Announcement

Collapse
No announcement yet.

whoever(at)gmail(dot)com, you are not fooling anyone.

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Deviant Ollam
    replied
    Re: whoever(at)gmail(dot)com, you are not fooling anyone.

    Originally posted by heisenbug View Post
    I do feel a little weary about posting it because I fear that this may not have been done by a spam bot before and someone may copy this.
    ah, don't be concerned... it's always a game of upping the ante. frankly, i'm sure that my main address there has wound up on plenty of spam lists already. in truth, the best spam solution i ever really achieved is forwarding everything to gmail, which then forwards back to me at deviating.net. i let their cloud do all the spam filtering (which in my experience works better than any other product i've come across, including CloudMark which was hailed as the best thing ever)

    i use GPG for all of my personal communication, hence i'm not super concerned about Google having messages for me on their servers, and judging from what numbers i can see (since i can observe in my own mail server's logs how many messages each day hit my public address, then how many hit my private address moments later after Google's had them) i receive about 90% spam at that address... over 300 junk messages per day. thanks to the gmail hop, i see an actual junk message hit my inbox maybe once per month, and sometimes not even that often.

    so yeah, the way it appears on my home page is really just to keep out moronic humans, as opposed to moronic offers of sexy new watches.

    Leave a comment:

  • heisenbug
    replied
    Re: whoever(at)gmail(dot)com, you are not fooling anyone.

    Originally posted by Deviant Ollam View Post
    heh, i take things a little bit further on the home page of deviating.net when it comes to email obfuscation.

    Deviant,

    Very smart using ISO 8859-1 Characters and symbols. I hadn't seen that before. I modified the regular expression I wrote to catch these, and to catch possibilities of the symbols and ASCII letters and numbers being written in HTML Entity Code.

    While I am excited to be able to catch these, I do feel a little weary about posting it because I fear that this may not have been done by a spam bot before and someone may copy this.

    Below is the regular expression.


    Code:
    /^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*(@|@|[\s]?[\W]?[\s]?[A|À|a|À|Á|Á|Â|Â|Ã|Ã|å|Ä|Ä|Å|Å|A|&#64|@[\s]?[\W]?[\s]?[T|T|t]][\s]?[\W]?[\s]?)([a-z0-9]([-a-z0-9_]?[a-z0-9])*(\.[-a-z0-9_]+)*(.|.|[[\s]?[\W]?[\s]?[D|d|D][\s]?[\W]?[\s]?[O|0|o|0|O|ö|º|º|°|°|Ò|Ò|Ó|Ó|Ô|Ô|Õ|Õ|Ö|Ö|Ø|Ø|ð|ð|ò|ò|ó|ó|ô|ô|õ|õ|ö|ö|ø|ø][\s]?[\W]?[\s]?[T|T|t][\s]?[\W]?[\s]?])(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z]{2})|([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})((.|.|[[\s]?[\W]?[\s]?[D|d|D][\s]?[\W]?[\s]?[O|0|o|0|O|ö|º|º|°|°|Ò|Ò|Ó|Ó|Ô|Ô|Õ|Õ|Ö|Ö|Ø|Ø|ð|ð|ò|ò|ó|ó|ô|ô|õ|õ|ö|ö|ø|ø][\s]?[\W]?[\s]?[T|T|t][\s]?[\W]?[\s]?])([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})){3})(:[0-9]{1,5})?$/i
    NOTE: Your browser or the forum may convert some code to symbols. Example, if I wrote
    &#192 with a semicolon after it and the browser will show À

    Leave a comment:

  • Deviant Ollam
    replied
    Re: whoever(at)gmail(dot)com, you are not fooling anyone.

    Originally posted by sintax_error View Post
    Really? Is this an actual example of someone's question?
    it comes close to some of the things i've been asked before... you can't shake a clue into some people's heads, sadly. and some people just will not allow themselves to take the time to actually listen to what someone is trying to convey before (a) coming up with their own notion of what is being discussed, then (b) drawing all the wrong conclusions without any of the facts, and then (c) asking questions that in their mind -- which went off down the wrong path 5 miles back -- seem totally logical, but which make everyone else in the room -- who was paying attention -- just sigh and roll their eyes.

