Re: [Declude.JunkMail] Email addresses on a company webpage?
Dan, The best practice is to advertise generic addresses, and don't subscribe such addresses to anything. Then you know that harvested addresses will likely be those on your site, and you can weight them higher, or fail on a lower score, whichever. At least that's what I do. I also recommend the same practice for domain name registrations...generics only. So a car dealership might have sales@, service@, bodyshop@, financing@, etc., but those would just be aliases pointing back to named accounts like [EMAIL PROTECTED] jsmith should also be the account that is subscribed to newsletters or used for ecommerce, not service@, etc. I see my customers doing stupid things like signing up for contests as their generic addresses. That floodgate will never close. When you list addresses on Web sites, generic or not, obfuscate them using HTML and/or URL encoding. Address harvesters don't take the time to unencode such things. Mix techniques if you want to be real safe. I doubt they would waste the time to modify their code seeing as how many addresses aren't obfuscated. This is something that I'm going to start practicing myself from now on. Using forms is also a good idea in many cases, especially for non-sales related things, like support for instance. You don't have to advertise an address in that event. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Email addresses on a company webpage?
I manage both our public sites and our mail server, so I've consistent direct evidence of this harvesting. The quick workaround is to use JavaScript to display the addresses. Most bots won't bother to figure it out. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dan Spangenberg Sent: Monday, September 15, 2003 1:17 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Email addresses on a company webpage? I've been reading the recent threads and someone mentioned it a bad idea to post employee email addresses on their company webpage because of spammers or bots harvesting them. Isn't this a little bit paranoid or am I just naive? Isn't it a pretty common practice for a company to list emails addresses on their webpage, at least for sales and service individuals? I see many smaller companies doing this. Maybe they just take the risk and manage the spam when it comes in, or change specific addresses if the spam gets too bad. Any alternatives to doing this? How do they get the info to their customers if it isn't listed on the webpage? Dan Spangenberg --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Email addresses on a company webpage?
We're not a very big company - about 35 employees. I created an account for a new employee who wasn't due to start for 5 days and added his e-mail address to the company directory on our web site. In keeping with the insert expletive here corporate policy, the directory listings are not obfuscated (please don't ask why, it's lame). By the time the employee started and was in orientation with me to go over company applications the following week, he had already recv'd 9 spam messages (with many more blocked by Declude). So, conveniently it was a good time to go over Outlook's filters capabilities too. Spams for Viagra and it's ilk have become the most annoying, most frequent complaint - even over the porn, beastiality, and Nigerian money scams. Anyway, enough of that tangent - the point is, bot traffic to our dinky lil ol' site is constant and we are harvested frequently. If you post your contacts, consider if they really have to be hot mailto tags, or could they at least be obfuscated. Just my 2 cents. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dan Spangenberg Sent: Monday, September 15, 2003 1:17 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Email addresses on a company webpage? I've been reading the recent threads and someone mentioned it a bad idea to post employee email addresses on their company webpage because of spammers or bots harvesting them. Isn't this a little bit paranoid or am I just naive? Isn't it a pretty common practice for a company to list emails addresses on their webpage, at least for sales and service individuals? I see many smaller companies doing this. Maybe they just take the risk and manage the spam when it comes in, or change specific addresses if the spam gets too bad. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Email addresses on a company webpage?
With all this talk of email addresses on web pages... What is the best way to obfuscate them? HTML (how is this done?)? Java (how is this done?)? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Sean Fahey Sent: Monday, September 15, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Email addresses on a company webpage? We're not a very big company - about 35 employees. I created an account for a new employee who wasn't due to start for 5 days and added his e-mail address to the company directory on our web site. In keeping with the insert expletive here corporate policy, the directory listings are not obfuscated (please don't ask why, it's lame). By the time the employee started and was in orientation with me to go over company applications the following week, he had already recv'd 9 spam messages (with many more blocked by Declude). So, conveniently it was a good time to go over Outlook's filters capabilities too. Spams for Viagra and it's ilk have become the most annoying, most frequent complaint - even over the porn, beastiality, and Nigerian money scams. Anyway, enough of that tangent - the point is, bot traffic to our dinky lil ol' site is constant and we are harvested frequently. If you post your contacts, consider if they really have to be hot mailto tags, or could they at least be obfuscated. Just my 2 cents. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dan Spangenberg Sent: Monday, September 15, 2003 1:17 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Email addresses on a company webpage? I've been reading the recent threads and someone mentioned it a bad idea to post employee email addresses on their company webpage because of spammers or bots harvesting them. Isn't this a little bit paranoid or am I just naive? Isn't it a pretty common practice for a company to list emails addresses on their webpage, at least for sales and service individuals? I see many smaller companies doing this. Maybe they just take the risk and manage the spam when it comes in, or change specific addresses if the spam gets too bad. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Email addresses on a company webpage?
