Thursday, October 02, 2008

email hiding

I thought that spamming was an issue of the past. Not because spammers have ceased bombarding email addresses with all sorts of unthinkable propositions, but because now we have the means to render their assaults harmless. It's been ages since the last time a spam email transpired into my [Inbox] instead of going straight to [Spam]. Some people though employ this and that in a vain attempt to hold back the very dumbest of spammers out there hunting for valid email addresses. Historically, the most popular way of hiding an email is by replacing @ and . characters with words:

One can think many variations on this, but they all obey the same principle. I read a personal page the other day using a context-sensitive approach:
This obviously can be used in conjunction with the previous technique. Some organisations have also relied upon context to camouflage their emails by omitting the domain part altogether, so becomes simply firstname.lastname and they do not allow employees to maintain contact lists in their email clients; marvellous. Instead of disclosing their email addresses many incompetent companies provide a mostly ill-designed kind of contact form that does not let you use any other client or know whether a man or /dev/null is handling your email. More recently, emails have started to appear as distorted images of the actual email text, much like a simple captcha:

Alternatively, one may want to prepare a static flash file specifically for hiding your email. Carnegie Mellon have taken this a step further with their reCAPTCHA Mailhide application. The email (or part of it) is replaced with a link that shows you a captcha. If you solve the captcha then the full email address is shown to you, otherwise you are asked to solve another captcha. All challenges are random and you can switch to audio challenges too:

Others have come as far as suggesting using Javascript XORing. The idea is you take a normal email link like <a></a>, XOR each character with some key to get the XORed version, and then serve that together with a script that will dynamically XOR this back to the original link using the same XOR key of course. The idea is to make life difficult for scouting bots since the html page will only have the script and the XORed email. Anoop Sankar demonstrates an example of that technique. Sarven Capadisli reports a few other options. One notable example uses CSS to reverse the direction of text in a inversely written email:

span.codedirection { unicode-bidi:bidi-override; direction: rtl; }
<p><span class="codedirection">moc.liamg@niagaeemz</span></p>

As for myself, I've already made it readily available to spammers worldwide. Here it is once more: