Alright, I'll bite. Yahoo what? com? fr? ca? co.uk? And if you add the TLD, then you're back at square one - a simple regex and you can grab the email easily.
If you are on a forum, you can link to a page with the Recatcha solution too (e.g. hosted for free on Github). You could combine it with a contact form too, and give visitors an option between the two.
Well, I'm not sure if the author is correct. I'm sure that the spammers use automated scripts and there also a lot of script kiddies, which just use the script without knowing how it works. I changed to ..[at].. [dot].. email notation a while ago and I received much less spam.
I'd to compare it to ssh on port 22. If you run it on the default port you will notice a lot of failed logins etc. If you change the port to e.g. 8756 you don't get any failed logins anymore, because the script doesn't scan and just use the default port.
But you still can't click on it, and if you copy it, it's backwards when you go to paste it. Well, unless your MUA is aware of rtl, then it looks fine until the email bounces (and the bounce falls into your spam filter).
Generating the email address in javascript is probably a better solution (and if you generate it early enough in page load you'll catch proxy browsers like Opera Mini as well).
This guy openly states that he's using GMail, and assumes that because he doesn't get much spam that everyone else won't either.
I've worked with proprietary products like Barracudas, and similar open source systems like MailScanner, and none of them have been as good at stopping spam and allowing legitimate messages as GMail.
So extrapolating out his sample size of one to the entire internet is a bit of a stretch.
Further, he assumes that people running these scanners are doing regex type stuff to get these variations, when it's more likely that 99% of e-mail harvesters won't bother.
Spending the time to get those few amount of e-mails would not be worth the time, not to mention, the people that try to obscure their e-mail are probably the least likely people to buy viagra from some unsolicited e-mail.
I believe the purpose is just to make it harder (which, really, is the purpose of security in general).
Of course if a spammer wanted my email address there would be little I could do to stop them, but a script kiddie that just learned regex and does a preliminary `wget | grep` won't notice my slightly obfuscated address missing from the list of billions of low hanging fruit.
While I certainly see your rationale for not "break[ing] the internet," there are sometimes more important things than usability. If someone can't be bothered to retype my non-mailto-ified email address, chances are high I'm better off not being bothered by their email.
"If someone can't be bothered to retype my non-mailto-ified email address, chances are high I'm better off not being bothered by their email."
This. It is less to do with me worrying about spam as much as it is me adding an extra layer between myself and people that mass-email myself and others about employment opportunities, etc. If they really like my work and want to talk, they won't have an issue typing it out.
I definitely agree with this on the desktop, but I wonder if it's still true when folks try to contact you via mobile and they can't keep the browser window open for reference while entering your address in their email client.
I think the problem is that you also make legitimate use harder, like copy-pasteing an email address from a web page.
In fact I think this applies to security in general. You need to balance the costs and the benefits. Usually in matters like this benefits seem to be implicitly overestimated and costs underestimated, and people just get used to living in the worsened conditions.
It's probably because you can't really see the benefits, so you just imagine them to be there. And you imagine them to be larger than the costs, which you can easily downplay (by saying people shouldn't be so lazy, etc).
I think this kind of thinking is bad and I don't think we should voluntarily make our own lives worse in every possible opportunity we get.
14 comments
[ 475 ms ] story [ 460 ms ] threadIf you are on a forum, you can link to a page with the Recatcha solution too (e.g. hosted for free on Github). You could combine it with a contact form too, and give visitors an option between the two.
I'd to compare it to ssh on port 22. If you run it on the default port you will notice a lot of failed logins etc. If you change the port to e.g. 8756 you don't get any failed logins anymore, because the script doesn't scan and just use the default port.
<span class='reverse'>moc.liamg@liame.my</span>
.reverse { direction: rtl; unicode-bidi: bidi-override; }
Generating the email address in javascript is probably a better solution (and if you generate it early enough in page load you'll catch proxy browsers like Opera Mini as well).
I've worked with proprietary products like Barracudas, and similar open source systems like MailScanner, and none of them have been as good at stopping spam and allowing legitimate messages as GMail.
So extrapolating out his sample size of one to the entire internet is a bit of a stretch.
Further, he assumes that people running these scanners are doing regex type stuff to get these variations, when it's more likely that 99% of e-mail harvesters won't bother.
Spending the time to get those few amount of e-mails would not be worth the time, not to mention, the people that try to obscure their e-mail are probably the least likely people to buy viagra from some unsolicited e-mail.
Of course if a spammer wanted my email address there would be little I could do to stop them, but a script kiddie that just learned regex and does a preliminary `wget | grep` won't notice my slightly obfuscated address missing from the list of billions of low hanging fruit.
While I certainly see your rationale for not "break[ing] the internet," there are sometimes more important things than usability. If someone can't be bothered to retype my non-mailto-ified email address, chances are high I'm better off not being bothered by their email.
This. It is less to do with me worrying about spam as much as it is me adding an extra layer between myself and people that mass-email myself and others about employment opportunities, etc. If they really like my work and want to talk, they won't have an issue typing it out.
In fact I think this applies to security in general. You need to balance the costs and the benefits. Usually in matters like this benefits seem to be implicitly overestimated and costs underestimated, and people just get used to living in the worsened conditions.
It's probably because you can't really see the benefits, so you just imagine them to be there. And you imagine them to be larger than the costs, which you can easily downplay (by saying people shouldn't be so lazy, etc).
I think this kind of thinking is bad and I don't think we should voluntarily make our own lives worse in every possible opportunity we get.
to email me, take off my pants... mypantsactualemail@yahoo.com
Probably not very effective but funny. :)