[clug-talk] anti email harvesting (was Website Changes)

Jason Louie jason.k.louie at gmail.com
Fri Nov 19 09:17:56 PST 2004

On Fri, 19 Nov 2004 04:31:10 -0700, Niels Voll <nvoll at voho.com> wrote:
> I'm responding to the wrong posting for those, who are reading in
> threaded mode (sorry for the mini-hijack) because Jason's post in
> response to Pete's parent post never made it to my inbox - I just
> noticed Jason's post on the archive website. So I'm quoting from there:
> >  Jason Louie
> >  Wed, 17 Nov 2004 15:46:31 -0800
> > Yes, have seen both Jarrod's and Pete's methods and here is my opinion.
> > I tend to lean towards Jarrod's method of submitting the form from the
> > site.  This way the Email address is never sent to the browser.
> > Though Pete's method would detour the major harvestors a less
> > technological or more thurough scan would allow the Email to be
> > captured, (Email harvestor are getting more and more advanced).
> > However, Pete's method would work under any web server.  Where
> > Jarrod's requires the functionality on the server side, (this might
> > not be available on all web servers.)  However Pete's method would not
> > work if the browser had JavaScript disabled, (which some clients
> > have.)
> > Conclusion: If possible I would use the form submission method, (used
> > by Jarrod,) in cases where the functionality is not available on the
> > server, the JavaScript method.
> As a user I have always disliked the form submission quite a bit,
> because it does not leave me with a record of my submission in my mail
> client's "Sent" folder; So when given the choice I avoid those forms.

But you stated in your other Email that this is an initial contact so
having your Email on the form can establish the Email reference for
additional dialog there.

> In addition, I have lost some messages, due to accidentally closing the
> browser window or tab before having sent the message. This happens once
> in a while when one is multi-tasking or interrupted while composing a
> message. My email client tends to be much more forgiving that way - it
> asks, if I want to save the draft message before it quits the
> application. So personally, I just don't find a submission form
> particularly user friendly.

This can also be imitated with javascript, however this once again
runs into the issue of having javascript disabled.

> And the submission form is not a particularly high guarantee of
> anonymity for the user of the form. Unless the sender sits behind a
> gateway or proxy mechanism of some kind, which is shared by many people,
> in many cases the identity of the sender could be correlated via IP
> addresses rather easily, if a reasonably recent email from the sender is
> available. So while the website operator / recipient of the form based
> message may promise not to check IP addresses, this is of little
> consolation to anyone with a bit more technical savvy, who desires
> guaranteed anonymity. I bet most of us could figure out the identity of
> a high percentage of CLUG members by IP address. In some cases it may
> narrow it down to 2-3 people because they are sitting behind a common
> gateway or proxy-server, but even that is not particularly anonymous.
> But since I can send regular emails to the CLUG folks, it doesn't bother
> me that the form is on the CLUG site for those people who feel
> differently than me  :)
> ...Niels

Yes, there is no guarantee nor 100% with complete anonymousness.  If
you are connected to the internet you can be traced.  However it would
make it more difficult or at very least time consuming to identify a

However with changing your Email alias every month, one would think
that the bandwidth usage for the spam that is still sent to the voided
address would still build up.

Any way you look at it there is a trade off.  Possibly having all
solutions of the form and the javascript built Email with the aliasing
of the address changed every month would work.

More information about the clug-talk mailing list