Obfuscating email

[Mark Space]

I was just looking at one of the quotation lines from this newsgroup:

Andrea Francia

It seems obfuscating email addresses is very popular and with the amount
of spam I get I can see why.

I wonder if there's some better way. I suppose this would be some form
of white list with a trusted authority. Andrea for example registers
his true email address with AuthorityX, which then relays email for him.
AuthorityX doesn't allow non-trusted domains to it send email in the
first place.

There's been some talk recently about transforming social sites, which
are currently wide open, to something more restricted, so that users can
control their information and have security.

I don't know, would anyone use such a service?

Pretend our reference implementation will be implemented in Java, for
relevance to this newsgroup.

 

[Andrea Francia]

I was just looking at one of the quotation lines from this newsgroup:

Andrea Francia
<[email protected]> writes:

I think the best way for obfuscating email is to use address like

(e-mail address removed)

But I don't have yet put email address on my website.

 

[Roedy Green]

There's been some talk recently about transforming social sites, which
are currently wide open, to something more restricted, so that users can
control their information and have security.

See http://mindprod.com/jgloss/mung.html
for various ways to disguise your email.

My solution is to replace email with something else which includes
security, something like an unlisted phone number with call blocking.

See http://mindprod.com/project/mailreadernewsreader.html

 

[Martin Gregorie]

I think the best way for obfuscating email is to use address like

As you can see, I use a totally bogus address in USENET headers and put my
address in the trailer in the sig. I've done this for several years: so
far this seems to be enough to prevent skimmers from collecting it.

I use a different trick on my website: all e-mail addresses are obfuscated
in a way that most browsers seem to be capable of decoding, but so far has
also kept the web scrapers at bay.

From this I deduce tow things: that the various scrapers are simplistic
and that their authors can extract so many unobscured mail addresses that
they don't bother with even trivially ofuscated ones.

FWIW, all the spam I get uses another, ISP-specific address. This has
either been scraped from my ISP (unlikely) or, more probably, extracted
from public domain ownership details.

HTH

 

[Knute Johnson]

As you can see, I use a totally bogus address in USENET headers and put my
address in the trailer in the sig. I've done this for several years: so
far this seems to be enough to prevent skimmers from collecting it.

I use a different trick on my website: all e-mail addresses are obfuscated
in a way that most browsers seem to be capable of decoding, but so far has
also kept the web scrapers at bay.

From this I deduce tow things: that the various scrapers are simplistic
and that their authors can extract so many unobscured mail addresses that
they don't bother with even trivially ofuscated ones.

FWIW, all the spam I get uses another, ISP-specific address. This has
either been scraped from my ISP (unlikely) or, more probably, extracted
from public domain ownership details.

HTH

I have a bit bucket. nospam is a valid address but all mail is thrown away.

What kind of gliders do you fly Martin?

 

[Arne Vajhøj]

I was just looking at one of the quotation lines from this newsgroup:

Andrea Francia

It seems obfuscating email addresses is very popular and with the amount
of spam I get I can see why.

I wonder if there's some better way. I suppose this would be some form
of white list with a trusted authority. Andrea for example registers
his true email address with AuthorityX, which then relays email for him.
AuthorityX doesn't allow non-trusted domains to it send email in the
first place.

There's been some talk recently about transforming social sites, which
are currently wide open, to something more restricted, so that users can
control their information and have security.

I don't know, would anyone use such a service?

Pretend our reference implementation will be implemented in Java, for
relevance to this newsgroup.

I don't think it is worth it.

You will send email to someone that gets malware on his/her computer
and it will steal all the email addresses in the saved emails.

Use a mail host with a spam filter and an email client also with
a spam filter.

Then you will use 10-60 seconds per week deleting the few spam
emails that comes through both.

You will spend more time explaining how your obfuscated email address
should be deobfuscated than that.

Arne

 

[Joshua Cranmer]

As you can see, I use a totally bogus address in USENET headers and put my
address in the trailer in the sig. I've done this for several years: so
far this seems to be enough to prevent skimmers from collecting it.

I used to post my full email address on Usenet, but I stopped when I
started collecting about one spam/day on the email. Even so, there are
other places where I do post my full, unadulterated, unobfuscated email
address, and that email still collects spam on the order of once every
few months. Based on these statistics, I think the amount of spam
scraped from Usenet is rather low.

Other accounts posted in various problems. One that was posted as a
public PGP key (it appears to be eradicated now) gets about 20-30/day; I
do not know where else it was posted. My gmail account gets a phenomenal
amount of spam messages: I cannot say the source of this barrage, however.

