You are viewing an archive of the old fxhome.com forums. The community has since moved to hitfilm.com.

Email Obfuscator

Posted: Fri, 16th Jul 2004, 6:46am

Post 1 of 40

goober99

Force: 340 | Joined: 23rd Dec 2002 | Posts: 106

Windows User

Gold Member

Email Obfuscator

I put together this JavaScript to help me in designing my website. I thought any other webmasters here might be interested in it.

Spammers now have bots that routinely search pages for email addresses. You can use my Email Obfuscator to generate a disguised version of your email address that you can post on your web page.

It will actually look like your email address on your web page instead of address(at)domain.com or address[@]domain.com that I've seen before that I think just look tacky. Some people also use JavaScript to disguise their address, but then people with JavaScript enabled can't see the address.

Email Obfuscator converts it to decimal code that you can copy-and-paste into your HTML where you want to place your email address. I have tested the Email Obfuscator on both IE6 and Mozilla Firefox 0.9.2.
Posted: Fri, 16th Jul 2004, 1:22pm

Post 2 of 40

sidewinder

Force: 4937 | Joined: 5th Aug 2001 | Posts: 2453

FXhome Movie Maker Windows User MacOS User

SuperUser

Sounds cool.
Posted: Fri, 16th Jul 2004, 1:36pm

Post 3 of 40

TAP2

Force: 1128 | Joined: 8th Jan 2003 | Posts: 1848

Windows User

Member

The internet is doomed now...
It will be impossible to stop spam.

They're going to have to invent some sort of code-based email service, where you need a unique code for the reciptent to send an email.

It's out of control...
Posted: Fri, 16th Jul 2004, 1:39pm

Post 4 of 40

Xcession

Force: 42802 | Joined: 21st Mar 2001 | Posts: 1964

VisionLab User VideoWrap User PhotoKey 3 Pro User Windows User

SuperUser

At the company I work for, we've already done tests using this technique. Unfortunately it still results in spam, proof that email harvesters already know how to decrypt emails 'hidden' in this way.

Fun, but useless, sorry.

You could have also done it in about a zillion less lines of code

Last edited Fri, 16th Jul 2004, 2:14pm; edited 1 times in total.

Posted: Fri, 16th Jul 2004, 1:58pm

Post 5 of 40

er-no

Force: 9531 | Joined: 24th Sep 2002 | Posts: 3964

VisionLab User VideoWrap User PhotoKey 2 Pro User FXhome Movie Maker Windows User MacOS User

SuperUser

Spam is part of the internet. Just delete it.
Posted: Fri, 16th Jul 2004, 2:08pm

Post 6 of 40

malone

Force: 18242 | Joined: 21st Mar 2001 | Posts: 1477

VisionLab User VideoWrap User PhotoKey 5 Pro User MuzzlePlug User PowerPlug User PhotoKey 3 Plug-in User Windows User

FXhome Team Member

I've seen harvesters that will actually render a page then OCR it to parse all the addresses from it. This even defeats people who add their address as an image (like we do). Basically if a human can read it off the page then its likely a spam bot will be able to as well.

One thing I hope to do in the future is build a bot trap. Basically have a link to a page that only a bot will find. Then when it accesses that page its IP will be blocked from the site for a while (or maybe redirected to a fake site with fake addresses to collect).

That might cut down on spam a little, but the best way is just to setup filtering when spam is received, something like SpamAssassin does a good job at that.
Posted: Fri, 16th Jul 2004, 3:37pm

Post 7 of 40

TAP2

Force: 1128 | Joined: 8th Jan 2003 | Posts: 1848

Windows User

Member

Malone, do you happen to know why this happens...

I get hundreds of spam mails from my friends' email addresses.
It's not them - but bots have emailed spam disguised under their email address'

How does the whole email sending thing work anyway?
Are you saying it's possible to just make a programme that could send 10,000 emails from any disguised address to one address, or do you NEED an email provider to send emails?
Posted: Fri, 16th Jul 2004, 3:43pm

Post 8 of 40

Xcession

Force: 42802 | Joined: 21st Mar 2001 | Posts: 1964

VisionLab User VideoWrap User PhotoKey 3 Pro User Windows User

SuperUser

All email has to go through an SMTP (simple mail transfer protocol) server.

Obviously if it can be detected that a particular computer is being used to send spam, then it can be closed down, but spammers operate on the fly. They either rely on deliberately hacked machines: giving them access to send email from someone elses server (getting the server owner in trouble, not them) or they rely on poorly configured servers which have been allowed to run as an open relay ie: not checking that the email being routed is being sent from the same box.

