Announcement

Collapse
No announcement yet.

whoever(at)gmail(dot)com, you are not fooling anyone.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • whoever(at)gmail(dot)com, you are not fooling anyone.

    Frustrated rant following:

    Ok, I am getting really annoyed with companies and people that write their e-mail addresses in the form whoever(at)gmail(dot)com. I have gone to three business sites this week and I have had to change an e-mail address rather than just copy and paste it into an e-mail client. It is annoying to do the extra step and it is completely useless.

    Come on! Really? Why is this needed? Do these people even know what a regular expression is? Ugh, just to prove how stupid this is, I altered a common e-mail regular expression to catch all of these I have come in contact lately with. Putting things like (at) in your e-mail is useless. It does nothing. A smart programmer’s SPAM bot can probably still find you. If you don’t want your e-mail address to be used by customers, then don’t even post it on your website. There is no need to alter your e-mail address. It doesn’t protect you.

    The script I wrote in less than two minutes catches most of these and it really is not that complicated at all. I even threw in a few invalid ones to show you that it could easily parse through text with @ symbols and periods easily. I could spend a few more minutes on it and catch almost anything most companies could use that common users would understand.

    If you have a site with addresses like this, please use the following code to go through your company website to find all e-mail addresses and change them to their proper form, or remove them completely.

    BELOW is the script written in perl.

    Code:
    #!/usr/bin/perl
    @emailList =("l3tt3rsAndNumb3rs\@domain.com","has-dash\@domain.com","hasApostrophe.o'leary\@domain.org","uncommonTLD\@domain.museum","uncommonTLD\@domain.travel","uncommonTLD\@domain.mobi","countryCodeTLD\@domain.uk","countryCodeTLD\@domain.rw","lettersInDomain\@911.com","underscore_inLocal\@domain.net","IPInsteadOfDomain\@127.0.0.1","IPAndPort\@127.0.0.1:25","subdomain\@sub.domain.com","local\@dash-inDomain.com","dot.inLocal\@foo.com","a\@singleLetterLocal.org","singleLetterDomain\@x.org","&*=?^+{}'~\@validCharsInLocal.net","missingDomain\@.com","\@missingLocal.org","missingSign.net","missingDot\@com","two\@\@signs.com","colonButNoPort\@127.0.0.1:","someone-else\@127.0.0.1.26",".localStartsWithDot\@domain.com","localEndsWithDot.\@domain.com","two..consecutiveDots\@domain.com","domainStartsWithDash\@-domain.com","domainEndsWithDash\@domain-.com","TLDDoesntExist\@domain.moc","numbersInTLD\@domain.c0m","missingTLD\@domain.","! \"#$%(),/;<>[]`|\@CharsInLocal.org","invalidCharsInDomain\@! \"#$%(),/;<>_[]`|.org","local\@SecondLevelDomainNamesAreInvalidIfTheyAreLongerThan64Charactersss.org","jim (at) yahoo (dot) com","jim{at}gmail.net","jim{at}gmail{dot}net","jim {at} yahoo {dot} net","jim <AT> yahoo <DOT> net", "jim -AT- yahoo -DOT- net","jimatyahoodotnet");
    
