ECM--Email Countermeasures

How and Why of obfuscating your address

Why

I like many internet users got tired of receiving e-mail from spammers, mass-mailers, or whatever you choose to call this retched hive of scum and villiany. Yet, I still wanted to have my e-mail address available to legitimate users who wished to contact me.

How do spammers get my email address?

Harvesting Webpages: that is the purpose of the javascripts on my page is to hide your address from these simple little 'bots or spiders that look for anything in the form of foo@example.com or in a mailto: URL
Harvesting Newsgroups: similar to webpages automatic programs that look for anything in the form of foo@example.com
Social Engineering: greeting cards sites that collect your name from a friend of yours and then keep it or sell it to spammers
Guessing: if there is a foo at example.com maybe there is another foo at whitehouse.gov The next step is to verify the address usually in one of two ways, either SMTP verify a mail command that will check to see if the recipient is actually ok with the mail server or perhaps a blank or innocuous message from no one you know to see if your address 'bounces.'
Theft: by craftily creating a website that actually is not http but anonymous ftp. A lot of browsers would send your email address as the password for anonymous ftp (long ago courtesy in the early days of BBS). Making a worm which emails an them with your (or friends) email addressbook, even a chain letter can be used for this purpose.
Buying: Many sites, when the dot-bomb implosion hit, realized a list of email address was an asset to be sold. The people buying didn't care if you only opted in one site they had your address used it and probably sold it off again.

How to hide from email harvesters

I wrote several little Javascripts which should hide your email address from e-mail harvesting programs. I don't know of any that can interpret Javascript. I seriously doubt any ever will as interpreting Javascript would be a real drain on resources. However, if they ever do I will just have to upgrade this.

High Threat Environment

This method for the truly paranoid, converts your email address into a seemingly random string of characters using a simple substitution cipher. The link will then be decoded by the script into your correct address.

I found another encryption program written by Jim Tucek. This one uses prime numbers and factoring to cipher your address. Much better encryption than a simple substitution cipher.

Medium Threat Environment

This javascript takes your e-mail address and converts it into the ISO-Latin-1 character code for each character. It then makes a big array of those codes. Which then get written into your document using the document.write method.

Low threat environment

Or you can obfuscate it using a simpler method which converts your address into the HTML character entities. This method while simple and easily decoded has the advantage of not using javascript.

Another method

If you have a personal webpage it is likely the webpage URL is in the form of http://www.domain.tld/~username, and your email address is in the form of username@domain.tld.

If this is your case, you can use a simple script to reconstruct your email address from your webpage's URL.

About this code

As for the code it is freeware, use it as you like. If you like it please let me know. If you hate it let me why. Does it really reduce the amount of spam you get. Also feel free to tinker with it, because if everyone started using identical code it wouldn't take the email harvester too long to figure out where all the email addresses are hiding.

The true SPAM®

SPAM®Note that SPAM® (all capital letters) refers to SPAM® brand luncheon meat. While, "spam" (all lower case letters) refers to Unsolicited Commercial Email (UCE). is a registered trademark of Hormel Foods for their fine luncheon meat.

The best way to have SPAM® is in SPAM® Musubi. I first tried and enjoyed SPAM® Musubi while I was living in Hawaii. If you have never had SPAM® Musubi then your really should give it a try it is ono.