[Novalug] Avoiding Email Address Skimming from Web Sites (OT, ?)

[Kevin Dwyer]

On 1/10/08, Roger W. Broseus <rogerb at bronord.com> wrote:
>
> These approaches require a bit of decoding by the user of the site. In
> addition to the use of forms to capture requests and do email "behind
> the scenes," one can effect a mailto request using simple java scripts
> (that even I can use!).
>
> An example is posted at
>
>     http://www.bronord.com/emailscripts.html


Given the sophistication of current spyware, spam, malware, etc
technologies, I would not be surprised if they are able to run javascript
when loading a page.  This would also render useless the javascript
obfuscation techniques (writing the addresses in hex and such).

In fact, I have some observed evidence that google may be able to do just
such a thing.  They started indexing a file that I only linked to through
some javascript call.  I'm not entirely sure if they found some other way to
reveal the file or if they could parse it out, but they did get it
eventually.  I mean, after all, javascript interpreters are open source so
it's just a matter of time to get it to plugin to your web scraping tool,
and the spammers have all day (and all the resources) to do this.

-kpd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://calypso.tux.org/pipermail/novalug/attachments/20080110/53311b9a/attachment.htm