Re: [WSG] Anti-spam mailto encoders using Character Entity Evasion
Guys hate to rain on your parade but if your browser can understand that obfuscation what makes you think that a email address harvestor is not going to be able to? These guys are writing complex viruses that harvest email addresses directly from people's Outlook contact lists, surely they can understand a little javascript and work with character entities. Sorry but I think you are kidding yourselves. Obfuscation does not work, replacing @ with at or appending .spam does not work and makes it harder for dummy user to actually use the web, putting emails addresseses in images is anti-accessibility (unless of course you also put the email address in the alt tags). The best method of hiding email addresses is with a contact form, but even then you are losing out because you are forcing a user to contact you via their website (i.e. stopping them from writing down your email or adding it to their contacts and contacting you at leisure). Emails addresses should be public information (like phone numbers). Spam isn't going to be stopped by hiding email addresses, you've got to stop it on the way into your mail box. Cheers Mark * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help *
RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion
I have been using the obfuscation method for some time now, and while it may not totally eliminate spam harvesting, IMHO it certainly does slow the harvesting down. I have used the javascript method also, with the addition of a gif displaying the e-mail address for folks that have javascript disabled. I have found this to be effective also. Mark is quite correct when he says that complex e-mail harvesters will probably work around these methods, but it appears that most of the harvesting is done by very basic programs that are looking only for e-mail addresses stored in conventional format. Guys hate to rain on your parade but if your browser can understand that obfuscation what makes you think that a email address harvester is not going to be able to? These guys are writing complex viruses that harvest email addresses directly from people's Outlook contact lists, surely they can understand a little javascript and work with character entities. * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help *
Re: [WSG] Anti-spam mailto encoders using Character Entity Evasion
On 6/4/04 2:05 AM Mike Pepper [EMAIL PROTECTED] sent this out: There is no doubting professional harvesters will easily circumvent the obfuscation. This is a damage limitation exercise. In this war of attrition, any counter-measure is better than none. A 'What's the point attitude' is defeatist. This has little to do with developing to web standards, does it? Just pondering, Rick * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help *
RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion
Mark is quite correct when he says that complex e-mail harvesters will probably work around these methods, but it appears that most of the harvesting is done by very basic programs that are looking only for e-mail addresses stored in conventional format. Indeed, Alan, as I mentioned: However, any programmer worth his salt will simply run a recursive loop and trap for either ... There is no 'secure' format because if a browser can display it, a programmer can read it. But it'll keep the kids at bay :o) There is no doubting professional harvesters will easily circumvent the obfuscation. This is a damage limitation exercise. In this war of attrition, any counter-measure is better than none. A 'What's the point attitude' is defeatist. --- Mike Pepper Accessible Web Developer (with shares in Anadin) www.seowebsitepromotion.com --- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alan Harrison Sent: 04 June 2004 08:42 To: [EMAIL PROTECTED] Subject: RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion I have been using the obfuscation method for some time now, and while it may not totally eliminate spam harvesting, IMHO it certainly does slow the harvesting down. I have used the javascript method also, with the addition of a gif displaying the e-mail address for folks that have javascript disabled. I have found this to be effective also. Mark is quite correct when he says that complex e-mail harvesters will probably work around these methods, but it appears that most of the harvesting is done by very basic programs that are looking only for e-mail addresses stored in conventional format. Guys hate to rain on your parade but if your browser can understand that obfuscation what makes you think that a email address harvester is not going to be able to? These guys are writing complex viruses that harvest email addresses directly from people's Outlook contact lists, surely they can understand a little javascript and work with character entities. * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help * * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help *
Re: [WSG] Anti-spam mailto encoders using Character Entity Evasion
