Kommentare zu: How to secure your email address correctly on the web

Von: Martin

Martin — Wed, 07 Oct 2009 19:20:18 +0000

@Goo: if you don’t need digitized books: fine. I need them and I want that they get digitzed and if that can be done in an outomated process even better. And btw. reCAPTCHA did not start as a Google service, that is a very recent development.

Von: Goo

Goo — Wed, 07 Oct 2009 19:13:34 +0000

I’m sorry but your response in regard to Google is nonsense. By solving the reCaptcha you provide Google with free labor (aka unpaid work). This labor directly contributes to Google’s value e.g. as it makes their offering of scanned books better than that of any competitors. Google is extremely good at making people work for them for free. And this is the reason why you shouldn’t touch any of their products.

Von: Michael "I am not a bad guy" Howell

Michael "I am not a bad guy" Howell — Wed, 07 Oct 2009 15:26:50 +0000

@Sebastián Benítez: “I think the only way to stop spam is counterattacking with DDOS.”

DDOS is worse than SPAM. By definition, it eats lots of bandwidth. Besides of which, it’s illegal.

Von: Sebastián Benítez

Sebastián Benítez — Wed, 07 Oct 2009 14:55:16 +0000

Stop being so paranoid. If your mail is harvested so what? You’ll get more spam in your spam folder, that’s all. I think the only way to stop spam is counterattacking with DDOS. Then the ISP of those machines acting as zombies for massive nets are going to take note and do something.

Von: André

André — Wed, 07 Oct 2009 14:47:16 +0000

In Germany we have some problems with law which requires you to lay open your contact information on your web site. Of course it should the contact information should also be barrier-free…

The purpose of “obfuscaption protection” is just to reduce a likelihood of email harvesting. Of course you can quickly write an attack script that grabs an email address. Otherwise you simply hand out the mail address to spammers.

Von: halo

halo — Wed, 07 Oct 2009 12:24:29 +0000

you just proved with your arguments that the captcha discussion is useless anyway, since there are already a information monopols by google and other huge crawlers/service providers and all you can do is *nothing* about your mail address getting caught by them.
you can only hope that you cannot be made responsible for your mails by the state, which is cooperating with google in all countries. and hope they won’t do what they promise at the moment: share more information between different parties to improve crime detection.

bad luck, preventing porn ads in your mail account should be your least problem actually.

p.s. you can create a lot of free public e-mail accounts of course, but this won’t safe you from their intensive scanning either. now set up your mail server and create accounts as you wish, but hey they know your domain and still will track you easily… maybe speek l33t?, no it is easy to do regexp transformations on strings today… so do it in tor or minion… now c’mon you paranoids, this is a political issue, which logically cannot be solved technically, but only politically. fight against surveillance or rest in quietness forever.

Von: Andre

Andre — Wed, 07 Oct 2009 12:15:23 +0000

Obfuscation is no Captcha. Obfuscations/Crypting and CAPTCHAs both belong to the family of Challenge-Response Tests. I still don’t understand the point here, though. I have places where it’s perfectly fine to use obfuscation (which definitely does work) and where it would be quite out of place to use captchas. On the other hand I use reCAPTCHA frequently (on all comment forms, registrations, contact formulars, etc. pp.).

Von: Steve

Steve — Wed, 07 Oct 2009 11:39:51 +0000

Hi Martin!

I think your point is correct, but is worth it to take the time to change what we already have?

> Obfuscation is broken and it is only a matter of time till harvesters start to harvest the email addresses

It it, but how long is that? I made the point last time about low hanging fruit, and I submit that it is enough for me that my fruit hangs higher. In my case, I fully realise that spammers could at any moment start executing JavaScript and evaluating the results. How long is it until they do? I like my solution, as the end user gets an un-obfuscated clickable ‘mailto’ link, whereas a (non-JS) bot doesn’t get anything that even remotely resembles an email address.

For anyone still using “foo at bar dot com” style obfuscation, I would say it is worth the time to change what you have for the following reason: /(\w+)\s+at\s+((\w+)(\s+dot\s+(\w+))+)/ — and that’s only a very simple one off the top of my head. Your fruit hangs low!

Steve