As soon as they are discovered, they move to another host.

Its further complicated by the fact that they also use questionnable hosts, who are either inept, or on the take. The result being that the machines spamming everyone never get shut down.

Email providors, such as your own ISP or hotmail etc...are administered well enough to not be an open relay, and usually only allow email to be sent by users on the same network ie. its subscribers. Sending spam doesn't need an email *providor* since almost any server machine comes with an smtp agent.
Posted: Fri, 16th Jul 2004, 3:48pm

Post 9 of 40

goober99

Force: 340 | Joined: 23rd Dec 2002 | Posts: 106

Windows User

Gold Member

From working with Perl, I know it is possible to send email without having an email provider. They can probably disguise the email address however they want also.

I knew there were more advanced spam bots that would cut through my script like butter, but I thought it may keep away all but the most diligent.
Posted: Fri, 16th Jul 2004, 3:54pm

Post 10 of 40

malone

Force: 18242 | Joined: 21st Mar 2001 | Posts: 1477

VisionLab User VideoWrap User PhotoKey 5 Pro User MuzzlePlug User PowerPlug User PhotoKey 3 Plug-in User Windows User

FXhome Team Member

Yeah, its quite easy to send spoofed mail from any machine. You can even open up a raw connection to the mail server and type the commands directly. One of the commands lets you set the FROM header, and you can pretty much type anything you want and the mail server will believe you. Which is why spammers and viruses can use any address they want.

This is quite a big problem and theres a new thing called SPF which tries to fix it. It lets you say where mail should be coming from. So I could say fxhome.com mail only comes from the fxhome server, then if a spammer tries to send fxhome mail from a different machine it will be rejected. Unfortunatly all the mail servers have to support this before it'll work 100%, but more people are starting to use it.
Posted: Fri, 16th Jul 2004, 8:13pm

Post 11 of 40

TAP2

Force: 1128 | Joined: 8th Jan 2003 | Posts: 1848

Windows User

Member

Malone you seem to be an expert on this subject...

Do you think that we will eventually be able to entirely prevent spam in the near future?

I'm sure that intelligent filter bots will come into play soon that will be able to detect spam emails correctly.
Posted: Fri, 16th Jul 2004, 9:37pm

Post 12 of 40

Xcession

Force: 42802 | Joined: 21st Mar 2001 | Posts: 1964

VisionLab User VideoWrap User PhotoKey 3 Pro User Windows User

SuperUser

Sender policy framework seems to me to be the only likely 'solution' to spam, but thats still a while off and in the meantime bayesian filtering of emails will never have a 100% success rate. I'd suggest the only alternative for the time being is using ISPs/email clients with built-in spam filters: at least it'll cut down the amount you receive.
Posted: Sat, 17th Jul 2004, 3:34am

Post 13 of 40

Hybrid-Halo

Force: 9315 | Joined: 7th Feb 2003 | Posts: 3367

VisionLab User VideoWrap User PhotoKey 3 Pro User MuzzlePlug User PowerPlug User FXpreset Maker Windows User MacOS User

SuperUser

Find and download "Spambayes". It's a free outlook express plugin. Takes a month or so to train it. I'm recieving far less spam now.
Posted: Sat, 17th Jul 2004, 9:17am

Post 14 of 40

Mellifluous

Force: 5604 | Joined: 6th Oct 2002 | Posts: 3782

EffectsLab Pro User Windows User

Gold Member

You only receive spam if you sign up for things. E.g. wow! there's this site offering free pr0n if you give your email address which they will send their secret password to.

I have 5 email accounts now, & none of them receive spam. One of my accounts receives those annoying emails with attachments that I delete whenever I get them, but that's due to the inadequacies of an organisation's network. Feck, even my Hotmail account doesn't receive any spam - although you may count those Official Michael Douglas emails that I signed up for when I was a drunk as spam.
Posted: Sat, 17th Jul 2004, 9:36am

Post 15 of 40

TAP2

Force: 1128 | Joined: 8th Jan 2003 | Posts: 1848

Windows User

Member

I have a BT Broadband email, and everytime I START to receive new spam emails they stop coming within a week. I think BT have been taking spam email VERY seriously, because I hardly get it at all.