It does now... why not use the content: selector and set your email in there ;) Shame IE dont like Content: tho! * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help *
RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion
On Fri, 4 Jun 2004 17:41:32 +1000, Alan Harrison wrote: Mark is quite correct when he says that complex e-mail harvesters will probably work around these methods, but it appears that most of the harvesting is done by very basic programs that are looking only for e-mail addresses stored in conventional format. Assuming true intelligence on the part of a spammer is probably going too far, but it does occur to me that it is in the interests of spammers not to try too hard to collect addresses. By only collecting the most easily found addresses (ie the un-obfuscated ones) they: 1) still get many millions of addresses to use and 2) are less likely to reach the group that will report them. But that sort of thinking assumes sensible reasoning on the part of the spammer. :) FTR - I've had great success with minimising spam with simple replacement with character entities. Note that I also hide the 'mailto:' part. Lea -- Lea de Groot Elysian Systems - I Understand the Internet http://elysiansystems.com/ Web Design, Usability, Information Architecture, Search Engine Optimisation Brisbane, Australia * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help *
RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion
Jaime, Just use http://www.seowebsitepromotion.com/obfuscate_email.asp. Might prove useful and does it all for you, including complete mail-to strings. Mike Pepper Accessible Web Developer (with a headache because he's been on the system way too long) http://www.seowebsitepromotion.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jaime W Sent: 03 June 2004 19:35 To: [EMAIL PROTECTED] Subject: [WSG] Anti-spam mailto encoders using Character Entity Evasion Ermm another question List fellows. Hope you guys don't mind...4th question for the past 2 weeks. I am trying to use Character Entity Evasion for mailto encoding instead of JavaScript. At times it validates and at times it doesn't. Why? I have no idea. Example of Character Entity encoded email: Decode: [EMAIL PROTECTED] Encode: #116;#101;#115;#116;#64;#116;#101;#115;#116;#105;#110;#103;#46; #99;#111;#109; Those characters is making my xhtml 1.0 strict validation unhappy. May I know what alternatives do the rest of you use besides using JavaScript for encoding your e-mail? Contact Forms and '@ image method' or replacing '@' with 'at' method aside please. Thank you! Best Wishes, Jaime ... * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help * * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help *
RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion
Mike you are a gem! This tool generates codes that validates in XHTML 1.0 DTD Strict! Is helpful and great for lazy people like me lol. Tested it and it works great. Thank you thank you very much! By the way what is the differences between ISO and Hex Conversion? Which is more secure? I choose the default which is ISO Conversion. Best Wishes, Jaime ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Pepper Sent: Friday, 4 June 2004 3:17 AM To: [EMAIL PROTECTED] Subject: RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion Jaime, Just use http://www.seowebsitepromotion.com/obfuscate_email.asp. Might prove useful and does it all for you, including complete mail-to strings. Mike Pepper Accessible Web Developer (with a headache because he's been on the system way too long) http://www.seowebsitepromotion.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jaime W Sent: 03 June 2004 19:35 To: [EMAIL PROTECTED] Subject: [WSG] Anti-spam mailto encoders using Character Entity Evasion Ermm another question List fellows. Hope you guys don't mind...4th question for the past 2 weeks. I am trying to use Character Entity Evasion for mailto encoding instead of JavaScript. At times it validates and at times it doesn't. Why? I have no idea. Example of Character Entity encoded email: Decode: [EMAIL PROTECTED] Encode: #116;#101;#115;#116;#64;#116;#101;#115;#116;#105;#110;#103;#46; #99;#111;#109; Those characters is making my xhtml 1.0 strict validation unhappy. May I know what alternatives do the rest of you use besides using JavaScript for encoding your e-mail? Contact Forms and '@ image method' or replacing '@' with 'at' method aside please. Thank you! Best Wishes, Jaime ... * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help * * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help * * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help *
RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion
