GMail's filter is actually incredibly accurate, and if you periodically scan your spam for anything that shouldn't be in there, you've really got nothing to worry about.
I've only found three or four false positives in the five and a half years I've been with GMail.
When I used spam filtering I was receiving perhaps ten spams for every valid mail. This made it very difficult to scan my filtered mail. There was just so much of it.
After college I worked as a network administrator for a doctors office that dealt with pain medications. We constantly had problems with work mail going to the spam folder when it actually concerned drugs like Vicodin.
The salient point here is the email have to already be in the spam box. If Gmail already thinks it's spam AND it contains any of the keywords, then it gets trashed.
If you've reviewed the spam folder so closely you're certain you have no false positives, it may not be saving you any time. If you give it a more cursory review, then your claim is really, "I've never noticed a false positive."
I don't know, but I don't sweat it either. Anyone who is sending me super-important email has other ways of contacting me if they don't get a response. And in the case that they dont, a missed email still isn't the end of the world.
If you rely on business leads where the sender is also contacting competitors, those "others ways" won't always matter and you'll just miss the job. That's my concern.
That said, I openly list my email address online (and have with the same address for 12+ years) and have really average filtering that leaves me deleting spam that slips through and chasing down false positives.
matches text in an exemplar, it's worth checking out as a possible email address (assuming one is a low-down, good-for-nothing spammer)
Yours is no harder to pull out automatically than the examples in the original article, and the above regexp took me under 2 minutes to write and verify. It's not your "obfuscation" that's saving you, it's gmail's spam filtering.
My take on this: the benefit of filtering spam largely outweighs the downside of false positives (which, as far as I know, never happened to me and if it did, it probably wasn't that bad since I didn't notice). If someone really needs to contact me, the said person can message me on my various social profiles or simply call me.
I don't use gmail for anything that can't be missed. I periodically run a search in my work mail Spam folder for my first name - anything addressed to me will have Jacob in it, but the spam can't work it out from the address (jaldridge@).
Found one false positive in the last six months, and even that was a mailing list so didn't matter.
Me neither! One of the points I try to make at the end of post though is since gmail seems to stop all spam anyway, lets all just start using a nice readable email address on the internet.
A basic search also returns things like "XYZ(AT)gmail(DOT)com", "XYZ[at]gmail[dot]com" and xyz.at.gmail.dot.com . It returns everything, no matter how clever you think you are. And it's not that hard to write a regexp that replace this all into your actual email...
My gmail address is not fark.sam, but if it was you could still figure it out. Getting a regex to do that correctly would be a pain. As would replace the v with a n in avother@gmail address. Still my gmail account was getting spam before I started to use it. So I think simple spray and pray approaches will catch most people.
My experience shows that simple bots looking for mailto: links still work just fine. I doubt many spammers are going to go through the trouble of decoding even simple obfuscation.
There used to be a website where a guy actually tried different methods for posting an email address on the web and then measured the number of junk messages at each address. Wish I could remember where I saw it.
The trouble with these and some other solutions (like use of imgs), is that they aren't an option on something like linkedin.com or a forum where users can only post text!
Follow Postel's law and simply apply (ever cheaper) horsepower to filtering on the back-end + gray-listing & white-listing. This IS NOT rocket science people.
If one can write a regular expression to parse the "obfuscated" content, it's just one more rule in a markov validation chain in a data mining script.
I like that. I've been using "my.username at gmail" ... fairly close but I might switch to "of". As a bonus it might filter out humans you'd rather not converse with as well.
I haven't heard of any email harvesters getting around my Email Icon Generator (yes, it is the original!). Just enter your email and it gives you an image of your email address to link to.
41 comments
[ 57.0 ms ] story [ 1098 ms ] threadI've only found three or four false positives in the five and a half years I've been with GMail.
For instance: IF X email is in the spam folder AND contains any of the words (Cialis, Viagra, Rolex, etc...) -> Move it immediately to the trash.
This cuts down the number of emails that stay in my spam folder by a huge margin, and makes it much easier to check for false positives.
That being said, I no longer even bother checking. I've been with Gmail for 5 years and I've never had a false positive.
That being said, you still have a point.
That said, I openly list my email address online (and have with the same address for 12+ years) and have really average filtering that leaves me deleting spam that slips through and chasing down false positives.
aside: for poor man's obfuscation (like in my HN profile) I do jhl805atgmaildotcom ... my belief is that this is hard to extract automatically.
Yours is no harder to pull out automatically than the examples in the original article, and the above regexp took me under 2 minutes to write and verify. It's not your "obfuscation" that's saving you, it's gmail's spam filtering.
Found one false positive in the last six months, and even that was a mailing list so didn't matter.
Its pretty well established that “email AT domain DOT com” offers only marginal protection from spammers
And yet the 1.5 year experiment pointed out by eli indicates that this form of obfuscation is among the most effective ways to avoid spam:
http://techblog.tilllate.com/2008/07/20/ten-methods-to-obfus...
There used to be a website where a guy actually tried different methods for posting an email address on the web and then measured the number of junk messages at each address. Wish I could remember where I saw it.
A bit dated now, but using AT and DOT cut the spam to basically negligible levels.
http://74.125.153.132/search?hl=en&q=cache:http://varenh...
tl;dr: you can search 'AT gmail DOT com' on google
I think this technique has been doing by spammers for decades.
The best way to prevent email harvest bots is to use DOM+JS, something like
2. use id+mask@gmail.com or anything that can filter
3. something like this myemail_REMOVE_UNDERSCORE_AND_CAPITALIZED_TRAILING@gmail.com
Follow Postel's law and simply apply (ever cheaper) horsepower to filtering on the back-end + gray-listing & white-listing. This IS NOT rocket science people.
If one can write a regular expression to parse the "obfuscated" content, it's just one more rule in a markov validation chain in a data mining script.
"...Same as it ever was..."--The Talking Heads
This does have significant disadvantages, the worst being that users cannot cut and paste the address.
http://services.nexodyne.com/email/
More: <http://ascii-table.com/pronunciation-guide.php>;