Can this be protected?

Hewitt Tech hewitt_tech at comcast.net
Mon Mar 29 15:13:00 EST 2004 

There's a nice little tool located at: http://hixus.com that does a good job
of obfuscating an email address. It generates javascript that can be
embedded in your web page. I have found that the scam artists seem to
actually read email addresses and write them down or otherwise add them to
their target lists but otherwise I don't seem to be getting much spam off my
web site. Recently though I've been getting email addresses to admin@ and
others prefixed to my domain name...

-Alex


----- Original Message ----- 
From: <bscott at ntisys.com>
To: "Greater NH Linux User Group" <discuss at gnhlug.org>
Sent: Friday, March 26, 2004 12:12 PM
Subject: Re: Can this be protected?


> On Thu, 25 Mar 2004, at 3:05pm, coutu at snowy-owl.com wrote:
> > Most spambots don't implement a full-blown javascript parser though. :-)
>
>   Yet.
>
> On Thu, 25 Mar 2004, at 3:19pm, moon at lunarhub.com wrote:
> > While it is not impossible by any means, it is IMHO unlikely that a bot
> > would be written to waste time trying to deconstruct such an obfuscated
> > address ...
>
>   Unlikely right now.  It will happen if everybody starts doing it.  Which
> they will, if things continue on their present course.
>
>   Obfuscation is an arms race.  You obfuscate your address; the spammers
> adapt; you add more obfuscation; the spammers adapt; etc.
>
>   Spam is best treated as a security problem (because it is).  The asset
you
> are trying to protect is your inbox.  The key to your inbox is your email
> address.  You must protect the key -- your email address.  The first thing
> you do, then, is to stop disclosing it.
>
>   That means you don't put it on a public web site for all to see.  When
it
> comes right down to it, even if you put an image with your email address
in
> it, the spammers could always just type it into their database manually.
> So don't disclose it that way.
>
>   I recommend a web-form that submits information without ever disclosing
> your email address to the agent submitting the form.  As far as the agent
is
> concerned, email is not involved -- it's pure HTML and HTTP.  Intelligence
> on your web server (e.g., a CGI script) takes the submitted information
and
> does something with it.  It could simply email you a message.  Have the
> submitter enter their email address, and you can reply if you want.
>
>   Going further, I can envision a system where the submitting agent enters
> their email address, the server mails them a confirmation email with a
URL,
> which they have to click on, before the system even notifies you that
> someone is requesting contact.  That verifies that, at least at that
moment
> in time, the agent making contact has identified themselves.
>
> -- 
> Ben Scott <bscott at ntisys.com>
> | The opinions expressed in this message are those of the author and do  |
> | not represent the views or policy of any other person or organization. |
> | All information is provided without warranty of any kind.              |
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
>

More information about the gnhlug-discuss mailing list