Jamie, Glad to be of some use. I'm an ardent anti-spammer and it was an initiative to thwart harvesters. I use mixed in an effort to confuse parsing aglos employed by poorly coded harvesters. However, any programmer worth his salt will simply run a recursive loop and trap for either ... Be warned, though: this can play merry hell with screen readers and other accessible text software unless they're properly setup to interpret these coded feeds. There is no real difference between the two formats; both are happily interpreted and rendered by contemporary browsers (even Lynx -- which is a bonus), although one is an internationally recognised standards format (ISO). There is no 'secure' format because if a browser can display it, a programmer can read it. But it'll keep the kids at bay :o) Cheers, Mike Pepper Accessible Web Developer (with shares in Anadin) www.seowebsitepromotion.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jaime W Sent: 03 June 2004 22:04 To: [EMAIL PROTECTED] Subject: RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion Mike you are a gem! This tool generates codes that validates in XHTML 1.0 DTD Strict! Is helpful and great for lazy people like me lol. Tested it and it works great. Thank you thank you very much! By the way what is the differences between ISO and Hex Conversion? Which is more secure? I choose the default which is ISO Conversion. Best Wishes, Jaime ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Pepper Sent: Friday, 4 June 2004 3:17 AM To: [EMAIL PROTECTED] Subject: RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion Jaime, Just use http://www.seowebsitepromotion.com/obfuscate_email.asp. Might prove useful and does it all for you, including complete mail-to strings. Mike Pepper Accessible Web Developer (with a headache because he's been on the system way too long) http://www.seowebsitepromotion.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jaime W Sent: 03 June 2004 19:35 To: [EMAIL PROTECTED] Subject: [WSG] Anti-spam mailto encoders using Character Entity Evasion Ermm another question List fellows. Hope you guys don't mind...4th question for the past 2 weeks. I am trying to use Character Entity Evasion for mailto encoding instead of JavaScript. At times it validates and at times it doesn't. Why? I have no idea. Example of Character Entity encoded email: Decode: [EMAIL PROTECTED] Encode: #116;#101;#115;#116;#64;#116;#101;#115;#116;#105;#110;#103;#46; #99;#111;#109; Those characters is making my xhtml 1.0 strict validation unhappy. May I know what alternatives do the rest of you use besides using JavaScript for encoding your e-mail? Contact Forms and '@ image method' or replacing '@' with 'at' method aside please. Thank you! Best Wishes, Jaime ... * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help * * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help * * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help * * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help *
RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion
Id also like to add a question. How Accessible is this method? Can screen readers pick this up and convert it to the correct text? GC Original Message: - From: Jaime W [EMAIL PROTECTED] Date: Fri, 4 Jun 2004 05:04:24 +0800 To: [EMAIL PROTECTED] Subject: RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion Mike you are a gem! This tool generates codes that validates in XHTML 1.0 DTD Strict! Is helpful and great for lazy people like me lol. Tested it and it works great. Thank you thank you very much! By the way what is the differences between ISO and Hex Conversion? Which is more secure? I choose the default which is ISO Conversion. Best Wishes, Jaime ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Pepper Sent: Friday, 4 June 2004 3:17 AM To: [EMAIL PROTECTED] Subject: RE: [WSG] Anti-spam mailto encoders using Character Entity Evasion Jaime, Just use http://www.seowebsitepromotion.com/obfuscate_email.asp. Might prove useful and does it all for you, including complete mail-to strings. Mike Pepper Accessible Web Developer (with a headache because he's been on the system way too long) http://www.seowebsitepromotion.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jaime W Sent: 03 June 2004 19:35 To: [EMAIL PROTECTED] Subject: [WSG] Anti-spam mailto encoders using Character Entity Evasion Ermm another question List fellows. Hope you guys don't mind...4th question for the past 2 weeks. I am trying to use Character Entity Evasion for mailto encoding instead of JavaScript. At times it validates and at times it doesn't. Why? I have no idea. Example of Character Entity encoded email: Decode: [EMAIL PROTECTED] Encode: [EMAIL PROTECTED] com Those characters is making my xhtml 1.0 strict validation unhappy. May I know what alternatives do the rest of you use besides using JavaScript for encoding your e-mail? Contact Forms and '@ image method' or replacing '@' with 'at' method aside please. Thank you! Best Wishes, Jaime ... * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help * * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help * * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help * mail2web - Check your email from the web at http://mail2web.com/ . * The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help *