There are a couple of ways to test whether the scripts or programs that
spammers use to extract email addresses from web pages might be
succeeding at harvesting addresses from your own pages, even if you've
tried to protect those addresses via various means:
1. Use a variant of your email address that includes a legal but
unusual addition, such as the "plus tag" discussed at:
<http://en.wikipedia.org/wiki/E-mail_address#Plus_.28or_Minus.29_addressing>
First, send a message to an address containing that addition,
to make sure that your mail server (such as CalMail) can handle it
without problems, and that you see that addition in the header of
the message you receive, as well.
Then protect this email address on at least one of your top-level
pages in the same way that your other addresses are protected.
If you start receiving email that includes that variant form
of your address, then your protection method has likely
been compromised.
2. Get a 'disposable' email address, and place that address
on your web page(s), protected in the same way that your
other addresses are protected. You can obscure this
email address from most viewers by making its text color
the same as your web page background color.
If you start receiving email that goes through that
disposable address, then your protection method has likely
been compromised.
Here're a couple of lists of such services:
http://email.about.com/od/disposableemailservices/index.htm
http://www.tipmonkies.com/2005/10/04/disposable-e-mail-address-services
One suggestion: SpamGourmet, whose admin tools let you
see how many messages have been received at each of your
disposable addresses. (It's also possible to set up "real"
email accounts for this purpose at Yahoo!, MSN Hotmail, or
other such services.)
For a long time, the general "lore" has been that 'email extractor'
programs or scripts used by spammers to harvest email addresses that
appear anywhere on web pages - whether or not they appear in "mailto"
links, by the way - have rarely if ever grokked JavaScript. (Along
those lines, Marilyn, could you share your source that suggests that
recent spam increases have resulted, in part, from more sophisticated
harvesting tools?)
There are just too many harvestable addresses out there that aren't
protected at all, or are obscured using trivial means, and it is costly
- in terms of programming complexity and the time required to process
pages, including running every script on every web page in the hopes
that at least a few will yield harvestable email addresses - for a
spammer to even think about dealing with JavaScript.
It's possible that an email extractor program or script might try to
guess at the parts of an email address that is pieced together via a
plaintext JavaScript script on, or referenced from, a web page.
However, that too requires considerable effort and time on the spam
harvester's part, and there are too many potential variations in how
such a script might be written for this to be a straightforward task for
a spammer.
Until there is concrete evidence that a spam harvester is successfully
extracting email addresses from a JavaScript script on a campus web page
- evidence from tests similar to those suggested above, for instance -
it's probably a good idea to remain skeptical ...
Aron Roberts
Information Systems and Technology
(... in a cold-induced fog ...)
On Tue, November 14, 2006 13:18, Marilyn Saarni wrote:
> Hmm. Well, at $19.95 it would be worth it! Last thing I need is to
> feel guilty about propagating additional spam to the innocents whose
> emails are listed on my websites.
>
> However, I'm not seeing any current reviews online. Does anyone know
> somebody who is using it now?
>
> Maybe we all can compare notes??
>
> - Marilyn
>
>>I've noticed it too. I am considering using SpamVaccine, which will
>>encode all email addresses on a site with a javascript jumble of
>>numbers and symbols. This might work better than the javascript
>>you're using now since there's no text at all.
>>
>>Regards,
>>Aileen
>>
>>>Hi All -
>>>
>>>I have a favorite, easy-to-use javascript for email addresses on
>>>websites that I have used for years without issue. I happen to use
>>>it not only on the campus website that I manage, but also on a
>>>non-profit's website. That particular website's emails are
>>>actually aliases, so I get different information when that
>>>website's emails are forwarded.
>>>
>>>Well, the spambots seem to be breaking through my javascript, and
>>>forwarding garbage into these aliases--and in turn into my own
>>>mailbox.
>>>
>>>I suspect that this is probably true for the campus website
>>>javascript mailto: bits too, though I can't tell since there is no
>>>forwarding involved. I'm guessing that the "mailto:" code probably
>>>triggers the spambot software to run more sophisticated analysis of
>>>the javascript to pull out the email address (the javascript breaks
>>>up the email address into pieces in plain text, and then
>>>reassembles it for display).
>>>
>>>There has been news already about the 20% worldwide increase of
>>>spam over the last month due to these new spambots.
>>>
>>>Is anyone else having this problem? Any javascript mailto code
>>>others are using without increased spam?
>>>
>>>- Marilyn
>>>
>>>-----------------------------------------------------------------------
>>>The following was automatically added to this message by the list
>>> server:
>>>
>>>Webnet information is available at http://webnet.berkeley.edu.
>>>Email sent to this list is archived at
>>>http://ls.berkeley.edu/mail/webnet/ . This archive is open to the
>>>general public and browsable by search engine spiders,
>>>email-address harvesting robots, your bosses, etc.
>>
>>
>>--
>>Aileen 'Ellie' Paterson
>>Fellowships and Publications Coordinator
>>Doreen B. Townsend Center for the Humanities
>>510/643-7236
>
> -----------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> Webnet information is available at http://webnet.berkeley.edu. Email sent
> to this list is archived at http://ls.berkeley.edu/mail/webnet/ . This
> archive is open to the general public and browsable by search engine
> spiders, email-address harvesting robots, your bosses, etc.
>
-----------------------------------------------------------------------
The following was automatically added to this message by the list server:
Webnet information is available at http://webnet.berkeley.edu. Email sent to this list is archived at http://ls.berkeley.edu/mail/webnet/ . This archive is open to the general public and browsable by search engine spiders, email-address harvesting robots, your bosses, etc.
Received on Tue Nov 14 2006 - 15:36:22 PST
This archive was generated by hypermail 2.2.0 : Tue Nov 14 2006 - 15:36:22 PST