On October 7, 1999 at 19:32, Jeff Breidenbach wrote:
> Also, the sender's email address is embedded at the top of the page,
> scrambled by rot13 encryption. For example:
>
> <!-- MHonArc v2.4.3 -->
> <!--X-Subject: week's news -->
> <!--X-From-R13: Xrss Pervqraonpu <wrssNwno.bet> -->
I should note that the rot13 is slightly tweaked to include the
'@' character so stock spam bots will not even pick up anything.
This is just in case spam bots do rot13's on addresses they
harvest.
(BTW, I hope X-From-R13 does not throw-off Lynx since I read
that it apparently has code to look for MHonArc-like comments.
I think it is only for the message-id and subject.)
> You are correct that a programmer could write a custom spambot to
> crack the encryption. However, even if the encryption was strong, a
> custom spambot could just submit the POST form and record the mailto:
> URL returned.
Exactly.
> (1) Not everyone can whip out a custom spam harvester in perl in a few
> minutes. Custom programming does represent some effort.
Basically, we hope address harvesting is done automatically. It would
take human resources to check sites and to create custom variations to
beat obfuscation (which may not be economically viable for spammers).
Simple things like removing "nospam" can be done since many people put
that word in their address. However, I hope what MHonArc does/can-do
avoid obvious anti-obfuscation, as is what Jeff does with the reply-to
button.
--ewh