    foreach $code (@emailList)
    {
    # if ($code =~ /^([-a-z0-9~!$%^&*_=+}{\'?])+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*(@|at|.at.|\s+at\s+|\s+.at.\s+)([a-z0-9]([-a-z0-9_]?[a-z0-9])*(\.[-a-z0-9_]+)*(\.|dot|.dot.|\s+dot\s+|\s+.dot.\s+)(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z]{2})|([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})((\.|dot|.dot.|\s+dot\s+|\s+.dot.\s+)([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})){3})(:[0-9]{1,5})?$/i)
    if ($code =~ /^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*(@|at|.at.|\s+at\s+|\s+.at.\s+)([a-z0-9]([-a-z0-9_]?[a-z0-9])*(\.[-a-z0-9_]+)*(\.|dot|.dot.|\s+dot\s+|\s+.dot.\s+)(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z]{2})|([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})((\.|dot|.dot.|\s+dot\s+|\s+.dot.\s+)([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})){3})(:[0-9]{1,5})?$/i)
    	{
    	if ($code =~ /^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*(@)([a-z0-9]([-a-z0-9_]?[a-z0-9])*(\.[-a-z0-9_]+)*(\.)(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z]{2})|([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})(\.([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})){3})(:[0-9]{1,5})?$/i)
    		{
    		print "VALID $code \n";
    		}
    	else 
    		{
    		print "VALID $code -- Real e-mail address is: ";
    		$code =~ s/(@|[\W]at[\W]|\s+at\s+|\s+.at.\s+)/@/ig;
    		$code =~ s/(\.|[\W]dot[\W]|\s+dot\s+|\s+.dot.\s+)/\./ig;
    		if ($code =~ /[^@]/){$code =~ s/at/@/;}
    		if ($code =~ /[^\.]/){$code =~ s/dot/\./g;}		
    		print "$code \n";
    		}	
    	}
    else
    	{
    	print "INVALID $code \n ";
    	}
    	
    }
    OUTPUT OF SCRIPT IS BELOW

    Code:
    VALID l3tt3rsAndNumb3rs@domain.com
    VALID has-dash@domain.com
    VALID hasApostrophe.o'leary@domain.org
    VALID uncommonTLD@domain.museum
    VALID uncommonTLD@domain.travel
    VALID uncommonTLD@domain.mobi
    VALID countryCodeTLD@domain.uk
    VALID countryCodeTLD@domain.rw
    VALID lettersInDomain@911.com
    VALID underscore_inLocal@domain.net
    VALID IPInsteadOfDomain@127.0.0.1
    VALID IPAndPort@127.0.0.1:25
    VALID subdomain@sub.domain.com
    VALID local@dash-inDomain.com
    VALID dot.inLocal@foo.com
    VALID a@singleLetterLocal.org
    VALID singleLetterDomain@x.org
    VALID &*=?^+{}'~@validCharsInLocal.net
    INVALID missingDomain@.com
     INVALID @missingLocal.org
     INVALID missingSign.net
     INVALID missingDot@com
     INVALID two@@signs.com
     INVALID colonButNoPort@127.0.0.1:
     INVALID someone-else@127.0.0.1.26
     INVALID .localStartsWithDot@domain.com
     INVALID localEndsWithDot.@domain.com
     INVALID two..consecutiveDots@domain.com
     INVALID domainStartsWithDash@-domain.com
     INVALID domainEndsWithDash@domain-.com
     INVALID TLDDoesntExist@domain.moc
     INVALID numbersInTLD@domain.c0m
     INVALID missingTLD@domain.
     INVALID ! "#0(),/;<>[]`|@CharsInLocal.org
     INVALID invalidCharsInDomain@! "#0(),/;<>_[]`|.org
     VALID local@SecondLevelDomainNamesAreInvalidIfTheyAreLongerThan64Charactersss.o
    rg
    VALID jim (at) yahoo (dot) com -- Real e-mail address is: jim@yahoo.com
    VALID jim{at}gmail.net -- Real e-mail address is: jim@gmail.net
    VALID jim{at}gmail{dot}net -- Real e-mail address is: jim@gmail.net
    VALID jim {at} yahoo {dot} net -- Real e-mail address is: jim@yahoo.net
    VALID jim <AT> yahoo <DOT> net -- Real e-mail address is: jim@yahoo.net
    VALID jim -AT- yahoo -DOT- net -- Real e-mail address is: jim@yahoo.net
    VALID jimatyahoodotnet -- Real e-mail address is: jim@yahoo.net

  • #2
    Re: whoever(at)gmail(dot)com, you are not fooling anyone.