I have to say I think BTyahoo email is without a doubt the best email service I've ever used. The biggest mistake hotmail have made is that 'Bulk Mail,' contributes to your crappy 10MB limit.
My BT Broadband Email lets me have 20GB of inbox emails.
Posted: Sat, 17th Jul 2004, 10:18am

Post 16 of 40

malone

Force: 18242 | Joined: 21st Mar 2001 | Posts: 1477

VisionLab User VideoWrap User PhotoKey 5 Pro User MuzzlePlug User PowerPlug User PhotoKey 3 Plug-in User Windows User

FXhome Team Member

Being carefull who you give your address to is a good way to not get spam like Mel says. I never put my address into random forms (I usually use a free mailinator address instead). Having said that, I still get over 200 spam mails a day. The biggest problem is that we have to make our email addresses available on the fxhome site so people can contact us, and that unfortunatly lets spammers contact us as well.

The other problem is that we send and recieve lots of mail so we end up in lots of peoples address books. Then these people get viruses which read through the address book and send our address all over the net.

Even if I kept my email address secret from everyone, I would still get spam. We get spam bots that connect to our mail server and try hundreds of different random names. Eventually they hit upon "malone" and the spam flows through.

I dont think there will ever be a technical solution that will stop spam 100% without making the email system worse. The only time the spamming will stop is when the cost of spamming outweighs the gains for the spammer. Basically we have to stop idiots actually buying the spammers products.
Posted: Sat, 17th Jul 2004, 10:32am

Post 17 of 40

TAP2

Force: 1128 | Joined: 8th Jan 2003 | Posts: 1848

Windows User

Member

Are there any programmes you can download that act as search bots, which scan the net for spam bots?
Posted: Sat, 17th Jul 2004, 11:01am

Post 18 of 40

Xcession

Force: 42802 | Joined: 21st Mar 2001 | Posts: 1964

VisionLab User VideoWrap User PhotoKey 3 Pro User Windows User

SuperUser

Well aside from the fact that "crawling" is totally legitimate and essential for search engines, if you could hypothetically tell that a particular bot had visited a page with the express intention of taking your email address (which you can't)...what exactly would you do when you'd found it? Report it? Thats as useless as reporting the spamming servers themselves - they just move on. Harvester bots can be run from even more machines than the bulk mailers themselves.
Posted: Sat, 17th Jul 2004, 11:54am

Post 19 of 40

DigiSm89

Force: 815 | Joined: 2nd Jun 2002 | Posts: 1898

Windows User

Member

I know you guys are going to hate me for saying this but, Hotmail actually has some nifty spam prevention technologies. My dad, who uses Yahoo! Mail, gets at least ~30 spam letters each week with very little use, whereas I get close to no spam. On average, within 6 months, I've only been able to see 1 spam letter in my mailbox (and this is the junk mail box I use to sign up for any subscription I see on the net).

MS has some neat technologies and I really don't care what anyone else has to say about it. Hotmail's really neat!
Posted: Sat, 17th Jul 2004, 12:21pm

Post 20 of 40

TAP2

Force: 1128 | Joined: 8th Jan 2003 | Posts: 1848

Windows User

Member

Yeah,

I never get ANY spam mail to my hotmail INBOX(s)
It all goes into the Bulk Mail, which them clogs up my space allowance as these spanish spammers send me attachments of 500kb each.
Posted: Sat, 17th Jul 2004, 1:48pm

Post 21 of 40

DigiSm89

Force: 815 | Joined: 2nd Jun 2002 | Posts: 1898

Windows User

Member

Well Hotmail is introducing more free storage space and larger attachment file sizes so it doesn't seem to be much of a problem anymore.
Posted: Sat, 17th Jul 2004, 2:00pm

Post 22 of 40

Xcession

Force: 42802 | Joined: 21st Mar 2001 | Posts: 1964

VisionLab User VideoWrap User PhotoKey 3 Pro User Windows User

SuperUser

There isn't any 'neat MS technology' in hotmail, otherwise whatever tech there is would be bundled with outlook / outlook express by default. This isn't an anti-hotmail thing, this is just how it works.

MS use their own version of a spam assassin-like software, rating email and scoring it on its content, then giving it a spam/not-spam status as appropriate. This is how most bayesian filters work.

The important difference between hotmail and any other email providor is, i'd say, that hotmail users outnumber practically all other email services by at least 10:1.

As a result, the filtering process - which is usually done by setting threasholds on certain email attributes such as subject content, body presentation, header info - will be mind bogglingly quick to do. With so many millions of guinea-pig accounts at MS's disposal, when it comes to training filter software, its no surprise they manage to get rid of so much.


