard to appear official and obscure something using context... ewe (opposite of yes) Watt (
It finally got so bad, that the isp was wasting most of their processing power just filtering email, so they stopped using SpamAssassin and went to the "whitelist - verify-email required system".
It stopped the spam too, and probably is alot easier on their system.
If you are not on a whitelist. any mail is automatically responded too with a request for a human to respond". If no response is returned, the mail is deleted.
So in that system, if the spam harvesters get my email address, it dosn't matter, they need to respond before I see it. And they seldom do.
I'm not really a human, but I play one on earth. flash japh
they stopped using SpamAssassin and went to the "whitelist - verify-email required system".
And ISP just became an indirect spam reflector.
--MidLifeXis
Hopefully, one day, agreeing to receive spam will pay my monthly connection costs. :-) I can dream can't I?
I'm not really a human, but I play one on earth. flash japh
Don't take this as preachy. It is in no way intended to be.
Unfortunately this method shifts costs to uninvolved third parties. What happens in the case where everyone uses this method of "spam control"?
Let's assume that the typical user gets N spam messages / day. If each one of these messages has an innocent user's address as the "from" address, then N users will get a confirmation message from me.
Now, if we assume that the spammer is using the same list to fill the "from" and "to" addresses, then the same user should also get 10 confirmation messages.
The network load has now "doubled". If I need to see every confirmation message to ensure that I am not "missing" a message, I still have to check out N confirmation messages.
Let's change the distribution of from and to addresses to putting only user@example.com in the from address. Now all of the confirmation addresses are headed for that user's mailbox. Ouch.
There are some things that can make this better, but it requires things like verifying that the host sending you mail from a user is authorized to be done by every mail host on the net. Not very likely.
Since this is not SPAM-L or the like, this is probably not the place to get into a discussion of it, but I would recommend that if interested in this topic, to browse the SPAM-L archives or subscribe for a while. There are some very opinionated people on that list, but also some very respected people that know email, spam, filtering, blocking, and enforcement inside and out.
In summary, anything that is cost-shifting in nature is not good when applied to the entire net. If it is used for good or bad, it is still cost shifting.
Hopefully, one day, agreeing to receive spam will pay my monthly connection costs. :-) I can dream can't I?
*laugh* Yes, that would be nice. At $0.02 per message, that would be about 1000 messages / month (or 30 / day). I might be able to live with that. Much more than that, and it would become painful :).
--MidLifeXis
I don't know exactly what methods they use to determine the originating point of the email. Quite possibly they use some routing information, or the "reply-to" and not the "From" field. They must have some scheme to determine if the reply-to address exists, or if it corresponds with the routing.
They may have developed a system to address the issues which you raise. I'm sure if they are trying to avoid their spam problem, by increasing load on the backbone which they are hooked to, the managers of the backbone will let them know.
It seems that a few strategies are evolving, and being tested in real-time, to fight the spam problem.
I'm not really a human, but I play one on earth. flash japh
Run, don't walk, away from this ISP. Automatic verification messages are spam themselves and, similar to virus bounces, deserve nothing but derision. Adding to the spam problem by yourself spamming any poor slob who happens to have his email address placed into a spam-mail Reply-to header is not the way forward and will get you rightly spat at by clueful postmasters.
All dogma is stupid.
In their CPanel setup, they don't have any settings, but the whitelist, blacklist and keywords for their confirmation system.
I was getting 100 spams per day, but now none, and their CPanel logs only shows about 5 confirmation emails sent over a week's time. So.....I guess X-DefendMail must only send confirmation emails in a small number of "indeterminant cases".
To be honest I have no idea what they are doing, but my original point still stands, that obfuscating your email address will only have minimal impact on the amount of spam your get, for various reasons.
I'm not really a human, but I play one on earth. flash japh