This is Interesting: Free Magazines for Graphics designers and webmasters  


Home > Archive > Dreamweaver > August 2004 > Fighting Spam





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Fighting Spam
Dax Arroway

2004-08-07, 11:14 pm

I'm wondering if anyone has any thoughts on this. I am the administrator of a
pretty popular site and we have a page of contacts for portions of our group,
thinks like membership, treasurer, webmaster, and the like. The contact page
lists the email address for these departments (webmaster@ourdomain.com) that
are also email links. We've noticed an increasing amount of spam coming from
addresses that are posted on these pages. My guess is that there are email
harvester programs that crawl the web in search of email addresses to include
in lists sold to spammers.

I've been pondering ways of stopping this from happening and I was wondering
if anyone had any ideas about this. One idea I had was to not post the
addresses with their corresponding links and just use plain text, but I'm not
sure if crawler programs are just looking for email links or plain text email
addresses. Another idea I had was to use an image file with the address
written on it. That might might work, however, I'd alienate anyone who
couldn't see the image. Of course I could use alt text for the image but if
crawlers are simply looking for addresses in plain text form, this would be
defeating my purpose. Other that these ideas, I'm drawing blanks.

Does anyone have any other ideas? And/Or does anyone out there know if the
ideas I've explained above would even work?

Thanks in advance,
Dax Arroway

Kramer

2004-08-08, 4:14 am

Dax Arroway wrote in message
> I'm wondering if anyone has any thoughts on this. I am the administrator
of a
> pretty popular site and we have a page of contacts for portions of our
group,
> thinks like membership, treasurer, webmaster, and the like. The contact
page
> lists the email address for these departments (webmaster@ourdomain.com)
that
> are also email links. We've noticed an increasing amount of spam coming
from
> addresses that are posted on these pages. My guess is that there are
email
> harvester programs that crawl the web in search of email addresses to
include
> in lists sold to spammers.
>
> I've been pondering ways of stopping this from happening and I was
wondering
> if anyone had any ideas about this. One idea I had was to not post the
> addresses with their corresponding links and just use plain text, but I'm
not
> sure if crawler programs are just looking for email links or plain text
email
> addresses. Another idea I had was to use an image file with the address
> written on it. That might might work, however, I'd alienate anyone who
> couldn't see the image. Of course I could use alt text for the image but
if
> crawlers are simply looking for addresses in plain text form, this would
be
> defeating my purpose. Other that these ideas, I'm drawing blanks.
>
> Does anyone have any other ideas? And/Or does anyone out there know if
the
> ideas I've explained above would even work?

I use an image file, I figure most can see the image no matter what browser
they use. Only trouble is they have to type the address into their mail
program by hand. I figure if they want to make contact that is a small
price to pay.

Best Regards, Kramer



John Gaver

2004-08-08, 4:14 am

On 8/7/04 9:52 PM, in article
BD3AFF8C.EF3%jgaEVERYver@ActionThingAmerica.org, "John Gaver"
<jgaEVERYver@ActionThingAmerica.org> wrote:

> Check out my page on email address obfuscation.
>
> http://www.ActionAmerica.org/huh/alphabet.html

I forgot to mention that you can also use comments to break up your email
address, like this:

myemail@mydomain.com

-- might become --

my<!-- nospam -->email@my<!-- nospam -->domain.com

Mixed with the methods that are described on the link that I posted, this
makes it even harder for the harvesters to make sense of an email address,
but most, if not all of the major email programs will decipher it correctly
and it will display correctly on all browsers.

Try it out. I hope that this helps.

John Gaver
Action America
(forget everything to contact me direct)

Microsoft: (n) Job security for IT consultants.

John Gaver

2004-08-08, 4:14 am

On 8/7/04 8:19 PM, in article cf3v37$ti$1@forums.macromedia.com, "Dax
Arroway" <webforumsuser@macromedia.com> wrote:

> I'm wondering if anyone has any thoughts on this. I am the administrator of a
> pretty popular site and we have a page of contacts for portions of our group,
> thinks like membership, treasurer, webmaster, and the like. The contact page
> lists the email address for these departments (webmaster@ourdomain.com) that
> are also email links. We've noticed an increasing amount of spam coming from
> addresses that are posted on these pages. My guess is that there are email
> harvester programs that crawl the web in search of email addresses to include
> in lists sold to spammers.

Check out my page on email address obfuscation.

http://www.ActionAmerica.org/huh/alphabet.html

Spammers may some day create harvesting programs that will defeat the
methods described on that page. It's really not that hard. But, they already
harvest more email addresses than they can possible use and the people who
have gone to the trouble of obfuscating their email addresses are much more
likely to have strong anti-spam software that will block their spam, anyway.
Some spam services actually advertise that their lists are composed
primarily of addresses that are not likely to have anti-spam filters. For
the same reason that thieves tend to avoid homes and cars that have alarms,
spammers have no reason to want the email address of someone who is likely
to have a good spam filter, when there are so many other easy marks out
there.