And for the record, Hotmail itself doesn't suck, so don't worry. Its technologically brilliant. Its more the reputation of its users being naive little children thats the problem.
Posted: Sat, 17th Jul 2004, 2:05pm

Post 23 of 40

DigiSm89

Force: 815 | Joined: 2nd Jun 2002 | Posts: 1898

Windows User

Member

Of all the e-mail providers I've tried in the past, Hotmail is still my favorite! Whether it's security of friendly user interface, MS (you have to admit) did a good job with their provider.

I kinda feel bad for AOL and at the same time don't for the recent news report of the disloyal employee and the new wave of spammers. AOL was my first e-mail provider. I still remember when my mailbox would be full of spam each day and I would always have trouble figuring out which e-mails are actually "wanted" emails.

But now I have Comcast! wink
Posted: Sat, 17th Jul 2004, 4:11pm

Post 24 of 40

malone

Force: 18242 | Joined: 21st Mar 2001 | Posts: 1477

VisionLab User VideoWrap User PhotoKey 5 Pro User MuzzlePlug User PowerPlug User PhotoKey 3 Plug-in User Windows User

FXhome Team Member

Yeah, hotmail does a fairly decent job of blocking spam ([url=http://yro.slashdot.org/yro/04/05/05/1237245.shtml?tid=109&tid=111&tid=126&tid=187]
unless the spammers slip MS some cash[/url]). Although sometimes they do too good of a job;

http://news.com.com/Hotmail+incinerates+customer+files/2100-1038_3-5226090.html

Personally I think its worth setting up your own mail server and sorting it out yourself. A personally tailored system with wipe the floor with any generic system. Obviously this isnt practical for everyone and can be a bit of a chore to maintain, but it depends how important your data is to you.
Posted: Sat, 17th Jul 2004, 4:35pm

Post 25 of 40

DigiSm89

Force: 815 | Joined: 2nd Jun 2002 | Posts: 1898

Windows User

Member

Still, however, people shouldn't be counting on the internet, much less technology, for everything. A life and death situtation should not be contingent upon digital means. But, if you do happen to constantly rely on technology, you should always create backups of your files. Whenever someone e-mails me, I always make sure that that e-mail is forwarded to at least 3 or 4 service providers in case of accidental deletion. Whenever I send files to my account at school, I make sure to bring those same files on a disk just in case.

There are many ways to protect your data so blaming it on a provider which YOU trust doesn't cut it, mostly for the fact that they are offering you FREE service. Of course that fee that was mentioned in the story about that other provider doesn't seem fair and at most possibly illegal.
Posted: Sat, 17th Jul 2004, 4:52pm

Post 26 of 40

Xcession

Force: 42802 | Joined: 21st Mar 2001 | Posts: 1964

VisionLab User VideoWrap User PhotoKey 3 Pro User Windows User

SuperUser

thank you for that tangentialy-generic obvious information.
Posted: Sat, 17th Jul 2004, 4:53pm

Post 27 of 40

DigiSm89

Force: 815 | Joined: 2nd Jun 2002 | Posts: 1898

Windows User

Member

shutup. unsure
Posted: Sat, 17th Jul 2004, 4:53pm

Post 28 of 40

TAP2

Force: 1128 | Joined: 8th Jan 2003 | Posts: 1848

Windows User

Member

The problem with hotmail is that IF you FORGET your PASSWORD...
That's it... If you can't answer your secret question then you're stuck.

I spent weeks looking for some sort of contact number when I forgot the password to my origional hotmail account, and there's no support whatsoever.

If it happens with my BT... I can just ring them up and sort it out almost instantly.
Posted: Sat, 17th Jul 2004, 5:00pm

Post 29 of 40

DigiSm89

Force: 815 | Joined: 2nd Jun 2002 | Posts: 1898

Windows User

Member

How's that a problem? You forget your password and Hotmail gives you a second chance at signing in. They're certainly not going to waste their time with people constantly calling in, asking to reset their password. If it was something urgent, then you wouldn't sign up with hotmail in the first place much less forget the important credentials needed to sign in.