    Leave a comment:

  • sintax_error
    replied
    Re: whoever(at)gmail(dot)com, you are not fooling anyone.

    Originally posted by Deviant Ollam View Post
    ...3. people who ask things like "so, wait, what lock should i use on my carry-on bag so the TSA can't confiscate my six-shooter when i'm boarding the plane??!?1!"
    Really? Is this an actual example of someone's question?

    Leave a comment:

  • Deviant Ollam
    replied
    Re: whoever(at)gmail(dot)com, you are not fooling anyone.

    heh, i take things a little bit further on the home page of deviating.net when it comes to email obfuscation.

    in fact, in my case i am actually happy that it sort of seems to act as both a spam-bot-blocker as well as a stupid-person-blocker. since people have to take an extra step or two, perhaps it filters out the compete ar-tards by raising the bar just enough. since i don't see the messages from people who are too incompetent to email me, i don't have any hard data to back up whether it works or not... but i surely don't see any more emails nowadays from...

    1. people who can't put a sentence together
    2. people who ask questions that are clearly answered somewhere else on my site
    3. people who ask things like "so, wait, what lock should i use on my carry-on bag so the TSA can't confiscate my six-shooter when i'm boarding the plane??!?1!"

    Leave a comment:

  • Thorn
    replied
    Re: whoever(at)gmail(dot)com, you are not fooling anyone.

    Originally posted by heisenbug View Post
    No worries Thorn. Sorry I was a little frustrated. I ended up just making a plug-in for my browser that changes them before the page is loaded. Now I never have to see them again.

    I still don't like this method though. It's not very user friendly, and I think it's a little false security. It's just a matter of time until code like this makes its way to forums like the Trojan programming forum http://www.opensc.ws/ and hits the web through a botnet. Currently you may seem more protected, but security has a lot to do with projecting future threats.

    Spam bots scrape the source code, so a little JavaScript is less annoying because it displays the whole e-mail address properly, and it also breaks it up to make most common regular expressions break.

    Here, I wrote some example code below that would be much more secure and yet displays the proper e-mail address:

    Code:
    <script type="text/javascript">
<!--
var a='jim';
// Comments to make things harder
var b='yahoo';
// Comments to make things harder
var c='com';
// Comments to make things harder
document.write(a + '@' + b + '.' + c);
// Comments to make things harder
-->
</script>
    OUTPUT IS:

    jim@yahoo.com
    Understood, and I agree that it may be false security in the very near future, but the fact is that for the moment, it's a quick'n'dirty (R) workaround.

    Similar scripts have popped up before (I think Israel Torres has a couple), and I like the idea. I wouldn't mind using such a thing at all.

    Leave a comment:

  • heisenbug
    replied
    Re: whoever(at)gmail(dot)com, you are not fooling anyone.

    Originally posted by streaker69 View Post
    Ok, I'm confused as to how this is better than just putting it in plain text? The output page that the client/spider/crawler would be seeing is still in plain text. Yes, they may crawl the source code, but they also crawl the resultant page as well.
    This is a common misconception that scripts like spiders and crawlers see what a browser sees. If the script was coded in php it would be a sever side script and I would agree with you, but JavaScript is client side scripting. A user is not sent the clear e-mail address in this sense.

    You see a browser has an internal JavaScript compiler and interpreter. In order for the spider to scrape the output of JavaScript it would need to either use a library that included a JavaScript interpreter, include a third party compiler, or the programmer would need to develop a pseudo-compiler.

    While these are all things that can be done, they take much more code than my 24 line foreach statement above. Most programmers don't even bother interpreting the HTML much less the JavaScript. If a programmer takes the time to parse JavaScript for e-mail addresses, you can be almost certain that he had already created a decent regular expression for the common text.

    To make it even more difficult to a programmer you could create a jpeg image of the e-mail address and display that. Even then, there are things that can be done using OCR.
    Last edited by heisenbug; December 31, 2009, 09:51.

    Leave a comment:

  • streaker69
    replied
    Re: whoever(at)gmail(dot)com, you are not fooling anyone.

