--On 25 August 2009 21:02:01 +0000 Julian Mehnle <julian@mehnle.net> wrote:
Bob Puff wrote:
You are presuming too much on spammers as a whole. I've dealt with a couple spammers, and they just used some tools they got online that search for username@domain.something. Everything else is ignored.
I don't for a minute doubt that the advanced spammers will snag anything and everything no matter how strange it is obfusticated (sp?). But there are a LOT of low-tech spammers still out there, and there is enough "low hanging fruit" for them that this little bit we are discussing can be over their head.
It's not. Spammers usually don't do address harvesting themselves nowadays, but outsource it to botnets (just like they outsource the spamming itself to botnets) that are running kind of "off the shelf" software tailored to the task. Today, as a spammer you go out and buy those services in online shops, paying by credit card. And parsing "localpart at domain" is among the most trivial things current harvester modules do.
Any wanna-be spammers who still run their garage business with self written tools are pretty much meaningless in terms of magnitude.
If anything, this kind of obfuscation is an inconvenience to legitimate users, but certainly not to spammers.
-Julian
There's recently published research which suggests that simple obfuscation can be effective. Concealment, presumably, is more effective. At <http://www.ceas.cc/> you can download "Spamology: A Study of Spam Origins" <http://www.ceas.cc/papers-2009/ceas2009-paper-18.pdf>
They say "Surprisingly, even simple email obfuscation approaches are still sufficient today to prevent spammers from harvesting emails." and "Commonly-used email obfuscation techniques are offering protection (for now). It is common practice to replace the conventional @ in email addresses by an AT in order to defeat email harvesting. We found that the spammers are still not parsing simple obfuscations as of now. However, one should not count on the protection offered by such simple obfuscation schemes, for they are trivial to defeat."
Of course, list posts hang around for a long time, and may be mirrored (eg by Google caching). Therefore, concealment seems more sensible than obfuscation. Perhaps a captcha could be used to reveal sender addresses, for example.
The paper might be more interesting for its discussion of techniques for detecting (eg with honeypots) and defeating harvesters.
-- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/