    Originally posted by heisenbug View Post
    Frustrated rant following:

    Ok, I am getting really annoyed with companies and people that write their e-mail addresses in the form whoever(at)gmail(dot)com. I have gone to three business sites this week and I have had to change an e-mail address rather than just copy and paste it into an e-mail client. It is annoying to do the extra step and it is completely useless.

    ...
    Frankly, I'm one of those people who uses variations on [at] and [dot], and plan to continue to do so for the foreseeable future.

    Yes, I know what a regular expression is, and yes, I know that extracting a valid email address from the slightly obfuscated address is fairly trivial. However, the fact of the matter is that when I started doing that, I saw a huge decrease in spam on those addresses verses those addresses which where published using "@" and ".". Most spambots/spiders seem to still focus on the "@" and "."
    Thorn
    "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

    Comment


    • #3
      Re: whoever(at)gmail(dot)com, you are not fooling anyone.

      Originally posted by Thorn View Post
      Frankly, I'm one of those people who uses variations on [at] and [dot], and plan to continue to do so for the foreseeable future.
      Yes, I know what a regular expression is, and yes, I know that extracting a valid email address from the slightly obfuscated address is fairly trivial. However, the fact of the matter is that when I started doing that, I saw a huge decrease in spam on those addresses verses those addresses which where published using "@" and ".". Most spambots/spiders seem to still focus on the "@" and "."
      No worries Thorn. Sorry I was a little frustrated. I ended up just making a plug-in for my browser that changes them before the page is loaded. Now I never have to see them again.

      I still don't like this method though. It's not very user friendly, and I think it's a little false security. It's just a matter of time until code like this makes its way to forums like the Trojan programming forum http://www.opensc.ws/ and hits the web through a botnet. Currently you may seem more protected, but security has a lot to do with projecting future threats.

      Spam bots scrape the source code, so a little JavaScript is less annoying because it displays the whole e-mail address properly, and it also breaks it up to make most common regular expressions break.

      Here, I wrote some example code below that would be much more secure and yet displays the proper e-mail address:

      Code:
      <script type="text/javascript">
      <!--
      var a='jim';
      // Comments to make things harder
      var b='yahoo';
      // Comments to make things harder
      var c='com';
      // Comments to make things harder
      document.write(a + '@' + b + '.' + c);
      // Comments to make things harder
      -->
      </script>
      OUTPUT IS:

      jim@yahoo.com

      Comment


      • #4
        Re: whoever(at)gmail(dot)com, you are not fooling anyone.

        Originally posted by heisenbug View Post

        Code:
        <script type="text/javascript">
        <!--
        var a='jim';
        // Comments to make things harder
        var b='yahoo';
        // Comments to make things harder
        var c='com';
        // Comments to make things harder
        document.write(a + '@' + b + '.' + c);
        // Comments to make things harder
        -->
        </script>
        OUTPUT IS:

        jim@yahoo.com
        Ok, I'm confused as to how this is better than just putting it in plain text? The output page that the client/spider/crawler would be seeing is still in plain text. Yes, they may crawl the source code, but they also crawl the resultant page as well.
        A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

        Comment


        • #5
          Re: whoever(at)gmail(dot)com, you are not fooling anyone.

          Originally posted by streaker69 View Post
          Ok, I'm confused as to how this is better than just putting it in plain text? The output page that the client/spider/crawler would be seeing is still in plain text. Yes, they may crawl the source code, but they also crawl the resultant page as well.
          This is a common misconception that scripts like spiders and crawlers see what a browser sees. If the script was coded in php it would be a sever side script and I would agree with you, but JavaScript is client side scripting. A user is not sent the clear e-mail address in this sense.

          You see a browser has an internal JavaScript compiler and interpreter. In order for the spider to scrape the output of JavaScript it would need to either use a library that included a JavaScript interpreter, include a third party compiler, or the programmer would need to develop a pseudo-compiler.

