Friday, February 24, 2012

6 Precautions You Should Take Against Email Harvesters & Spammers

6 Precautions You Should Take Against Email Harvesters & Spammers:

stop receiving spam emailSpam has its roots in email harvesting. Email harvesting is the umbrella term for the methods spammers (or bulk email marketers) use to obtain email addresses in volumes. It could be as low tech as purchasing email address lists or go high-tech with the use of special email harvester bots which scan or spider through webpages, discussion boards, and chat groups.

The legality of email harvesting differs from country to country. The United States for example has the CAN-SPAM Act that prohibits email harvesting. But the law overall has remained mired in a fog of ineffectiveness. In general, across the board it is considered illegal to acquire email addresses with automated software. But spammers remain undefeated as your email inbox no doubt tells you.

Anti-spammers, email companies, and projects like Project Honeypot are doing their bit. What can we do to protect our emails from email harvesters? Maybe, start off with these precautions at least.

stop receiving spam email

Mung Your Email Address

Email address munging is the easiest method to cover up your email IDs from spam bots, though it’s not the neatest. It is simply modifying your email ID – to something that looks like – johndoe at mail dot com. Spam bots look for patterns as defined in their programming logic. Disguising email IDs with random text is an attempt to defeat that logic. In the example above, we have eliminated @ and the “.com” to confuse the spam program.

This method is simple to follow but comes with the risk that real humans also might get confused and “de-mung” the address incorrectly. Spam bots are also getting better, so it is reasonable to assume that some can pick up variations of an email address. But along with the GIF signature, this remains the easiest one to apply in places like community boards.


Each character can be mapped to a corresponding ASCII code. ASCII codes are translated by browsers into the readable character form, but it handicaps the spam bots as they fail to recognize the codes. You can insert something like into the HTML of your webpage. Here, both “@” and “.” have been substituted with their ASCII codes. You can obscure your entire email ID with ASCII codes, but that will take some effort.

I came across this simple website and its form that helps out with address munging.

Use a Graphic Email Signature

prevent email harvesting

The email address above is not text but a transparent GIF image created in a photo editor. It looks neater and spam bots cannot read it because it is an image file and using OCR is still a long way off. But using GIF email signatures has a couple of disadvantages – the recipient can miss the email ID if images are turned off in his browser. Also, a GIF email sign ideally should not be hyperlinked… so recipients will have to key in the ID themselves, and that’s a bit inconvenient.

Use Disposable Email Addresses

prevent email harvesting

Disposable email addresses are also a neat solution. These onetime dummy email accounts can be used when giving out email addresses to websites. You can abandon them at will. We have covered quite a few web services which generate disposable email addresses. Find a few to use in our Directory.

I also came across a service called Scrim which protects your email address by disguising it using a custom link. You can try it out.

Encode With JavaScript

<script type='text/javascript'>var a = new Array('','johndoe@em');document.write("<a href='mailto:"+a[1]+a[0]+"'>"+a[1]+a[0]+"</a>");</script>

That’s ‘’ obscured with JavaScript and inserted into the HTML of a webpage. Spam bots don’t do a good job of reading JavaScript and can’t find the ID in the source code, but our usual browsers render it perfectly. Of course, you need to have it switched on to display the email signature correctly. There are many JavaScript generators available freely on the web that can generate the code for you. Copy the code into your HTML where you want the link to appear.

Use Contact Forms

stop receiving spam email

Secure email forms are the best and most professional way to protect email addresses while soliciting information. All professionally designed websites will have one. It is user-friendly as all the reader has to do is add information and click on submit. Email addresses aren’t displayed to the readers or spam bots. A further barrier of a CAPTCHA prevents auto-populating bots from attacking the system. Yes, the reader cannot use his favored email client to send messages but that’s a small inconvenience.

These five points cover the bare minimum we can do as individuals and also as web designers to protect email addresses from the scourge of email harvesters. There are a few more advanced techniques that go around like Spider Traps. Anti-spam methods are advancing the battle even as spamming evolves. It is a battle. How do you combat it at your level? Are you aware of email harvesters and the tricks they play? And do remember – never respond to a spam email. It only confirms your identity.

Image Credit: Spam warning sign on binary via Shutterstock

No comments:

Post a Comment

[Please do not advertise, or post irrelevant links. Thank you for your cooperation.]