From this I deduce tow things: that the various scrapers are simplistic
and that their authors can extract so many unobscured mail addresses that
they don't bother with even trivially ofuscated ones.

I think the amount of spam derived from messages from Usenet is
overstated: I used my ISP email for several months before changing to
the form I have now, and that included my most prolific posting times.
Where the spammers are getting email addresses from, I can't say, but I
think manually scrapping the web isn't the largest source.

 

[Martin Gregorie]

What kind of gliders do you fly Martin?

I have a Standard Libelle - one that's old enough to have balsa skins, but
I've rather spoilt my SIFOW image by stuffing its panel with
nice electronic toys: my only mechanical instruments are the ASI,
altimeter and T&B. Its not had much use so far this year, though. The
weather has been mostly unsoarable when its hasn't been raining.

Do you also fly gliders?

 

[Tom Anderson]

I wonder if there's some better way. I suppose this would be some form
of white list with a trusted authority. Andrea for example registers
his true email address with AuthorityX, which then relays email for him.
AuthorityX doesn't allow non-trusted domains to it send email in the
first place.

You can already do this with spamgourmet.org, using their trusted senders
list, at both domain and address granularity.

There's been some talk recently about transforming social sites, which are
currently wide open, to something more restricted, so that users can control
their information and have security.

Like Facebook, you mean?

I don't know, would anyone use such a service?

70 000 000 so far.

Pretend our reference implementation will be implemented in Java, for
relevance to this newsgroup.

Well, okay, but they mostly use C++ and php, and some python and java [1].

tom

[1] Mentioned in http://developers.facebook.com/thrift/thrift-20070401.pdf

 

[Andrew Thompson]

I think the best way for obfuscating email is to use address like

        (e-mail address removed)

Adding '.invalid' has an extra point in its favor.

Any smart server that sees an address ending in '.invalid'
will immediately 'lose it and think nothing further about
the matter'.

'.invalid' is a warning to servers that this is most
certainly an invalid address, and there is no need to
burden other servers with it.

I urge all posters to these groups who use invalid
addresses to please add '.invalid' to the end of them.

Martin Gregorie made a good point about email scrapers
missing many trivially obfuscated addresses, that reflects
my own experience as well. As a result, I do not think
that adding such a deliberate 'flag' that an address is
obfuscated, is going to bring an address much closer
to being 'de'obfuscated.

 

[Knute Johnson]

I have a Standard Libelle - one that's old enough to have balsa skins, but
I've rather spoilt my SIFOW image by stuffing its panel with
nice electronic toys: my only mechanical instruments are the ASI,
altimeter and T&B. Its not had much use so far this year, though. The
weather has been mostly unsoarable when its hasn't been raining.

Do you also fly gliders?

When I was a young man I flew glider tugs and was a glider instructor.
Haven't been in one in almost twenty years but I promised myself I was
going to get out this summer. Most of my time is flight training in
Schweizer 2-33 or Blanik L-13. I did fly a Club Libelle a few times and
a Salto a few times but that was 30 years ago. I taught my father to
fly gliders and flew a few times with him after that in the GroB 102?.
I've been trying to find one of those Lambada motor-gliders to sit in
and see if I fit, the Stemme being way out of my price range .

 

[Martin Gregorie]

Adding '.invalid' has an extra point in its favor.

Any smart server that sees an address ending in '.invalid'
will immediately 'lose it and think nothing further about
the matter'.

'.invalid' is a warning to servers that this is most
certainly an invalid address, and there is no need to
burden other servers with it.

I urge all posters to these groups who use invalid
addresses to please add '.invalid' to the end of them.

How about this?

Using '.invalid' as the TLD does require careful wording of the pseudo
domain to indicate where the real address is to be found. I tried a
few variations before settling on this one, which is depressingly similar
to my original, but the result is still a little ambiguous.

 

[Martin Gregorie]

When I was a young man I flew glider tugs and was a glider instructor.
Haven't been in one in almost twenty years but I promised myself I was
going to get out this summer. Most of my time is flight training in
Schweizer 2-33 or Blanik L-13.

I wondered which side of the pond you were: the 2-33 is a give away. I'm
on the other side and mainly winch - more fun and much cheaper, especially
now the price of avgas is going through the roof.

I've been trying to find one of those Lambada motor-gliders to sit in
and see if I fit, the Stemme being way out of my price range .