          While these are all things that can be done, they take much more code than my 24 line foreach statement above. Most programmers don't even bother interpreting the HTML much less the JavaScript. If a programmer takes the time to parse JavaScript for e-mail addresses, you can be almost certain that he had already created a decent regular expression for the common text.

          To make it even more difficult to a programmer you could create a jpeg image of the e-mail address and display that. Even then, there are things that can be done using OCR.
          Last edited by heisenbug; December 31, 2009, 10:51.

          Comment


          • #6
            Re: whoever(at)gmail(dot)com, you are not fooling anyone.

            Originally posted by heisenbug View Post
            No worries Thorn. Sorry I was a little frustrated. I ended up just making a plug-in for my browser that changes them before the page is loaded. Now I never have to see them again.

            I still don't like this method though. It's not very user friendly, and I think it's a little false security. It's just a matter of time until code like this makes its way to forums like the Trojan programming forum http://www.opensc.ws/ and hits the web through a botnet. Currently you may seem more protected, but security has a lot to do with projecting future threats.

            Spam bots scrape the source code, so a little JavaScript is less annoying because it displays the whole e-mail address properly, and it also breaks it up to make most common regular expressions break.

            Here, I wrote some example code below that would be much more secure and yet displays the proper e-mail address:

            Code:
            <script type="text/javascript">
            <!--
            var a='jim';
            // Comments to make things harder
            var b='yahoo';
            // Comments to make things harder
            var c='com';
            // Comments to make things harder
            document.write(a + '@' + b + '.' + c);
            // Comments to make things harder
            -->
            </script>
            OUTPUT IS:

            jim@yahoo.com
            Understood, and I agree that it may be false security in the very near future, but the fact is that for the moment, it's a quick'n'dirty (R) workaround.

            Similar scripts have popped up before (I think Israel Torres has a couple), and I like the idea. I wouldn't mind using such a thing at all.
            Thorn
            "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

            Comment


            • #7
              Re: whoever(at)gmail(dot)com, you are not fooling anyone.

              heh, i take things a little bit further on the home page of deviating.net when it comes to email obfuscation.

              in fact, in my case i am actually happy that it sort of seems to act as both a spam-bot-blocker as well as a stupid-person-blocker. since people have to take an extra step or two, perhaps it filters out the compete ar-tards by raising the bar just enough. since i don't see the messages from people who are too incompetent to email me, i don't have any hard data to back up whether it works or not... but i surely don't see any more emails nowadays from...

              1. people who can't put a sentence together
              2. people who ask questions that are clearly answered somewhere else on my site
              3. people who ask things like "so, wait, what lock should i use on my carry-on bag so the TSA can't confiscate my six-shooter when i'm boarding the plane??!?1!"
              "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
              - Trent Reznor

              Comment


              • #8
                Re: whoever(at)gmail(dot)com, you are not fooling anyone.

                Originally posted by Deviant Ollam View Post
                ...3. people who ask things like "so, wait, what lock should i use on my carry-on bag so the TSA can't confiscate my six-shooter when i'm boarding the plane??!?1!"
                Really? Is this an actual example of someone's question?
                "You have cubed asscheeks?"... "Do you not?"

                Comment


                • #9
                  Re: whoever(at)gmail(dot)com, you are not fooling anyone.

                  Originally posted by sintax_error View Post
                  Really? Is this an actual example of someone's question?
                  it comes close to some of the things i've been asked before... you can't shake a clue into some people's heads, sadly. and some people just will not allow themselves to take the time to actually listen to what someone is trying to convey before (a) coming up with their own notion of what is being discussed, then (b) drawing all the wrong conclusions without any of the facts, and then (c) asking questions that in their mind -- which went off down the wrong path 5 miles back -- seem totally logical, but which make everyone else in the room -- who was paying attention -- just sigh and roll their eyes.
                  "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
                  - Trent Reznor

                  Comment


                  • #10
                    Re: whoever(at)gmail(dot)com, you are not fooling anyone.

                    Originally posted by Deviant Ollam View Post
                    heh, i take things a little bit further on the home page of deviating.net when it comes to email obfuscation.

