Thursday, November 16, 2006

bob at example dot com: A Great Way to Give Spammers Your E-mail Address

Author: Nick
Category: Money
Topics: ,

world wide waffle

Somewhere in the course of recent internet history, the following advice seems to have spread like wildfire:

“If your e-mail address is, you should never spell it out on websites or message boards as Junk e-mailers have these ‘spider scripts’ which can harvest e-mail addresses from websites if they’re printed in their standard form. Instead you should say something like bob at example dot com.”

And so that’s what lots of people do on the internet…

My e-mail address is smart_dude at yahoo dot com

If you have questions about this offer, please contact sally at smartbusiness dot org

Hey d00d fr33 nak3d chiXoRz: nak3d_chiXoRz at omg-super-hot-girls dot yum

Hooray, address-harvesting spiders are defeated forever! Peace on earth, good will yadda yadda.

Guess what? Every time you say “bob at example dot com,” you have just told e-mail spammers that your address is

But but but I didn’t have the funny little @ and the . is a dot so I’m safe, right? Right???

No! You’re not safe, Mr. Italics Bold! That’s because e-mail harvesting spiders can read and interpret “bob at example dot com” just as well as they can read “” It’s as simple as programming the spider script to look for ” at ” in addition to “@” and ” dot ” along with “.”

Oh okay. So I’ll just come up with something more clever, like “bob -is at- example -period- com.” I am so smart!

No! You are so lame, Mr. Italics Bold! Spammers can just program their script to start with the “com” and work backworks, trying any number of combinations. It might pick up “” and “” as e-mail addresses, but it’ll also catch “” And sending a single junk e-mail is virtually free, so spammers can still come out ahead even if only one out of thousands of e-mails they send actually hits a valid user!

I’m scared of the internet now! Time to go live in a cave! Call me when they fix this.

Sorry, Mr. Italics Bold, but this problem won’t be going away anytime soon. But there are some things you can do to protect yourself and your e-mail address from unwanted solicitations:

  • Protect your e-mail address like you would your home address or phone number. If I put a form on this website asking you for your home phone number, would you fill it out? Heck no! You don’t want me calling you up at three in the morning. You might need to give out your e-mail address to more places than you do your phone number, but you should think long and hard each time you do it.
  • Never post any part of your e-mail address in text form in a public location on the internet. As described earlier, it’s easy as spam pie to harvest those addresses, even if you obfuscate it with seemingly invalid syntax. Really, if you wanted to make “bob at example dot com” tricky enough to hide from spider scripts, it’d probably be too hard for people to understand it, too.
  • Use alternate means of communication in public areas. If you need to post a method of contact in a public location, your personal e-mail address is not the way to do it. On message boards, instruct users to send you a private message (or “PM”) through the boards’ own messaging system. In other places, post a single-use or temporary e-mail address like those you can get at Mailinator. For more permanent setups like website contact pages, consider a form-based solution with a captcha and spam blockers to filter unwanted messages.

If you’d like more information on this subject, please input your e-mail address in the following form.

Your e-mail:

Hey, hey, hey! What’d I just finish saying? Don’t give out your e-mail address just because someone asks you for it!

But in all seriousness, go ahead and fill it out if you’d like more information.

Your e-mail:

What’re ya doin’??? Stop filling out random forms and go do something useful.

No comments yet.

Sorry, the comment form is closed at this time.