What would you want them to do, have them sent your password in e-mail? tard
Posted: Sat, 17th Jul 2004, 5:06pm

Post 30 of 40

TAP2

Force: 1128 | Joined: 8th Jan 2003 | Posts: 1848

Windows User

Member

I've just come up with the most genious solution to spam bots.
Create your email address as an IMAGE FILE, then just write
'you will need to manually enter the email address'

I use Msn Messenger mainly.
If I lost my password then I'd lose all my contacts for msn and it'd be tricky getting them back.
Posted: Sat, 17th Jul 2004, 5:10pm

Post 31 of 40

malone

Force: 18242 | Joined: 21st Mar 2001 | Posts: 1477

VisionLab User VideoWrap User PhotoKey 5 Pro User MuzzlePlug User PowerPlug User PhotoKey 3 Plug-in User Windows User

FXhome Team Member

TAP2 wrote:

I've just come up with the most genious solution to spam bots.
Create your email address as an IMAGE FILE, then just write
'you will need to manually enter the email address'
Like we do on our contacts page? Doesnt work smile I mentioned earlier that the advanced spam bots use OCR (Optical Character Recognition) so they can read a page as easily as a human can. You could make the font particually differcult to read with OCR but then your real viewers will start having trouble reading it as well.
Posted: Sat, 17th Jul 2004, 5:13pm

Post 32 of 40

TAP2

Force: 1128 | Joined: 8th Jan 2003 | Posts: 1848

Windows User

Member

(raises white flag)
Posted: Sat, 17th Jul 2004, 5:28pm

Post 33 of 40

DigiSm89

Force: 815 | Joined: 2nd Jun 2002 | Posts: 1898

Windows User

Member

If you really, really cared, you could create images that have blank hyperlinks, and have external scripts PASS the hyperlink value to that image via a RollOver function and reset the hyperlink on a MouseOut function. Then, all that's left would be to lockout the script file making it so that only the webpage would be able to open the file.

PROS
- OCR won't work because the e-mail addresses aren't loaded at first view of the page. They are loaded after and at the individual user's request
- Likewise, the addresses aren't listed anywhere in the html file so a bot would still not be able to pick out the address.
- (If done) Bot wouldn't be able to get into the file that contains the addresses

CONS
- If spyware is loaded on a client's machine, there would be no way to safeguard the addresses against it

Also, you could do what mostly every company does and create webforms that send the client's messages to a serverside script or server program which then e-mails the messages to the right people.

But, of course, the easiest thing would be to do Malone's idea and run your own e-mail server.
Posted: Sun, 18th Jul 2004, 12:54am

Post 34 of 40

goober99

Force: 340 | Joined: 23rd Dec 2002 | Posts: 106

Windows User

Gold Member

On the topic of email providers, I use MyWay, and I really like the service they provide.
Posted: Sun, 18th Jul 2004, 1:46pm

Post 35 of 40

DigiSm89

Force: 815 | Joined: 2nd Jun 2002 | Posts: 1898

Windows User

Member

Why does this look like Yahoo! Mail and GMAIL so much? confused
Posted: Sun, 18th Jul 2004, 1:53pm

Post 36 of 40

goober99

Force: 340 | Joined: 23rd Dec 2002 | Posts: 106

Windows User

Gold Member

They meant for it to look like Yahoo! Mail so people would have a familiar interface to work with. Any similarities with GMAIL mean GMAIL copied the look of Yahoo!/MyWay. MyWay was providing its service long before GMAIL was released.
Posted: Sun, 18th Jul 2004, 10:32pm

Post 37 of 40

DigiSm89

Force: 815 | Joined: 2nd Jun 2002 | Posts: 1898

Windows User

Member

Yeah I now GMAIL definitely copied Yahoo mail's UI but what's the sudden obsession with it?
Posted: Mon, 26th Jul 2004, 3:58pm

Post 38 of 40

DigiSm89

Force: 815 | Joined: 2nd Jun 2002 | Posts: 1898

Windows User

Member

MS released an article about ways to fighting spam. The "munge" way seems like a neat way. Check it out here:

http://www.microsoft.com/athome/security/spam/fightspam.mspx
Posted: Mon, 26th Jul 2004, 4:03pm

Post 39 of 40

Xcession

Force: 42802 | Joined: 21st Mar 2001 | Posts: 1964

VisionLab User VideoWrap User PhotoKey 3 Pro User Windows User

SuperUser

pfft. If a spam harvester can turn hexidecimal character codes into decimal and can OCR a screenshot of a page just to get image-emails...it can sure as hell try a few permutations of numbers substituted for characters!

The ol' w4r3z talk has been around for over a decade and as far as 'munging' goes, thats probably the single-most obvious way of doing it.

Utterly futile.
Posted: Mon, 26th Jul 2004, 4:17pm

Post 40 of 40

DigiSm89

Force: 815 | Joined: 2nd Jun 2002 | Posts: 1898

Windows User

Member

Well, it's already been mentioned that spam cannot be prevented totally. Though, you can take precautionary measures against spam. These are just a few.