The best way though, is to have a form that calls a CGI script that mails
the data from the form to the intended recipient. If the address is properly
hidden in the CGI, it becomes almost impossible for the harvesters to find
it. But, as I said above, since they already gather more email addresses
than they could ever use, trying to defeat even simple methods of
obfuscation would not be cost effective.

BTW, if you are using a Mac, then you have access to the absolute best
anti-spam software available - SpamSieve

(http://www.c-command.com/spamsieve/index.shtml).

It is a Bayesian (statistical) filter that actually learns what you consider
spam and what you consider good email, so the longer you use it, the more
accurate it becomes. It also knows how to ignore such spammer tricks as
commented salt words and 1px font salt words. I have had it on my Macs for
over a year and it is uncanny, how accurate it is. If you decide to use it
and you are using Microsoft Entourage, as your mail program, then I would
suggest that you use "Bouncer" along with it.

http://www.versiontracker.com/dyn/moreinfo/macosx/12367

It sends a "550 error message (address not found) back to the originating
address, just as your ISP would do, if your address did not exist. Used
consistently, for many months, I have seen about a 40 to 50% drop in spam,
to the addresses where I used it. I now use it on all of my email addresses.

If you are using a PC and Outlook, then I would suggest iHateSpam.

http://www.sunbelt-software.com/product.cfm?id=930

It uses a service to update it's pattern block list, so it is not as
accurate as an anti-spam program based on a Bayesian filter. However, it has
a feature that allows you to send spam that got through, back to the
developer's server, where living breathing human type people will analyze it
and probably add a pattern to their blocked patterns, so it won't get past
iHateSpam again. They have a bounce feature inside their software, that
functions like Bouncer. It's very good (maybe 98% accurate). It's just that
Bayesian filters will eventually become 99.9?% accurate, as they learn what
you consider spam and good email.

The last I checked, there were several companies working on Bayesian spam
filters for the PC, but they were not available. When they become available
for the PC, if they are well written, they should leave iHateSpam in the
dust.

John Gaver
Action America
(forget everything to contact me direct)

Microsoft: (n) Job security for IT consultants.

Michael Fesser

2004-08-08, 4:14 am

.oO(John Gaver)

>The last I checked, there were several companies working on Bayesian spam
>filters for the PC, but they were not available. When they become available
>for the PC, if they are well written, they should leave iHateSpam in the
>dust.

SpamPal
http://www.spampal.org/

SpamPal Plugins
http://www.spampal.org/plugins.html

SpamPal Bayesian Filter
http://spampalbayes.sourceforge.net/

Works very well on my box.

Micha
Michael Fesser

2004-08-08, 4:14 am

.oO(Dax Arroway)

> I've been pondering ways of stopping this from happening and I was wondering
>if anyone had any ideas about this. One idea I had was to not post the
>addresses with their corresponding links and just use plain text, but I'm not
>sure if crawler programs are just looking for email links or plain text email
>addresses.

If the address is in the source code a bot can find it. Additionally
it's pretty useless to use (hexa)decimal character references for
"encoding".

> Does anyone have any other ideas? And/Or does anyone out there know if the
>ideas I've explained above would even work?

A simple form somewhere on the page with a checkbox the user has to
tick:

[ ] show mail addresses [submit]

Micha
David Hier

2004-08-08, 12:14 pm

If you follow John Graver's method, which seems to work pretty well, you
might want to try the following tool
to convert your email into Unicode:

http://www.pinnacledisplays.com/unicode-converter.htm


----- Original Message -----
From: Dax Arroway <webforumsuser@macromedia.com>
Newsgroups: macromedia.dreamweaver
Sent: Sunday, August 08, 2004 2:19 AM
Subject: Fighting Spam


> I'm wondering if anyone has any thoughts on this. I am the administrator
of a
> pretty popular site and we have a page of contacts for portions of our
group,
> thinks like membership, treasurer, webmaster, and the like. The contact
page
> lists the email address for these departments (webmaster@ourdomain.com)
that
> are also email links. We've noticed an increasing amount of spam coming
from
> addresses that are posted on these pages. My guess is that there are
email
> harvester programs that crawl the web in search of email addresses to
include
> in lists sold to spammers.
>
> I've been pondering ways of stopping this from happening and I was
wondering
> if anyone had any ideas about this. One idea I had was to not post the
> addresses with their corresponding links and just use plain text, but I'm
not
> sure if crawler programs are just looking for email links or plain text
email
> addresses. Another idea I had was to use an image file with the address
> written on it. That might might work, however, I'd alienate anyone who
> couldn't see the image. Of course I could use alt text for the image but
if
> crawlers are simply looking for addresses in plain text form, this would
be
> defeating my purpose. Other that these ideas, I'm drawing blanks.
>
> Does anyone have any other ideas? And/Or does anyone out there know if
the
> ideas I've explained above would even work?
>
> Thanks in advance,
> Dax Arroway
>



Sponsored Links


Copyright 2003 - 2008 forum4designers.com  Software forum  Computer Hardware reviews