Hiding email addresses | email Hal Keen |
---|
| |||||||||||||||||||||||||||||||||
Any email address exposed on the Web is likely to be harvested using a webcrawler and then beat up by spammers. (Congress made harvesting illegal in the CanSPAM law, which only demonstrates their loose grip on reality.) This creates a nasty tradeoff between accessibility and security. Having gotten much better (I think) at hiding from harvesters while remaining accessible, I have some suggestions to offer. The first step is to use throwaway addresses (ones you can change easily) for email links. Most ISPs will allow multiple addresses; I keep two just for use on Web pages. That allows time for transitions: the one Im abandoning remains available during the changeover, and maybe a while thereafter. If your ISP requires one of your addresses to be permanent, dont use it for email links, and make sure its not listed in some online directory. If you try the link at the top of this page, youll see my typical throwaway address. I use a combination of my initials (which happen to be an uncommon permutation), the date I create the address (just to keep track), and a random string of consonants (created with my random string generator), with some punctuation. I make the addresses long and junky so frequent changes wont cut into the supply of nice-looking, simple addresses other subscribers might want to use. Important note: If you do this very much, you will need to keep a list of places you use each address. Otherwise, you might make the mistake I did, and leave a link pointed to a bad address for a while. The second step is to use a link encoding (commonly called an obfuscation) that reduces the likelihood of its being harvested by spammers. A lot of schemes exist, and many of them severely restrict the usefulness or accessibility of the link. (Theres a list of these, with notes, below.) I use a method I learned from Robert Graham*, because it is believed to be supported by all browsers. * Mr. Grahams online description seems to have disappeared. I have found other sites that refer to this technique, but none of their links work any more. Again, the link at the top of this page is an example. I have a link obfuscator available to help create links like this, if you care to try it. It requires JavaScript 1.2 to create links, but they can be used without script support. Very important note: Do not try this encoding with an address that you arent willing to throw away. First, it will eventually get spammed. (I usually get Nigeria letters first; I think the senders are so low-tech they actually browse through and click links.) Second, it helps if spammers dont expect its worthwhile harvesting addresses coded this way, because theyll be abandoned as soon as the spam starts. Several other schemes for hiding an email address are widely promoted. Here are some Ive found, with reasons for using or rejecting them:
|