                    Deviant,

                    Very smart using ISO 8859-1 Characters and symbols. I hadn't seen that before. I modified the regular expression I wrote to catch these, and to catch possibilities of the symbols and ASCII letters and numbers being written in HTML Entity Code.

                    While I am excited to be able to catch these, I do feel a little weary about posting it because I fear that this may not have been done by a spam bot before and someone may copy this.

                    Below is the regular expression.


                    Code:
                    /^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*(@|&#64;|[\s]?[\W]?[\s]?[A|&#192;|&#97;|&Agrave;|&#193;|&Aacute;|&#194;|&Acirc;|&#195;|&Atilde;|&aring;|&#196;|&Auml;|&#197;|&Aring;|&#65;|&#64|@[\s]?[\W]?[\s]?[T|&#84;|&#116;]][\s]?[\W]?[\s]?)([a-z0-9]([-a-z0-9_]?[a-z0-9])*(\.[-a-z0-9_]+)*(&#46;|.|[[\s]?[\W]?[\s]?[D|&#100;|&#68;][\s]?[\W]?[\s]?[O|0|&#111;|&#48;|&#79;|&ouml;|&#186;|&ordm;|&deg;|&#176;|&#210;|&Ograve;|&#211;|&Oacute;|&#212;|&Ocirc;|&#213;|&Otilde;|&#214;|&Ouml;|&#216;|&Oslash;|&#240;|&eth;|&#242;|&ograve;|&#243;|&oacute;|&#244;|&ocirc;|&#245;|&otilde;|&#246;|&ouml;|&#248;|&oslash;][\s]?[\W]?[\s]?[T|&#84;|&#116;][\s]?[\W]?[\s]?])(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z]{2})|([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})((&#46;|.|[[\s]?[\W]?[\s]?[D|&#100;|&#68;][\s]?[\W]?[\s]?[O|0|&#111;|&#48;|&#79;|&ouml;|&#186;|&ordm;|&deg;|&#176;|&#210;|&Ograve;|&#211;|&Oacute;|&#212;|&Ocirc;|&#213;|&Otilde;|&#214;|&Ouml;|&#216;|&Oslash;|&#240;|&eth;|&#242;|&ograve;|&#243;|&oacute;|&#244;|&ocirc;|&#245;|&otilde;|&#246;|&ouml;|&#248;|&oslash;][\s]?[\W]?[\s]?[T|&#84;|&#116;][\s]?[\W]?[\s]?])([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})){3})(:[0-9]{1,5})?$/i
                    NOTE: Your browser or the forum may convert some code to symbols. Example, if I wrote
                    &#192 with a semicolon after it and the browser will show À

                    Comment


                    • #11
                      Re: whoever(at)gmail(dot)com, you are not fooling anyone.

                      Originally posted by heisenbug View Post
                      I do feel a little weary about posting it because I fear that this may not have been done by a spam bot before and someone may copy this.
                      ah, don't be concerned... it's always a game of upping the ante. frankly, i'm sure that my main address there has wound up on plenty of spam lists already. in truth, the best spam solution i ever really achieved is forwarding everything to gmail, which then forwards back to me at deviating.net. i let their cloud do all the spam filtering (which in my experience works better than any other product i've come across, including CloudMark which was hailed as the best thing ever)

                      i use GPG for all of my personal communication, hence i'm not super concerned about Google having messages for me on their servers, and judging from what numbers i can see (since i can observe in my own mail server's logs how many messages each day hit my public address, then how many hit my private address moments later after Google's had them) i receive about 90% spam at that address... over 300 junk messages per day. thanks to the gmail hop, i see an actual junk message hit my inbox maybe once per month, and sometimes not even that often.

                      so yeah, the way it appears on my home page is really just to keep out moronic humans, as opposed to moronic offers of sexy new watches.
                      "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
                      - Trent Reznor

                      Comment

                      Working...
                      X