A recent discussion regarding tricks for concealing your email address may be of interest for some additional tactics to consider. In truth, though, I have to agree with ambrus-the arms-race between concealing and harvesting email addresses is much like that between spamming and spam filtering, in that any time an effective tool comes out on one side, it ups the ante to the other side to develop an effective countermeasure, and there is no end in sight.

Hope that helps.

However, there's something working in the anti-spam camp's favor as far as hiding email addresses.

The mere fact that if you even spend a tiny bit of time hiding an address makes you no longer the low-hanging fruit. As long as a spammer can claim "we will deliver to 80 Million Addresses" which they got from simple scraping, there's no need to decode your entities.

On the mail receiving side, nearly everyone is doing some sort of anti-spam things now, so the spammers have to get more clever, and that indeed results in the arms race you describe.

Thus, just do something small. It's likely to be enough, for the conceivable future.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

perl -le 'print map{printf"&#%03d;",ord}split//,$ARGV[0]' the@address.
+net

the@address&#04
+6;net
[download]

Any method of conveying information that can be understood by a person can be programmed to be understood by a bot (and many a person can't even understand without technological assistance.) Popularity of an evasive method will determine the efficacy of using a particular counter-method, so a (currently) novel method is the best (current) approach. Even the image generating, mangled-text methods are only a stopgap. Running is the only way to keep one step ahead of the spider.

This is the same essential problem with creating an effective DRM- if people can perceive information, they can create ways of harvesting and manipulating that information in new, useful, harmful, or generally unintended ways.

Context seems to me to the best method to seperate the people from the bots. But it's hard to appear official and obscure something using context... ewe (opposite of yes) Watt (<O><O> - s) (starts with joined 'nn', rhymes with green)? Any rule can be learned, avoid rules.

I belive that any systemacic clear-text solution (such as writing the address in reverse or ddoouubblliinngg eevveerryy lleetteerr) will be recognized by email harvesing bots as soon as they get wide-spreaded, so you have to use creativity and keep finding out new ways if you want to hide an e-mail address.

Simply changing methods once "they get wide-spreaded" is not good enough. Information tend to stay on the web for a long time, so if the methods ever get popular, the email address will become harvestable. One needs to find ways that will never become popular.

Your best bet might be to pick an email address that contains special characters. For example, to parse user-id -at- domain.com, the harvester would need to keep some dashes, but remove otheres.

It finally got so bad, that the isp was wasting most of their processing power just filtering email, so they stopped using SpamAssassin and went to the "whitelist - verify-email required system".

It stopped the spam too, and probably is alot easier on their system.

If you are not on a whitelist. any mail is automatically responded too with a request for a human to respond". If no response is returned, the mail is deleted.

So in that system, if the spam harvesters get my email address, it dosn't matter, they need to respond before I see it. And they seldom do.

Run, don't walk, away from this ISP. Automatic verification messages are spam themselves and, similar to virus bounces, deserve nothing but derision. Adding to the spam problem by yourself spamming any poor slob who happens to have his email address placed into a spam-mail Reply-to header is not the way forward and will get you rightfully spat at by clueful postmasters.


All dogma is stupid.

To be honest I don't know what they are doing. They were using SpamAssasin until a few weeks ago, then they stopped. Now they are using something called X-DefendMail.

In their CPanel setup, they don't have any settings, but the whitelist, blacklist and keywords for their confirmation system.

I was getting 100 spams per day, but now none, and their CPanel logs only shows about 5 confirmation emails sent over a week's time. So.....I guess X-DefendMail must only send confirmation emails in a small number of "indeterminant cases".

To be honest I have no idea what they are doing, but my original point still stands, that obfuscating your email address will only have minimal impact on the amount of spam your get, for various reasons.

---

I'm not really a human, but I play one on earth. flash japh

they stopped using SpamAssassin and went to the "whitelist - verify-email required system".

And ISP just became an indirect spam reflector.

--MidLifeXis

What else they can they do? They can't devote 70% of their cpu time to processing spam. They also can't just summarily dump emails into /dev/null. I see the "verify" system just the beginning of a "pay me if you want to send me spam" setup. Where spammers will start offering coupons and discounts if you accept their spam. I've even been hearing talk of "email stamps" where each email has to have a email stamp, and you would get a free quota per month. No stamp, no deliver.

Hopefully, one day, agreeing to receive spam will pay my monthly connection costs. :-) I can dream can't I?

---

I'm not really a human, but I play one on earth. flash japh