Email Obfuscation Techniques
arno at alum.wpi.edu
Tue Apr 12 17:26:47 EDT 2011
On Tue, Apr 12, 2011 at 02:47, Wander Nauta <info at wandernauta.nl> wrote:
> I agree, entity-encoded mailto: links work quite well. They may not work
> forever, though, and some Drew McLellan made a good point here:
A while back, around the time I sent the original message to this
list, I hadn't realized that the source for Enkoder was available, so
I I set out to reverse engineer the algorithm and implement my own
filter. When I realized that it was selecting multiple layers from
many obfuscation techniques, I gave up and wrote my own.
It's a filter for nanoc  that converts all mailto links to AT / DOT
obfuscated links and also inserts ROT 13 obfuscation that is unwrapped
DOT link, so the user either sees an AT / DOT email address (JS turned
off), or a fully functional address (JS turned on). Both are
It's quite similar to what Enkoder does, but also provides the AT /
Enkoder also uses several randomized layers of JS obfuscation, which I
don't think are any more effective than a single layer. With tools
like "jrunscript", a scraper can evaluate the JS obfuscation just as
easily as the browser does. Adding more and more layers just marginaly
increases complexity and resource consumption.
It's also surprising just how effective the AT / DOT method is  and
quite a bit more so than entities. This would seem to indicate that
harvesters aren't yet searching for "* at * dot com". Here we are
almost 5 years later and 7 times as many results for that search.
Sometimes I wonder if it's even worth the obfuscation effort.
arno s hautala /-| arno at alum.wpi.edu
More information about the Markdown-Discuss