Can this be protected?

Hewitt Tech hewitt_tech at comcast.net
Mon Mar 29 15:21:01 EST 2004 

When I picked up this tool a while back it was free. Now the author wants
$10 for it (which seems reasonable).

-Alex

----- Original Message ----- 
From: "Hewitt Tech" <hewitt_tech at comcast.net>
To: "Greater NH Linux User Group" <discuss at gnhlug.org>
Sent: Monday, March 29, 2004 3:13 PM
Subject: Re: Can this be protected?


> There's a nice little tool located at: http://hixus.com that does a good
job
> of obfuscating an email address. It generates javascript that can be
> embedded in your web page. I have found that the scam artists seem to
> actually read email addresses and write them down or otherwise add them to
> their target lists but otherwise I don't seem to be getting much spam off
my
> web site. Recently though I've been getting email addresses to admin@ and
> others prefixed to my domain name...
>
> -Alex
>
>
> ----- Original Message ----- 
> From: <bscott at ntisys.com>
> To: "Greater NH Linux User Group" <discuss at gnhlug.org>
> Sent: Friday, March 26, 2004 12:12 PM
> Subject: Re: Can this be protected?
>
>
> > On Thu, 25 Mar 2004, at 3:05pm, coutu at snowy-owl.com wrote:
> > > Most spambots don't implement a full-blown javascript parser though.
:-)
> >
> >   Yet.
> >
> > On Thu, 25 Mar 2004, at 3:19pm, moon at lunarhub.com wrote:
> > > While it is not impossible by any means, it is IMHO unlikely that a
bot
> > > would be written to waste time trying to deconstruct such an
obfuscated
> > > address ...
> >
> >   Unlikely right now.  It will happen if everybody starts doing it.
Which
> > they will, if things continue on their present course.
> >
> >   Obfuscation is an arms race.  You obfuscate your address; the spammers
> > adapt; you add more obfuscation; the spammers adapt; etc.
> >
> >   Spam is best treated as a security problem (because it is).  The asset
> you
> > are trying to protect is your inbox.  The key to your inbox is your
email
> > address.  You must protect the key -- your email address.  The first
thing
> > you do, then, is to stop disclosing it.
> >
> >   That means you don't put it on a public web site for all to see.  When
> it
> > comes right down to it, even if you put an image with your email address
> in
> > it, the spammers could always just type it into their database manually.
> > So don't disclose it that way.
> >
> >   I recommend a web-form that submits information without ever
disclosing
> > your email address to the agent submitting the form.  As far as the
agent
> is
> > concerned, email is not involved -- it's pure HTML and HTTP.
Intelligence
> > on your web server (e.g., a CGI script) takes the submitted information
> and
> > does something with it.  It could simply email you a message.  Have the
> > submitter enter their email address, and you can reply if you want.
> >
> >   Going further, I can envision a system where the submitting agent
enters
> > their email address, the server mails them a confirmation email with a
> URL,
> > which they have to click on, before the system even notifies you that
> > someone is requesting contact.  That verifies that, at least at that
> moment
> > in time, the agent making contact has identified themselves.
> >
> > -- 
> > Ben Scott <bscott at ntisys.com>
> > | The opinions expressed in this message are those of the author and do
|
> > | not represent the views or policy of any other person or organization.
|
> > | All information is provided without warranty of any kind.
|
> >
> > _______________________________________________
> > gnhlug-discuss mailing list
> > gnhlug-discuss at mail.gnhlug.org
> > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
> >
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
>

More information about the gnhlug-discuss mailing list