[clug-talk] anti email harvesting (was Website Changes)

Niels Voll nvoll at voho.com
Fri Nov 19 03:31:10 PST 2004

I'm responding to the wrong posting for those, who are reading in 
threaded mode (sorry for the mini-hijack) because Jason's post in 
response to Pete's parent post never made it to my inbox - I just 
noticed Jason's post on the archive website. So I'm quoting from there:

>  Jason Louie
>  Wed, 17 Nov 2004 15:46:31 -0800

> Yes, have seen both Jarrod's and Pete's methods and here is my opinion.

> I tend to lean towards Jarrod's method of submitting the form from the
> site.  This way the Email address is never sent to the browser. 
> Though Pete's method would detour the major harvestors a less
> technological or more thurough scan would allow the Email to be
> captured, (Email harvestor are getting more and more advanced). 
> However, Pete's method would work under any web server.  Where
> Jarrod's requires the functionality on the server side, (this might
> not be available on all web servers.)  However Pete's method would not
> work if the browser had JavaScript disabled, (which some clients
> have.)

> Conclusion: If possible I would use the form submission method, (used
> by Jarrod,) in cases where the functionality is not available on the
> server, the JavaScript method.

As a user I have always disliked the form submission quite a bit, 
because it does not leave me with a record of my submission in my mail 
client's "Sent" folder; So when given the choice I avoid those forms.

In addition, I have lost some messages, due to accidentally closing the 
browser window or tab before having sent the message. This happens once 
in a while when one is multi-tasking or interrupted while composing a 
message. My email client tends to be much more forgiving that way - it 
asks, if I want to save the draft message before it quits the 
application. So personally, I just don't find a submission form 
particularly user friendly.

And the submission form is not a particularly high guarantee of 
anonymity for the user of the form. Unless the sender sits behind a 
gateway or proxy mechanism of some kind, which is shared by many people, 
in many cases the identity of the sender could be correlated via IP 
addresses rather easily, if a reasonably recent email from the sender is 
available. So while the website operator / recipient of the form based 
message may promise not to check IP addresses, this is of little 
consolation to anyone with a bit more technical savvy, who desires 
guaranteed anonymity. I bet most of us could figure out the identity of 
a high percentage of CLUG members by IP address. In some cases it may 
narrow it down to 2-3 people because they are sitting behind a common 
gateway or proxy-server, but even that is not particularly anonymous.

But since I can send regular emails to the CLUG folks, it doesn't bother 
me that the form is on the CLUG site for those people who feel 
differently than me  :)


More information about the clug-talk mailing list