Best Method For Foiling Email Harvesters?

pjp6259 writes "One of the common ways that spammers generate email mailing lists is by harvesting email addressess from websites. But in many cases you also need to make it easy for your customers to reach you. I have found three common solutions to this problem: 1.) Use an image to replace your email address. 2.) Use ascii encodings for some/all of the characters. 3.) Use javascript to concatenate and/or obfuscate your email address. Which of these methods are most effective? Are email harvesters able to interpret javascript? What do you use?"

SpamGourmet.com

[gumpish]

SpamGourmet.com [spamgourmet.com]

Makes it trivially easy to create a unique forwarding address for any website you care to visit, then set the domain of that site as an exclusive sender for that address.

If a 3rd party starts spamming you at that address, Spam Gourmet just drops it, but continues to deliver relevant mail.

Oh, and it's completely free.

Re:Make people think to figure out your e-mail

[EvanED]

Coincidentally, there was an article [slashdot.org] just a few days ago on how to prevent spam to contact forms.

Exploit poor coding standards.

[patio11]

check+the+rfc+this+is+legal+but+nobody+codes+for+i t@yourdomain.com

Another method..

[catwh0re]

To get around spam issues I bought a cheap domain and use an included service to redirect all the email that gets sent to that domain to a single email address. (Most will offer this service for free.)

I then use separate email addresses for everything I sign up for. E.g. my bank email address is different from my health fund email address, which is different from my all of mp3 email address etc. I use a little code which isn't obvious(similar to a lookup table) to code each website into the username portion of the email address... That's why I'm a little annoyed at allofmp3.com at the moment, as I've supplied two email addresses to them on only two occassions, and both are huge spam recipients. So it's clear that not only does their financial arm sell my email address, but their online store does too.

This method is good for 2 reasons: It's very easy to direct all email from particular addresses straight to the trash should they become spam targets and secondly, it's very easy for me to figure out (such as the allofmp3.com case) who sold my email address to spammers and when.

Re:Make people think to figure out your e-mail

[bram]

I recently got a lot of spam through a contact form on one of my sites.

I added a checkbox which was checked by default saying "I'm a spammer" and a short explanation for people to uncheck it.
A couple of days later I started getting spam again.
Spammers aren't always stupid people (if you don't judge them by their actions).

Next thing was adding a captcha (from Free captchas [captchas.net]) and now I don't get any spam anymore. :)

Re:Fuck 'em!

[shawnmchorse]

My e-mail, my wife's, and the ex co-worker I share the server with all have our e-mail greylisted. I have it set up so that it skips the greylisting process if the e-mail server it receives mail from is properly listed using SPF [openspf.org], which helps make sure that e-mails from large entities (GMail for instance) are never delayed. Nonetheless, I'll hear occasional complaints from the wife when she signs up for an account at a new set of forums or something and doesn't receive her confirmation e-mail immediately.

I think it works best on an individual basis, really. You could let everyone in the domain know that there's an option available which would help cut down on spam but might occasionally delay e-mails. For some people this will be completely unacceptable, but others will jump at the chance to reduce spam.

Re:Make people think to figure out your e-mail

[Sillygates]

the best way is javascript. one can reassemble the full email link on a page without having to worry about spambots picking it up.
http://email.calpoly.edu/spam/HarvestingPreventi on.html (just happened to be at the top of google)

Another is tricky html tags... http://www.web-designz.com/tools/email_encoder.sht ml [web-designz.com]

Re:Javascript is evil and often broken

[5of0]

I agree, javascript is not a good thing. But it's not evil, and for simple things like e-mail concatenation, it'll work on pretty much anything. I once wrote a simple script to do this exact thing for a standard naming scheme (JohnS@yourdomain.com), that can be used for others, where ZOO represents your @yourdomain.com, and you can use ZING for @ if you want to do another address:

function DoEmail(Encoded) {
//Encoded e-mail is in the format nameZAPinitial[ZINGotherdomain.com|ZOO]
Encoded = Encoded.replace("ZAP","");
Encoded = Encoded.replace("ZING","@");
Encoded = Encoded.replace("ZOO","@yourdomain.com");
window.location = "mailto:" + Encoded;
}

Any e-mail links would point to the javascript function like so:
<a> href="javascript:DoEmail('JohnZAPSZOO')" alt="Remove underscores in the following e-mail: John_S_at_yourdomain_dot_com">John Smith</a> It works fine, and exactly like a mailto: link to the end user (except for statusbar stuff)

Re:Make people think to figure out your e-mail

[Jaruzel]

I've only ever seen it when I post as AC. I have Excellent Karma however, so it may also appear for lower karma dudes...

-Jar.