Have you looked at the Slovakian/Slovenian offerings? Pipistrel
<http://www.pipistrel.si/> make some nice looking and well-specified
SLMGs. I don't know how these would fit your wallet, but they're certainly
cheaper than a Stemme. Alternatively, winch launching is becoming more
popular in the US. If you've never done it and there's a site near
you, give it a try. Standstill to 1200 ft in 35 secs is a blast!

 

[Andrew Thompson]

...
How about this?

This, what? Like in your sig?

martin@   | Martin Gregorie
gregorie. |
org       | Zappa fan & glider pilot

I think it is redundant there, since scrapers
will not pick up the 3-line variant, and a human
can easily reform it into a *valid* email address.

BTW - Loved the side-bar about gliders*,
hate Zappa. ;-)

* And no, I've never flown a glider, but my dad
learned how after his retirement.

 

[Andrew Thompson]

On May 18, 6:17 pm, Martin Gregorie

I think it is redundant there, since scrapers
will not pick up the 3-line variant, and a human..

Or more accurately, any human worth talking to,
on any technical matter. The people who could
not guess the email add. are likely to be too
busy choking on their own spit, to be wasting
anybody elses time.

 

[Arne Vajhøj]

Adding '.invalid' has an extra point in its favor.

Any smart server that sees an address ending in '.invalid'
will immediately 'lose it and think nothing further about
the matter'.

'.invalid' is a warning to servers that this is most
certainly an invalid address, and there is no need to
burden other servers with it.

I urge all posters to these groups who use invalid
addresses to please add '.invalid' to the end of them.

If it becomes widely used, then spammers will quickly just
remove that suffix.

Arne

 

[Martin Gregorie]

This, what? Like in your sig?

I meant the revised piece of non-address in the header.

* And no, I've never flown a glider, but my dad
learned how after his retirement.

Try it - you might like it. Just don't blame me if you get hooked.

 

[Knute Johnson]

I wondered which side of the pond you were: the 2-33 is a give away. I'm
on the other side and mainly winch - more fun and much cheaper, especially
now the price of avgas is going through the roof.
Have you looked at the Slovakian/Slovenian offerings? Pipistrel
<http://www.pipistrel.si/> make some nice looking and well-specified
SLMGs. I don't know how these would fit your wallet, but they're certainly
cheaper than a Stemme. Alternatively, winch launching is becoming more
popular in the US. If you've never done it and there's a site near
you, give it a try. Standstill to 1200 ft in 35 secs is a blast!

I was in London once and went out to the London Gliding Club and did a
winch launch. It is a thrill! Conditions were pretty poor that day,
drizzle, low clouds and windy.

The Pipistrel is very interesting but I think I'm too big for it. I
haven't been able to get in one of those to try it though so it is on my
list to see. I talked to the Lambada guys on the phone and they told me
that they were supposed to be getting a bigger canopy (to fit big
Americans) in the near future. When that comes in I'm going to drive up
to Reno and check it out.

In the meantime there is a place a couple of hours away that has pretty
good soaring conditions. The wife of the fellow that runs the place was
one of my students 30 years ago. The winds will stop here pretty soon
and the mountain soaring conditions will get really nice.

Are you in the UK Martin? I'm in southern California, between Los
Angeles and Bakersfield. I did most of my soaring at El Mirage and
Crystalaire in the high desert to the east of me now. The glider school
that my ex-student and husband run is in Tehachapi.

 

[Martin Gregorie]

Are you in the UK Martin? I'm in southern California, between Los
Angeles and Bakersfield. I did most of my soaring at El Mirage and
Crystalaire in the high desert to the east of me now. The glider school
that my ex-student and husband run is in Tehachapi.

Yes. I have friends at LGC, but I fly with the Cambridge club, so entirely
flat land thermal soaring unless I tow the glider up to Yorkshire or
Scotland.

I know Tehachapi from driving through a few times on the way to or from
the Free Flight model flying heaven that is Lost Hills (Junction 46 on
I5). I did a little soaring on a visit in 2001 (Boulder CO, Avenal,
Williams and an afternoon at Minden on the way back to Denver). I was a
newly minted Silver C back then.

BTW, have you visited rec.aviation.soaring? Maybe we should take this
there or offline before we get rocketed for being off topic.

 

[Andrew Thompson]

I meant the revised piece of non-address in the header.

Oh right, the 'see_sig_for_address' bit.
Yes that is the preferred form, since it
ends in '.invalid'.

Try it - you might like it. Just don't blame me if you get hooked.

I wouldn't doubt it. At the moment I'm
more concerned with spending the little
money I have on some other things I like -
eating and living in a house. ;-)