Celejar [2021-04-05 14:49:15] wrote:
> On Mon, 5 Apr 2021 14:12:07 -0400 Dan Ritter <d...@randomstring.org> wrote:
>> Celejar wrote:
>> > What's the recommended modern best practice for putting a contact email
>> > address on the web while avoiding having it scraped by spam / fraud
>> > bots?
>> Assume that every address will be hit by spammers and scammers.
>> Put in appropriate antispam and antimalware precautions.
> Okay, but why isn't trying to limit spammers getting hold of an address
> a logical part of a defense in depth strategy?
I think Dan is right: what he says is "the recommended modern practice".
Defense in depth has to be weighted against the annoyance for real
users, and sadly it's much easier to tweak a scraper once to handle
yet-another-obfuscation-trick than it is for real users to jump through
the same hoops (because those users only jump through those hoops once,
so they pay the full price rather than spreading the price over
millions of pages).
>> Train your people to recognize spam and scams.
> I'm talking about a small hobby project that I run in my spare time. I
> just want to reduce spam to an address that I may put up to allow
> people to reach me.
The only alternative is to use something else than email, which requires
users to have/create an account and authenticate themselves (e.g. an issue
tracker on SourceHut).
Stefan
