Address munging
From Wikipedia, the free encyclopedia
Address munging is the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organisations who send unsolicited bulk e-mail. Address munging is intended to disguise an e-mail address in a way that prevents computer software seeing the real address, or even any address at all, but still allows a human reader to reconstruct the original and contact the author: an email address such as, "no-one@example.com", becomes "no-one at example dot com".
Any e-mail address posted in public is likely to be automatically collected by computer software used by bulk emailers—a process known as e-mail address harvesting—and addresses posted on webpages, Usenet or chat rooms are particularly vulnerable to this.<ref>Email Address Harvesting: How Spammers Reap What You Sow, Federal Trade Commission. URL accessed on 24 April, 2006.</ref> Private e-mail sent between individuals is highly unlikely to be collected, but e-mail sent to a mailing list that is archived and made available via the web or passed onto a Usenet news server and made public, may eventually be scanned and collected.
[edit] Disadvantages
Disguising addresses makes it more difficult for people to send e-mail to each other. Many see it as an attempt to fix a symptom rather than solving the real problem of e-mail spam, at the expense of causing problems for innocent users.<ref>Address Munging Considered Harmful, Matt Curtin</ref>
The use of address munging on Usenet is contrary to the recommendations of RFC 1036 governing the format of Usenet posts, which requires a valid e-mail address be supplied in the From: field of the post. In practice, few people follow this so strictly.<ref>See Usenet.</ref>
[edit] Alternatives
As an alternative to address munging, there are several "transparent" techniques that allow people to post a valid e-mail address, but still make it difficult for automated collection of the address:
- "Transparent name mangling" involves replacing characters in the address with equivalent HTML references from the list of XML and HTML character entity references. When a real person copies-and-pastes the e-mail address, or clicks on the "mailto:" link the correct address is used. An automated system is less likely to interpret the HTML entities, and will not recognise it as an e-mail address.
- Posting an e-mail address as an image. Most people can read and interpret the image if they are not blind, but an automated system cannot.
- Posting an e-mail address as a text logo and shrinking it to normal size using inline CSS.<ref>Email CSS obfuscation tool (Generator requires javascript enabled, output for displaying emails requires basic CSS)</ref> As with an image this is readable by a real person, not by an automated system.
- Building the link by client-side scripting.<ref>Email hexadecimal encoder tool (Generator requires cookies enabled, output for displaying emails requires javascript enabled)</ref>
- Replacing the '@' symbol with an image, as is done on Fark.com threads.
The use of images and scripts for address obfuscation can cause problems for people using screenreaders and users with disabilities.
According to a 2003 study by the Center for Democracy and Technology, even the simplest "transparent name mangling" of e-mail addresses can be effective.<ref>"Why Am I Getting All This Spam? Unsolicited Commercial E-mail Research Six Month Report" March 2003.</ref>
[edit] Examples
A common methods of disguising addresses include:
| Disguised address | Recovering the original address |
|---|---|
| no-one at example (dot) com | Replace " at " with "@", and " (dot) " with "." |
| no-one@elpmaxe.com.invalid | Reverse domain name: elpmaxe to example remove .invalid |
| moc.elpmaxe@eno-on | Reverse the entire address |
| no-one@exampleREMOVEME.com.invalid | Instructions in the address itself; remove .invalid |
| no-one@exampleNOSPAM.com.invalid | Remove NOSPAM from the address, remove .invalid. It's a good idea to include instructions since some people use NOSPAM or DELETE in their address to avoid worm harvesting. |
The reserved top level domain .invalid is appended to ensure that a real e-mail address is not inadvertently generated. One problem is that some spammers will now remove obvious munges and send spam to the cleaned up address. For this reason many people recommend using a totally invalid address (especially in the From line) and perhaps a disposable email address in the Reply To.
[edit] Notes
<references />
[edit] See also
[edit] External links
| This article is part of the Spamming series. | |
|---|---|
| E-mail spam | DNSBL | Spamhaus | Stopping e-mail abuse | Spambot Address munging | E-mail authentication | Directory Harvest Attack |
| Spamdexing | Google bomb | Keyword stuffing | Cloaking | Link farm | Web ring Referer spam | Blog spam | Spam blogs | Sping | Scraper site |
| Telemarketing | Autodialer | Mobile phone spam | VoIP spam |
| Scams | Phishing | Advance fee fraud | Lottery scam | Make money fast | Pump and dump |
| Misc. | Messaging spam | Newsgroup spam | Flyposting History of spamming |
