Does e-mail obfuscation really make automatic harvesting harder?

Question

Many users and forum programs in attempt to make automatic e-mail address harversting harder conseal them via obfuscation - @ is replaced with \"at\" and . is replaced with

Answer 1

When I see this type of obfuscation I also immediately think of regular expressions. It's a piece of cake to harvest emails "obfuscated" in this manner.

I once came with an idea to publish my email address in this way:

You can mail me here:

string myEmail = "";
myEmail = myEmail
          .Append ("myname")
          .Append ("@")
          .Append ("domain")
          .Append (".")
          .Append ("com");

Whoever does not make it out, has failed my basic intelligence test.

Answer 2

I have a solution, well, more of a theory. Problem is, the bots parse the page. they can get the text. even if it's being put into the page in some sophisticated way through Javascript.

So, just you CSS3 pseudo element! it won't be a link, but your email will be visible, and will never be an actual text. something like this:

.email::after{ content:'myemail@gmail.com'; }

Again, it's a theory, I've no idea how far these evil people can go to get it, but I think this be pretty safe. (unless they parse the CSS files, which I don't think they do)

Answer 3

How to fight spamers? Make email address less recognizable for something without brain (i.e. computer).

Non-English speakers are your friends: if your user base is non-English speaking community, switch to obfuscating using other languages: team_małpa_stackoverlow_kropka_com or team_Affenschwanz_stackoverflow_Punkt_com are perfectly recognizable email addresses for respectively Polish- and German-speaking communities. Some email harvesters know Polish or German, but chance is most of harvesters will understand only English.

If you cannot leave English, than switch to some descriptive phrases- like: “in order to send us message write team in your address field, than put symbol AT, than write the name of our site!”.

Answer 4

Definitely!

I read this article a while ago which shows how effective (as well as the relative degree) the various methods can be. Reversing an already reversed string seems to be fairly decent protection at the moment.

The following code sample:

<style type="text/css">
   span.codedirection { unicode-bidi:bidi-override; direction: rtl; }
</style>

<p><span class="codedirection">moc.etalllit@7raboofnavlis</span></p>

Will output the email so it's readable at least.

That said, it is almost an arms race. But as long at you're ahead of the curve, it'll be more effort to harvest your address rather than ordinary un-obfuscated ones.

Answer 5

Obfuscation techniques falls in the same category than captchas. They are not reliable and tend to hurt regular users more than bots.

Javascript obfuscation seems to be praised, but is no silver bullet : it is not that hard today to automate a browser for email sniffing. If it can be displayed in a browser, it can be harvested. You could even imagine a bot that's taking screenshots of a browser window and using OCR to extract addresses to beat your million-dollar-obfuscation-technique.

Depending on where and why you want to obfuscate emails, those techniques could be useful :

• Restrict email visibility : you may hide emails on your website/forum to anonymous users, to new users (with little to no activity or posts to date) or even hide them completely and replace email contact between members with a built-in private messaging feature.

• Use a dedicated spam-filtered email : you will get spammed, but it will be limited to this particular address. This is a good trade-off when you need to expose the email address to any user.

• Use a contact form : while bots are pretty good at filling forms, it turns out that they are too good at filling forms. Hidden field techniques can filter most of the spam coming through your contact form.

Answer 6

I'm not sure if it really helps with spam - but I've learned to love the Escape Encode Obfuscation for mailto: tags/emails. An example tag:

<a href="%6D%61%69%6C%74%6F%3A%74%65%61%6D%40%73%74%61%63%6B%6F%76%65%72%66%6C%6F%77%2E%63%6F%6D">&#116;&#101;&#97;&#109;&#64;&#115;&#116;&#97;&#99;&#107;&#111;&#118;&#101;&#114;&#102;&#108;&#111;&#119;&#46;&#99;&#111;&#109;</a>

Mails team@stackoverflow.com