Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Spam Prevention

Status
Not open for further replies.
DHoberer

DHoberer

MIS
May 31, 2003
8
US
I hope that lots of people have an opinion on this and can help me out.

The website folks here at the university I work at (I'm the Exchange Admin) want to put everyone's email addresses on the website under our campus directory to make it easier for students to email faculty and staff.

To me, there's no question about how unwise that it considering how easy it is for spammers to scrape email addresses off websites. However, I can't seem to convince them of the danger. They are of the mind that we have a good spam filter and it will take care of that. My opinion is that we should take as many preventative measures as we can and that their approach is like leaving all your doors unlocked and saying that if you get robbed you'll just buy new stuff.

Can anyone 1) help me come up with convincing arguments for NOT exposing email addresses on our website and 2) tell me what you do for safely alowing outside folks to email via a publically available web employee directory at your company?

Thanks!
Darrell
 
Sort by date Sort by votes
One suggestion that may seem odd but helps is to put things like email addresses in graphics. This makes it difficult for spammers to simply parse them.

You also might want to read the e-book Spamproof Your E-mail Addresses by Brian Livingston.

As far as an argument against making the email addresses public is that spammers can also use those addresses to spoof return addresses. People could complain to the university that one or more of your addresses is sending them spam and not taking their name off the spam list. Eventually, enough poeple could complaint to places like Spamhaus and SpamCop that your domain might get blacklisted.



James P. Cottingham
-----------------------------------------
I'm number 1,229!
I'm number 1,229!
 
Upvote 0 Downvote
There are lots of places that put employee emails out there.

Look at:

for example. I have no idea whether those people are spammed daily or what.

I don't think it is the answer you want, but in a University setting, facilitating communication may be the most desirable end product. Hanging addresses out there and doing the best one can to spam filter may be the way to go.

I think people can probably discuss the merits and flaws of mailto: vs a contact form vs obfuscation schemes (and you probably know them), but the bigger question is do you just accept the problem to get the good?
 
Upvote 0 Downvote
Three words for you: DON'T DO IT!!!

As one who has had email addresses published on the web from 1996-2005, and had several personal websites with the dreaded "mailto" tag(one of the things spammers' "scrapers" look for), I can tell you firsthand that the floodgates will open up for any email address published on the Web. I still get 400-500 spams a day and filter them with SpamPal, which works well most of the time.

What 2ffat referred to above has also happened to me; my business domain was blacklisted, and removing it was not easy.

I have since taken the low-tech approach of using email addresses that avoid common harvesting hooks, such as "info AT mydomain DOT com", with a note to use the proper symbols when composing emails. Better yet are web forms with "captcha" graphics, but this gets clumsy in a large directory.

I would offer all resistance possible and appropriate to reduce the load on the org's mailservers and reduce the bandwidth and storage that will be necessary for the now-avoidable flood of spam that is SURE to happen. Best of luck.

Tony

Users helping Users...
 
Upvote 0 Downvote
One of the argument is this the SPAM amount can only grow, thus causing unnecessary traffic and wasting time of employees. Also, it is possible to have a legitimate message lost amongst tons of garbage mail - and this is only very unattractive.

There are many ways to obfuscate email address; one of them is to use HTML entities, replacing '@' and '.' parts of the email address (with . and @, for example) - simple, but in many cases it works fine.

GNU notation (user@example.com written as user at example dot com) can also be used.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
XCS 770R Spam Filter
Replies
0
Views
82
intel233
intel233
TheAmboyduke
  • Locked
  • Question
Intrusion Prevention causing issue 1
Replies
7
Views
155
hairlessupportmonkey
hairlessupportmonkey
ciscocoyboy
  • Locked
  • Question
Cisco ASA Advanced Inspection and Prevention Security Services Module
Replies
2
Views
89
ciscocoyboy
ciscocoyboy
Techie10
  • Locked
  • Question
NAT with Spam appliance
Replies
2
Views
67
groundedagain
groundedagain
mofusjtf
  • Locked
  • Question
Publising a Barracuda Spam appliance thru ISA2k4
Replies
4
Views
69
mofusjtf
mofusjtf

Part and Inventory Search

Sponsor

Back
Top