Off-topic: hiding your email address - don't bother...

Skip Montanaro skip at
Sat Sep 29 06:57:22 CEST 2001

(My apologies for the off-topic post.  Python-list at is the only
large mailing list/newsgroup I read with any regularity, so this subject is
only germane to me in this context.)

More and more people are resorting to various schemes to try and hide their
email addresses from email address harvesters.  It's frustrating to me to
get mail bounces when I reply to posts and forget to un-doctor your email
address.  I think it's a fruitless exercise for a few reasons:

    * If I reply-to-all to a message of yours I will get an address like
      skipNO at in the To: or CC: headers.  If I notice it and
      remove "NO" and "SPAM", I've just screwed you, because your email
      address is now going to show up in mailing list archives or Usenet
      headers.  If I don't notice, I get a bounce.  No great loss perhaps,
      though I'm a bit frustrated because my response to perhaps your
      request won't reach you, and you might miss the response to your
      message when skimming (or have it expire when you're out of
      town on a business trip).  What are the chances that I will realize I
      should move your email address to the BCC field?  Slim, at best.  If I
      remember to do all the right things, what about Alex or Guido, one of
      the Tims or one of the bots?

    * Your email address probably appears in plenty of other places
      accessible to the harvesters, including: your personal or corporate
      websites, friends' or associates' websites, your soccer club website,
      the archives of this and other mailing lists or newsgroups (none of
      the hypermail/pipermail/etc archives use particularly complex schemes
      to hide addresses and once upon a time you posted messages *without*
      doctoring your email address), SourceForge, or source code you wrote
      that happens to be available on the net.

    * Other people have probably given it out.  That might be your dimwitted
      ISP who thinks that filthy lucre from a direct marketing company is
      more valuable than your good will, or the guy in the next cubicle who
      just CC'd you on a post to alt.binaries.britney-spears.

Try though you might, you probably still get lots of spam.  They find you,
no matter what.  Case in point.  I switched ISPs from MediaOne Express to
AT&T @Home just a couple weeks ago (because the latter bought the former).
I had to select a user id and I wound up with an email address quite a bit
unlike anything else I had ever had before.  I didn't care, because I didn't
intend to ever use it.  *I* certainly never publicized it.  Lo and behold,
during a service call a few days ago the tech said I should check my @Home
email once in awhile because they use it to communicate with their
customers.  I checked and found a "welcome to @Home" message and two spams.

I bet you know the conclusion of this missive: Don't bother trying to
protect your email address.  Resistance is futile.  If you want to filter
out spam, find a service you like that filters email (like SpamCop or your
ISP), learn how to use procmail, or learn to write sendmail milters in
Python or get Jason Mastaler's TMDA system that works with QMail (there - I
snuck in *two* Python code references into my message so it's not
off-topic!).  In short, do something that stands a real chance of helping.
Doctoring up your email address isn't going to cut it.  You're just sticking
your head in the sand...

NsOk-iSpP at ApMo-bLoYx .Yc'oRmS,

Skip Montanaro (skip at

More information about the Python-list mailing list