Can this be protected?

bscott at ntisys.com bscott at ntisys.com
Fri Mar 26 12:13:01 EST 2004 

On Thu, 25 Mar 2004, at 3:05pm, coutu at snowy-owl.com wrote:
> Most spambots don't implement a full-blown javascript parser though. :-)

  Yet.

On Thu, 25 Mar 2004, at 3:19pm, moon at lunarhub.com wrote:
> While it is not impossible by any means, it is IMHO unlikely that a bot
> would be written to waste time trying to deconstruct such an obfuscated
> address ...

  Unlikely right now.  It will happen if everybody starts doing it.  Which
they will, if things continue on their present course.

  Obfuscation is an arms race.  You obfuscate your address; the spammers
adapt; you add more obfuscation; the spammers adapt; etc.

  Spam is best treated as a security problem (because it is).  The asset you
are trying to protect is your inbox.  The key to your inbox is your email
address.  You must protect the key -- your email address.  The first thing
you do, then, is to stop disclosing it.

  That means you don't put it on a public web site for all to see.  When it
comes right down to it, even if you put an image with your email address in
it, the spammers could always just type it into their database manually.  
So don't disclose it that way.

  I recommend a web-form that submits information without ever disclosing
your email address to the agent submitting the form.  As far as the agent is
concerned, email is not involved -- it's pure HTML and HTTP.  Intelligence
on your web server (e.g., a CGI script) takes the submitted information and
does something with it.  It could simply email you a message.  Have the
submitter enter their email address, and you can reply if you want.

  Going further, I can envision a system where the submitting agent enters
their email address, the server mails them a confirmation email with a URL,
which they have to click on, before the system even notifies you that
someone is requesting contact.  That verifies that, at least at that moment
in time, the agent making contact has identified themselves.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |

More information about the gnhlug-discuss mailing list