Obscuring Email Addresses Actually Works

By Kyle Dent
July 24, 2009 | Comments: 2

Last week ended the 6th Conference on Email and Anti-Spam in Mountain View, CA. There is interesting research being done on understanding spamming behavior to make the junk easier to detect. Technology Review magazine has an article, Catching Spammers in the Act, discussing some of the findings. I've always wondered if obscuring email addresses on web pages does any good, for example writing "bob at example dot com" instead of displaying the actual email address. It turns out it does (from the article):
Many end users protect themselves against e-mail harvesting using simple obfuscation techniques--for example, using "-at-" to replace the "@" symbol in an e-mail address. The researchers found that these methods frustrate current spam techniques surprisingly well.
The practice is so common, and it would be easy to detect variations, I just assumed it didn't do much. I'm partial to my own approach to hiding email addresses (http://www.seaglass.com/hideaddr-c.html) because browsers display it normally and mailto: links still work. I just hex encode every character in the address (both in the display and the mailto link), which the browser considers normal characters; they're just hex instead of decimal, but harvesters see as garbage (I hope). Apparently the worst thing to do is give your address as part of online registrations. Well-established sites seem to be okay but lesser known ones are risky. Your mother's admonition about not talking to strangers is still good advice.

You might also be interested in:

2 Comments

I prefer the css reversal method:

.email {
unicode-bidi:bidi-override;
direction: rtl;
}

It works quite well, though it doesn't work for links.

Reid's comments are a reflection of stupidity not insensitivity.

News Topics

Recommended for You

Got a Question?