Ask HN: Why do HN users still obscure their e-mail addresses?
I've been noticing that just about everyone on HN uses some form of e-mail concealment (e.g. [myusername]@gmail.com), and I'm wondering why.
The fear of spam crawlers seems very 1997, especially if you're using a modern e-mail provider. I've had my e-mail address public and mailtod on multiple high-visibility sites for about 5 years now, and I can't remember the last spam e-mail I've gotten. Is this practice just a vestige of Internet-past, or is there some other reason I'm missing?
45 comments
[ 3.8 ms ] story [ 101 ms ] thread1) http://www.youtube.com/watch?v=O5s1jY1Nwl4
http://superuser.com/questions/235937/does-e-mail-address-ob...
The top answer links to a study done a few years ago that showed that revealing your email in plain text did result in increased spam, but I don't think the study went into how effectively that spam was handled by modern spam filters.
In my own person experience, I've had my email address on my HN profile, Twitter page, personal website, Stack Exchange profiles, etc for years without any problem. I do get the occasional rare piece of spam but I think that it's more than offset by providing a no-nonsense way for people to contact me.
By default it uses the JS method for a clickable link, but if someone doesn't have JS enabled it degrades to "Email: nick at this domain (For a clickable link, turn on javascript)".
It relies on the assumption that 'someone not using javascript' == 'someone computer-savvy enough to figure out what that means', but for the people that are likely to be reading my site, I think that's a pretty safe assumption to make.
[0] - http://nickknowlson.com/contact/
'someone not using javascript' == ('someone computer-savvy enough to figure out what that means' || crawler)?
If so, yes that's the point. I don't want to give crawlers my email address.
2. My pet theory is that the people making money out of spam are not the spammers, it is the people selling lists of email addresses. Hey, I just cut their total of email addresses by a vanishingly small fraction.
3. I lived through 1997. It wasn't pretty. Old habits die hard.
4. I consider my obfuscation to be the signature of a hacker. :-P
P.S. Your email is not visible in your information (the email entry in your account registration is not publicly visible, you have to put it in your "about" box to make it visible).
I've never gotten spam before (actually never, not once), until I put my email address-- obfuscated-- into HN. Now I get one every week or so (the horror!).
I guess the reason we obfuscate is the general horror that once your email address is in a list there is no way of getting it out, so it's better to be safe than sorry.
Was your first email address @gmail.com, or something?
Basically, I think I just didn't publish it raw anywhere, and I wasn't part of any user groups or anything that forces raw email addr publication.
I also have never got any viruses or anything like that either. I guess I'm cautious.
I have my Gmail account as a secondary, occasionally used address, and looking at it right now, of the 23 messages it displays "above the fold" in my inbox, 7 are spam.
Currently I don't see any false-positives in the Gmail 'spam' folder, but in the past, I've even seen legitimate messages from Google's own lists there (!).
It's not that my spam filters elsewhere are any better. But, at least they don't cause me to lose forever false positives that I neglect to notice within 30 days. And, there is a definite correlation between how much spam you get and how many places your naked address appears. So if you ever review your spam folder for false positives, that process is easier if you've bee protective of your address (and thus get less spam).
And I'm Joe@Gramicon.com. But I'd prefer gramicon.com/itsjoeco.
It seems there's a spammer who's latched onto my domain. They're sending out emails to thousands of people from <some random alphanumeric string>@<my domain>. Every email sent to my domain ends up in my inbox so I get all the bounces.
I've mitigated this somewhat by setting up SPF on my domain. I use Google Apps so this article was handy: http://support.google.com/a/bin/answer.py?hl=en&answer=1...
While I've trained Gmail to mark delivery status notifications as spam automatically, it's frustrating to go from maybe 5-10 real, actual emails a day and no spam at all to over ten thousand delivery status notifications a week (spammers have started using thousands of 8-character hex@domain combination addresses, and everything from my domain directs to me to catch real people I meet making typos).
I also sometimes worry that I may have to deal with some form of poorly-orchestrated vigilante retribution and/or potential blacklisting even though it's clear that the mail is not actually coming from me.
A "vigilante" confronted me on AIM, we chatted about it, and he's now one of my best friends.
Not that you want it happening, just an anecdote.
Perhaps I am deaf to the joke, but your email seems pretty trivially discoverable. The way you had phrased it, I went to your about page expecting a devious puzzle, and was disappointed.
The point is not that it is hard; the point is that even a very very low barrier to entry may weed out a surprisingly large number of unsuitable applicants.
Take a look here: http://leoreavidar.com/email.php
I get phone call solicitations, I think from posting my phone number on Craigslist. I thought about obscuring it, and then started thinking about how most of them are so easy to decode--so I tried it for fun. Filter parentheses, whitespace, change "six" to 6, etc. See if you end up with ten digits.
Phone numbers are easier than email addresses, but I was able to scrape 95%+ of them properly, and would have gotten higher with any real effort.
I'd post the code if I could find it. It was trivial.