Amiga.org
Amiga computer related discussion => General chat about Amiga topics => Topic started by: AmiKit on October 23, 2005, 05:01:55 PM
-
Hello!
How should I write my email address into website in order to prevent getting a spam?
Is this a safe way?
blabla (at) blabla.xx
:-?
-
To take it even further make the "." a "dot"
blabla (at) blabla dot xx
Unfortunately this will only foil some email address harvesting scripts/programs. It won't defeat the human element though.
-
@glwxxx
There is really no way to avoid getting spam. Once your address has been added to the spamlists, it will stay there forever.
The real solution is to use some good spam filter, such as spamassassin (http://www.spamassassin.org).
-
@Piru
I use my mail for one year without getting a single spam so far! Therefore I'd like to keep this status... Do you agree that blabla (at) blabla (dot) xx is safe?
-
@glwxxx
It really isn't. Harvesters are smart enough to convert such construct to '@' and '.'.
And anyway, at some point some friend or relative who you've exchanged email with will have a virus or other malware infection, and often the system is harvested for email addresses... So, the only way to stay totally spam free would be to never use the address at all.
-
Actually, I tried that. I started an account and never let anyone know about it. Three days later, I started getting spam. Spammers often use random addresses to see if the mails are bounced. If they're not, they keep spammin'.
-
Piru wrote:
Harvesters are smart enough to convert such construct to '@' and '.'.
Are you talking about "robotic" or human harvesters?
-
I use this:
http://www.wbwip.com/wbw/emailencoder.html
I've had an email address "encoded" in this fashion as a contact address for a relatively popular website for a couple years now. Not one spam to that address. It sure worked for me, anyway, although the other points about viruses and brute force spam in this thread still apply.
-
@Failure
wow, I'll test that... Thanks!
-
@glwxxx
Are you talking about "robotic" or human harvesters?
Robotic.
-
@Piru
And what do you think about the encoding mentioned above? Isn't it just a mattter of time when the robotic harvesters break this encoding?
-
I agree with piru's remark about a spamfilter, my ISP's spamfilter intercepts 99% of all the spam and I can't remember the last time I fished a real email message out of my spambox.
-
@glwxxx
I'd be surprised if the harvesters didn't try decoding the html encodings...
-
@whabang
Could fake bounce with a program? Don't know if it's better than ignore it or not.
@glwxxx
both..
A way to take it up a notch is to include "removethis" or "antispam" or other into the email adress, though even this is picket up and there's an increased risk of real mails accidently not reaching you.
Perhaps instead of using the word "dot" use something like "spot" or "dent" and same thing goes for "at"... could be a simple "át", "8", "a" or "AltGr2". There's an increased risk of this being harvested too if including a non word charracter beforeand/or after these "words instead of charracter" replacements (a simple space would probably help enough for most humans to dezifer something without bots picking up on it). Again there's an increased risk of real mails not reaching you though.
A thing bots surely look for are a row of letters ending with known top domains such as com, net etc. Perhaps adding a special charracter after the last letter or an axtra space in the topdoamin part of the email could help with this? Some goes for very known domains such as hotmail.
So: name removethis a dom ain dent co m'
Surely you would be able to dezifer the above and if you can it's likely that a bot will soon do that too... but it's also at least as likely that a not too computeroriented person wouldn't get it.
Conclusion... have to agree with Piru. Get a good antispam tool and add loads of intelligent (RegExp) filters to it, personaly I use Mailwasher and it easily filters my daily 30 spammails (of witch about 0.5% arent marked, about 15% of with I have to manually remove cause filters cant be to strong on single words alone while the rest is handled automaticly).
-
It's starting to get unreadable for humans, too. ;-)
Another good way is to make a picture with the letters in it. Use different fonts and capitalization, so it'll be too much work to harvest. If you save it as as JPEG with high compression (low quality option) it's nearly impossible to OCR. :lol:
IMHO it shouldn't be neccessary to filter for spam (chance of false positives and negatives) but instead block based on destination by the ISP. Our mail server uses various external SPAMBL, it's own black list (IP and host name pattern) and dial up detection (via host name) with extremely high success. With numerous 'burned' addresses we only get ~1-2% spam, and that only because the server's pattern matching capabilities are not (yet) good enough.
False positives (rare) are denied right away and the sender gets notified in nearly no time. Since we don't bounce, there are no overflowing outbound queues with invalid senders. :-)
-
@Zac67
IMHO it shouldn't be neccessary to filter for spam (chance of false positives and negatives) but instead block based on destination by the ISP. Our mail server uses various external SPAMBL, it's own black list (IP and host name pattern) and dial up detection (via host name) with extremely high success.
SpamAssassin has this aswell, btw.
Small example of SA content analysis:
Content analysis details: (27.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.0 TRADING_ALERT_5 BODY: Talks about shares
0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50%
[cf: 100]
0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?218.65.219.13>]
1.7 DNS_FROM_RFC_POST RBL: Envelope sender in postmaster.rfc-ignorant.org
1.6 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: gloriadj.com]
3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URIs: gloriadj.com]
4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: gloriadj.com]
2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: gloriadj.com]
4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: gloriadj.com]
-
Typing "user@domain.tld" as "user domain tld" is good too, as it doesn't contain any characters that the harvesters are looking for, while it's still human-readable.
Typing it backwards (dlt.niamod@resu) works fine as well, but takes a bit more effort for the human reader to get right.
The method used on Slashdot is probably fine too. Insert a random word (but not "REMOVE", "ANTISPAM" or similar) in the address, for example "user@domSNAILain.com", and after that write "remove invertebrate animal to e-mail me".
If you've got your own website, then either a CGI form, and/or your address written on a picture is best IMO. I don't think address harvesters bother with OCR detection on images -- for a spammer, that CPU time is probably better spent on harvesting another thousand "unprotected" addresses from people who don't make it clear that they're uninterested in spam and who aren't as likely to report your abuse.
If you make websites for the general computer-illiterate audience, then they NEED a clickable link (or a form). No obfuscation will work, no matter how obvious you make it. People are more clueless than you can imagine. Then the HTML entity encoding mentioned in this thread is probably better than nothing.
-
I was luck with userdonttrytospamme@domain_net for about a year,then they got me from somebodys virusinfected adressbook.
It´s impossible to avoid spam forever. Spammers should burn :madashell: