Newbie: Does this qualify as "encrypted?"

[Hank]

Hey all,

I'm a programmer but have little experience in html
programming and none in Javascript. To make a long
story short, a friend of mine and I were discussing
email harvesters that prowl the inet looking for email
addresses. She claims that her website is protected
from such because her email addy is "encrypted" w/in
a javascript toolbar. IOW, when you click the button
on the site's toolbar it performs the typical "mailto: (e-mail address removed)"
but when one goes into the source itself, w/in the
toolbar area, one sees this:
<a href=
"mailto:carla@carlar&#1
01;ne.co&#109"
onmouseover="na_change_img_src('nav_index_AH6', 'document',
'nav/nav_36_15e_ahr.gif', true);"
onmouseout="na_restore_img_src('nav_index_AH6', 'document');"><img
src="nav/nav_36_15e_ah.gif" name="nav_index_AH6"
border="0" class="namo-button2" alt="Contact Me!" align="texttop"></a></div>

This, to my eyes, is clearly where the "encryption" occurs. Now,
I'm dubious as to whether this qualifies as "encryption" because
it appears as if it's just the numeric identifier for a character. Ergo,
if the email harvester were written for javascript, wouldn't it just
"see" the numbers as characters???

Thanks!
-Hanks

 

[Richard Cornford]

*Hank* wrote:

... , a harvestor need not be so clever, ...

... . In general javascript 'email encoders' can be
defeated similarly after running the document through a
slaved browser and extracting the text nodes and
attributes.

Fortunately it seems that the characteristic that currently inhibits the
harvesting of obfuscated e-mail addresses is an absence of cleverness on
the part of the people interested in harvesting addresses. That is
unlikely to change, as such, but it just takes one person to publish
some slightly cleverer software and all e-mail addresses published on
the internet are wide open again.

Richard.

 

[Dr John Stockton]

JRS: In article <[email protected]>, dated Thu, 5
Aug 2004 17:56:42, seen in Andrew Urquhart

*Hank* wrote:
[snip]

<a href=
"mailto:carla@carla
rene.co&#109">email</a>

This, to my eyes, is clearly where the "encryption" occurs. Now,
I'm dubious as to whether this qualifies as "encryption" because
it appears as if it's just the numeric identifier for a character.
Ergo,
if the email harvester were written for javascript, wouldn't it just
"see" the numbers as characters???

In this case in order to rip the address an email harvestor does not
need to be javascript-aware, it just needs to be capable of
understanding numeric entities. There is no encryption present, it's
obfuscation but of a sort that is understood natively by HTML parsers.
Since "mailto:" followed by a string of entities is quite a common
practice, a harvestor need not be so clever, it just needs to perform a
text search for the mailto prefix and replace the characters. In general
javascript 'email encoders' can be defeated similarly after running the
document through a slaved browser and extracting the text nodes and
attributes.

Using mailto:<obfuscate> seems silly to me.

A search will find the mailto , what follows is very likely to be an E-
address, and deobfuscation may be considered worth attempting.

Obfuscate the mailto: itself, and the @ at least in the address, and
more effort will be required of the harvesting software - not difficult,
but taking more time, and so may be considered not worthwhile.

 

[Andrew DeFaria]

Why not just use an image instead of text as I do at my site. Nothing
but your eyes will find my email address at my site.

Kinda kills the *functionality* of being able to click on the mailto
link though! ;-)

 

[Dr John Stockton]

JRS: In article <[email protected]
m>, dated Thu, 5 Aug 2004 18:54:51, seen in

Kinda kills the functionality of being able to click on the mailto
link though! ;-)

Don't post HTML/multipart.

There is no useful functionality in a readily-clickable E-mail address
that is so readily harvested that mail sent to it will be lost in a
deluge of spam.

The effort involved in retyping an E-mail address is negligible in
comparison with that which ought to be invested on composing a worth-
while body for the message.

 

[Andrew DeFaria]

JRS: In article <[email protected]
m>, dated Thu, 5 Aug 2004 18:54:51, seen in

Don't post HTML/multipart.

Don't bitch about it! Don't tell me how to post! I'm not tell you how to
post!

There is no useful functionality in a readily-clickable E-mail address
that is so readily harvested that mail sent to it will be lost in a
deluge of spam.

Sure their is. The useful functionality is being able to click to send
somebody an email. As for the deluge of spam - get something to protect
yourself! The mere action of eliminating a readily-clickable email
address will surely not stop the deluge of spam!

The effort involved in retyping an E-mail address is negligible in
comparison with that which ought to be invested on composing a
worth-while body for the message.

Perhaps to you but not to me. My spam filters work very well thank you.
Sorry you haven't managed to protect yourself. You want me to retype
your email address? I say why bother? If you make me go though hoops to
email you then I will simply not email you.

 

[Lasse Reichstein Nielsen]

Dr John Stockton wrote:

Don't bitch about it! Don't tell me how to post! I'm not tell you how
to post!

You don't tell him how to post? What was "Don't bitch" then?

HTML is not appropriate for Usenet. Some cosider it a binary posting,
which is prohibited outside of the dedicated binary newsgroups. Othes
just can't, or won't, see it. I second Dr Stockton's request: Please
don't post HTML, multipart or not.

/L