display | more...

When I first got an email address, ten years ago or so, there was virtually no risk of getting any unsolicited email. Addresses were put in locations readable by other people who might be interested in sending you mail, and if they were, they did. AOL users got some unsolicited advertisements along with their "content", but we BBS and real-internet folks simply didn't see it.

Fast-forward to about 1995; the internet had gotten past Gore's Information Superhighway speeches and had just begun to blossom into the ten-percent-of-the-world hyperopolis we know today. Suddenly there were enough people present to buy enough stuff that business-persons the world over became interested in selling it to them. Bingo, the almost-free-to-all-involved service of electronic mail became the perfect vector for advertising said stuff to said people. And with so many email addresses in abundant plaintext on the world wide web, all it took was a hundred lines of perl to spider across it and compile an enormous list of addresses toward which to aim that vector.

Email users generally became tired of deleting ten bulk emails a day by 1996-ish, and decided to try for some damage control. The plan was to obfuscate their addresses in such a way that when added to a list, they would point to a nonexistent address, but when parsed by a human the real address could be easily divined. At first, adding a text string with the word "spam" somewhere in the address was a preferred strategy, and one that most email users could understand correctly at a glance. For example, here are some taken from slashdot.org:

lramsey@NoSpAm.student.umass.edu
ando@out-out-damn-spam.sympatico.ca
octrahedron@nOSPam.prodigy.net
stux@mactrix.0SPAM.com
... and so forth.

Bulk emailers turned out to have a response to this, namely, adding a single line of perl code that would handily remove any symbol with the word "spam" in it from the address. In response, slightly more complex removal-type obfuscations were developed:

vinn@REMOVETHIS.planetall.com
slashdot@@@anthonymclin...com
jonclegg@nospan.yahoo.com
mikeNO@SPAMkristopeit.com
yamcha666@h o t m a i l . com
... etcetera.

Any of which would seem to do a good job of blocking bots, as the naughty emailer can't just add filters to the script ad infinitum. Now, though, the creativity of the geek community, those who had been promiscuous with their addresses in the first place, was piqued -- and it can be a formidable thing. Now, wonderful variations rely on character substitution, text reversal, letter doubling, and even completing little algorithms to get the actual address. Some of these are almost (but not quite, yeah I know) artistic. A few are completely illegible until some real, dedicated thought is put to them:

bruce&perens,com
.moc.oohay. .ta. .elorpnepmul.
david AT iwancio2002 DOT org
cbair (at) dragonmagic (dot) net
slashdot@morp( )s ... et ('heu' in gap)
spoco2athotmaildotcom
{zib.ilpmis} {ta} {acire}
bailes_1j@_2big_3foot.com
dchase.hotmail@com
... you get the idea.

Of course, this goes far past the boundary of absurdity. What the emailers do any more is take anything that is in the "Email Address:" field on a webpage generated from a database as most are. Then, a secretary-type goes through the whole list, figuring out the heuristic and typing a real email address into another list that will be used for actual email. Or in other words, all of that expressive obfuscation is for naught.

The best strategy so far, which I rarely see employed even though it passes the human-reading-address test, is easy. First make up an addition to your address that looks as though it belongs there; that is, if you are bob@yahoo.com , become bob@usergroups.yahoo.com , or alice@ksu.edu turns into alicehopper@ksu.edu . Next, in the .sig file (or its functional equivalent) that is attached to the bottom of each of your posts, give the instructions on how to get your real address: remove "usergroups." from address or use "alice" not "alicehopper" respectively. Thus, to a script or secretary it looks like a perfectly valid address, and they would have to read the entire post to know it is not. Sadly, if people's wallets continue to be affected by unsolicited email, eventually it will become profitable to have somebody read the newsgroup in question and defeat this ploy as well...




Jetifi suggests, for webpages, making an image that is the text of your email address. Pretty smart.

Log in or register to write something here or to contact authors.