Why Am I Getting All This Email?

Mike Shumko () writes:
Here's an interesting study which shows how email addresses are harvested by spammers, and how to avoid it.

http://www.cdt.org/speech/spam/030319spamreport.shtml

It validates something you wrote in the newsletter some time ago, about obscuring email addresses using HTML numeric characters. E.g., e@d
[Ed: see below for details of this technique!]

The article is very useful and interesting. There are rumors that some spam harvesting software is smart enough to decode the encoded email addresses. Therefore, Mike suggests:

A while ago I switched to javascript to generate email addresses. E.g.,

<script language="JavaScript"> <!--
document.write ('<A HREF="mai')
document.write ('lto:mshumko')
document.write ('&#64;')
document.write ('shaw.ca">mshumko')
document.write ('&#64;')
document.write ('shaw.ca</A>')
// -->
</script>

Another article suggests the same trick as Mike used, with more explanation.

Fight Spam By Hiding Email Addresses

Would you like to keep your email address out of the hands of spammers? One way that spammers collect email addresses is to "mine" web pages, which are public. They have robot software that looks through every web page they can find, searching for patterns such as 
    email to bgreen@robelle.com
When they find a match they add it to their list of possible new email addresses.

A strategy to fight this is to "scramble" email addresses on your web pages (your own, plus other people that you mention), so that browsers can display the email address, but robot software will miss it.

A common and noticeable strategy is to insert spaces in your email address: 

     b g r e e n @ r o b e l l e . c o m

Another strategy is to stop using MAILTO links, since they are a clear signal that what follows is an email address: 

    <a href="mailto:bgreen@robelle.com">Email me</a>
Removing the Mailto link is not as much of a loss as you may think, since most people do not have their browsers configured properly to do email links.

A less common, more foolproof, and much more troublesome method is to convert the email address into a GIF graphic file:

However, there is another method that will slow down the spam robots, and is relatively painless. Convert the at-sign (@) and dot (.) into HTML Character Entities (&#64; means @ and &#46; means .): 

    bgreen&#64;robelle&#46;com
This displays as an email address in the browser window, but does not look like an email address when being scanned by the software.

Clever, but this wasn't my idea. I got it from SiteUp's Mailto Encoder. They have a form where you fill in your email address and they send you a thoroughly scrambled version of it. For example: 

    &#98;&#103;&#114;&#101;e&#110;&#64;r&#111;be&#108;le.&#99;o&#109;
actually means: 
    bgreen@robelle.com

It works as my email address and if you put it into a Mailto: link it works (if you put your cursor over the link, it even displays correctly). 

    <A HREF="mailto:&#98;&#103;&#114;&#101;e&#110;&#64;r&#111;be&#108;le.&#99;o&#109;">
    &#98;&#103;&#114;&#101;e&#110;&#64;r&#111;be&#108;le.&#99;o&#109;</A>

This looks like it should stop an ordinary spam robot sifting through my site, but perhaps the robots will be programmed smarter in the future. A never-ending battle....

Watch Out For Web Page Editors.

Mike Shumko of Robelle suggests we also beware of webpage authoring software that embeds your email address in the document's <head>. tags: E.g., <LINK rev=made href="mailto:mike.shumko@robelle.com"> Mike has seen this done by NoteTap and perhaps by FrontPage as well. It seems like one of those automatic features that programmers would add to a product, not realizing that perhaps we do not want our raw email address exposed on the web page.

bgreen@robelle.com