Generally speaking, what are the bots looking for? Only mailto:'s? Or are they smart enough to use a regex search and find any text of the form [EMAIL PROTECTED]? Jason Wolfe Lead Developer Netcomm, Inc. http://www.netcomm.com (859) 224-4124 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Email addresses on a company webpage?
Generally speaking, what are the bots looking for? Only mailto:'s? Or are they smart enough to use a regex search and find any text of the form [EMAIL PROTECTED]? Sobig.F uses regexp to find addresses on cached web pages, so I would not be surprised if tools spammers use to harvest addresses would do the same. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Email addresses on a company webpage?
Example... SCRIPT LANGUAGE=JavaScript TYPE=text/javascript !-- // var grabthis = username; var andthis = domain.com; document.write(A HREF= + mail + to: + grabthis + @ + andthis + + grabthis + @ + andthis + /A) // -- /SCRIPT Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] Voice: (816) 801-5200 Fax: (816) 880-4776 Toll-free: (800) 525-1101 CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Todd Holt Sent: Monday, September 15, 2003 2:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Email addresses on a company webpage? With all this talk of email addresses on web pages... What is the best way to obfuscate them? HTML (how is this done?)? Java (how is this done?)? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Sean Fahey Sent: Monday, September 15, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Email addresses on a company webpage? We're not a very big company - about 35 employees. I created an account for a new employee who wasn't due to start for 5 days and added his e-mail address to the company directory on our web site. In keeping with the insert expletive here corporate policy, the directory listings are not obfuscated (please don't ask why, it's lame). By the time the employee started and was in orientation with me to go over company applications the following week, he had already recv'd 9 spam messages (with many more blocked by Declude). So, conveniently it was a good time to go over Outlook's filters capabilities too. Spams for Viagra and it's ilk have become the most annoying, most frequent complaint - even over the porn, beastiality, and Nigerian money scams. Anyway, enough of that tangent - the point is, bot traffic to our dinky lil ol' site is constant and we are harvested frequently. If you post your contacts, consider if they really have to be hot mailto tags, or could they at least be obfuscated. Just my 2 cents. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dan Spangenberg Sent: Monday, September 15, 2003 1:17 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Email addresses on a company webpage? I've been reading the recent threads and someone mentioned it a bad idea to post employee email addresses on their company webpage because of spammers or bots harvesting them. Isn't this a little bit paranoid or am I just naive? Isn't it a pretty common practice for a company to list emails addresses on their webpage, at least for sales and service individuals? I see many smaller companies doing this. Maybe they just take the risk and manage the spam when it comes in, or change specific addresses if the spam gets too bad. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Email addresses on a company webpage?
If you're a small company with 5 to 15 people, then it's not as bad as a company with hundreds of employees, or in the case of my client, thousands. Against our advice, they placed their entire directory online for convenience of their customers and it turned into a harvest festival for spammers. 90 days later their email system was nearly useless because of the volume of spam. Some employees were receiving over 1000 emails between the time they left work and the time they arrived in the morning. Then they tell us it's our problem to fix because it's our mail sever. (We charge per-mailbox, so we really don't mind if we have to fix their problems.) Whatever email address you put on a web page should be generic, such as sales@ info@ support@ and so forth, and point those to the persons responsible. That way the employee-to-employee email stays clean. Besides, it's easier to rotate a generic email address through a department. And instruct employees to not use their company email addresses to send e-greetings or subscribe to newsletters. I've been reading the recent threads and someone mentioned it a bad idea to post employee email addresses on their company webpage because of spammers or bots harvesting them. Isn't this a little bit paranoid or am I just naive? Isn't it a pretty --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.