Tag Archives: fight spam

[Anonymity] How To Protect Email Addresses against Spam

The Novel

Since the very beginning of the internet in its occurence as the world wide web (www) in the mid of the 1990s there were bad guys.Those bad guys rapidly realized how to make a quick buck out of the technological inexperience of the new inhabitants of the www. It was the days when people had their first contact with HTML. First projects were showing the people’s dogs and the family and looked kinda ugly – from nowadays view.

So people began to show parts of their privacy to the masses almost without fully realizing that their website from now on was visible all over the world. And they added a contact @ character, hoping that other cool people would send them emails and telling them how cool the website about their dog is. But the people didn’t anticipate the guys who knew how to make money from pulling a fast one on others.

One of the first things the bad guys noticed was the fact that the principle of bulk mails could be easily transferred to the internet. So the bad guys began to manually collect email addresses from the websites of the dogowners and all the others. But what to advertise via email? We nowadays know how this question was answered. Those bad guys began to setup porn websites. They often used illegally copied photos of naked women or sex scenes from magazines.

They sent the dogsowners and all the others invitations for porn- or erotics-sites and appealed to their sexual drives. Many of the early days’ porn site operators were email address collectors themselves. They knew porn would sell till the end of mankind.

It didn’t take long and someone improved the way of collecting email addresses. He coded a robot (spam spider) who was able to scan the websites and search for those two HTML tags:

  • <a href="http://www.linktonextsite.org">Link To Next Site</a>
  • <a href="mailto:mymailaddress@mywebsite.org">Send me a Mail</a>

I bet you can already smell how the story went on. The email addresses were written automatically into databases. And while the internet was growing and the amount of websites escalated virtually thru the roof the amount of people who understood to make a living from sending porn, erotic and viagra mails to the people also increased.

Although the novel above may not be 100% historical accurate, the problem of spam nowadays has become even worse.

Today it is estimated that 90% of the emails sent around the globe are spam.

What can we do about it?

Fight Spam Technically

As we’ve seen how the system works. Bad guys use automated robots to search the www for exploitable email addresses and write them back into their databases. So as a website operator the one and only question to take into consideration is: how to hide the email addresses?

Some time ago we’ve found a very nice way, that we are using for quite some years. We don’t know where we found it – otherwise we would credit the guy who wrote it.

Instead of using

  • <a href="mailto:mymailaddress@mywebsite.org">Send me a Mail</a>

we slightly obfuscate the email address by using Javascript. Every webbrowser nowadays perfectly understands Javascript, Ajax and even more. See here what we do:

  • <a href="#" onclick="mp='@';mp='mymailaddress'+mp;mp+='mywebsite.org';this.href=mp;">Send me a Mail</a>

So what’s happening here?

This integrated javascript reacts after you clicked on the “Send me a Mail” link. It then uses the temporary variable mp to reassemble your email address. By not putting the email address as a string into your HTML source of your website this scripts prevents (almost) any spam robot to recognize your email address. As a matter of course we recommend to use this technique from the first day a website is on the internet.

You can easily modify this javascript by changing the variable to another name or by changing the order.

We hope you had some fun in this lesson and appreciate your feedback.

[Anonymity] Anti Spam Strategy

As seen in the past, the spammers steal our valuable life time with sending us porn, drugs and software offers, that we would never have dreamed of. The question is: where do those spammers get the email addresses from? And there are two simple answers.

First being the problem that anyone having a website, mostly also has provided a valid email address for contact purposes. Here in germany in most cases we are even legally obliged to provide such an address as imprint (Impressum). So spammers send robots to the net and harvest all those email addresses and write them back into databases and let them grow and grow. And after a while honorable databases have been generated with lots of email addresses.

Second being the problem that many administrators of forums offer their user databases as well to spammers, although they are not allowed to. Anyway it happens much too often.

At least for the second problem a solution has evolved. It is called “one time email addresses” or “trash email addresses”. Those addresses are valid for a particular amount of time and will cease to work after that.

One of those websites offering such services is http://www.guerrillamail.com/. They provide us with an email address that is working at least for 15 minutes. If that is too short you can manually prolong that address for another 15 minutes by simply clicking a button. We did not try to prolong for the maximum possible amount of time – so we don’t know. But we suspect there may be a time limitation.

When will you actively stop distributing your real email address on the net?



Kaspersky