[clug-talk] anti email harvesting (was Website Changes)
nvoll at voho.com
Fri Nov 19 03:31:10 PST 2004
I'm responding to the wrong posting for those, who are reading in
threaded mode (sorry for the mini-hijack) because Jason's post in
response to Pete's parent post never made it to my inbox - I just
noticed Jason's post on the archive website. So I'm quoting from there:
> Jason Louie
> Wed, 17 Nov 2004 15:46:31 -0800
> Yes, have seen both Jarrod's and Pete's methods and here is my opinion.
> I tend to lean towards Jarrod's method of submitting the form from the
> site. This way the Email address is never sent to the browser.
> Though Pete's method would detour the major harvestors a less
> technological or more thurough scan would allow the Email to be
> captured, (Email harvestor are getting more and more advanced).
> However, Pete's method would work under any web server. Where
> Jarrod's requires the functionality on the server side, (this might
> not be available on all web servers.) However Pete's method would not
> Conclusion: If possible I would use the form submission method, (used
> by Jarrod,) in cases where the functionality is not available on the
As a user I have always disliked the form submission quite a bit,
because it does not leave me with a record of my submission in my mail
client's "Sent" folder; So when given the choice I avoid those forms.
In addition, I have lost some messages, due to accidentally closing the
browser window or tab before having sent the message. This happens once
in a while when one is multi-tasking or interrupted while composing a
message. My email client tends to be much more forgiving that way - it
asks, if I want to save the draft message before it quits the
application. So personally, I just don't find a submission form
particularly user friendly.
And the submission form is not a particularly high guarantee of
anonymity for the user of the form. Unless the sender sits behind a
gateway or proxy mechanism of some kind, which is shared by many people,
in many cases the identity of the sender could be correlated via IP
addresses rather easily, if a reasonably recent email from the sender is
available. So while the website operator / recipient of the form based
message may promise not to check IP addresses, this is of little
consolation to anyone with a bit more technical savvy, who desires
guaranteed anonymity. I bet most of us could figure out the identity of
a high percentage of CLUG members by IP address. In some cases it may
narrow it down to 2-3 people because they are sitting behind a common
gateway or proxy-server, but even that is not particularly anonymous.
But since I can send regular emails to the CLUG folks, it doesn't bother
me that the form is on the CLUG site for those people who feel
differently than me :)
More information about the clug-talk