    Originally posted by heisenbug View Post

    Code:
    <script type="text/javascript">
<!--
var a='jim';
// Comments to make things harder
var b='yahoo';
// Comments to make things harder
var c='com';
// Comments to make things harder
document.write(a + '@' + b + '.' + c);
// Comments to make things harder
-->
</script>
    OUTPUT IS:

    jim@yahoo.com
    Ok, I'm confused as to how this is better than just putting it in plain text? The output page that the client/spider/crawler would be seeing is still in plain text. Yes, they may crawl the source code, but they also crawl the resultant page as well.

    Leave a comment:

  • heisenbug
    replied
    Re: whoever(at)gmail(dot)com, you are not fooling anyone.

    Originally posted by Thorn View Post
    Frankly, I'm one of those people who uses variations on [at] and [dot], and plan to continue to do so for the foreseeable future.
    Yes, I know what a regular expression is, and yes, I know that extracting a valid email address from the slightly obfuscated address is fairly trivial. However, the fact of the matter is that when I started doing that, I saw a huge decrease in spam on those addresses verses those addresses which where published using "@" and ".". Most spambots/spiders seem to still focus on the "@" and "."
    No worries Thorn. Sorry I was a little frustrated. I ended up just making a plug-in for my browser that changes them before the page is loaded. Now I never have to see them again.

    I still don't like this method though. It's not very user friendly, and I think it's a little false security. It's just a matter of time until code like this makes its way to forums like the Trojan programming forum http://www.opensc.ws/ and hits the web through a botnet. Currently you may seem more protected, but security has a lot to do with projecting future threats.

    Spam bots scrape the source code, so a little JavaScript is less annoying because it displays the whole e-mail address properly, and it also breaks it up to make most common regular expressions break.

    Here, I wrote some example code below that would be much more secure and yet displays the proper e-mail address:

    Code:
    <script type="text/javascript">
<!--
var a='jim';
// Comments to make things harder
var b='yahoo';
// Comments to make things harder
var c='com';
// Comments to make things harder
document.write(a + '@' + b + '.' + c);
// Comments to make things harder
-->
</script>
    OUTPUT IS:

    jim@yahoo.com

    Leave a comment:

  • Thorn
    replied
    Re: whoever(at)gmail(dot)com, you are not fooling anyone.

    Originally posted by heisenbug View Post
    Frustrated rant following:

    Ok, I am getting really annoyed with companies and people that write their e-mail addresses in the form whoever(at)gmail(dot)com. I have gone to three business sites this week and I have had to change an e-mail address rather than just copy and paste it into an e-mail client. It is annoying to do the extra step and it is completely useless.

    ...
    Frankly, I'm one of those people who uses variations on [at] and [dot], and plan to continue to do so for the foreseeable future.

    Yes, I know what a regular expression is, and yes, I know that extracting a valid email address from the slightly obfuscated address is fairly trivial. However, the fact of the matter is that when I started doing that, I saw a huge decrease in spam on those addresses verses those addresses which where published using "@" and ".". Most spambots/spiders seem to still focus on the "@" and "."

    Leave a comment:

  • heisenbug
    started a topic whoever(at)gmail(dot)com, you are not fooling anyone.

    whoever(at)gmail(dot)com, you are not fooling anyone.

    Frustrated rant following:

    Ok, I am getting really annoyed with companies and people that write their e-mail addresses in the form whoever(at)gmail(dot)com. I have gone to three business sites this week and I have had to change an e-mail address rather than just copy and paste it into an e-mail client. It is annoying to do the extra step and it is completely useless.

    Come on! Really? Why is this needed? Do these people even know what a regular expression is? Ugh, just to prove how stupid this is, I altered a common e-mail regular expression to catch all of these I have come in contact lately with. Putting things like (at) in your e-mail is useless. It does nothing. A smart programmer’s SPAM bot can probably still find you. If you don’t want your e-mail address to be used by customers, then don’t even post it on your website. There is no need to alter your e-mail address. It doesn’t protect you.

    The script I wrote in less than two minutes catches most of these and it really is not that complicated at all. I even threw in a few invalid ones to show you that it could easily parse through text with @ symbols and periods easily. I could spend a few more minutes on it and catch almost anything most companies could use that common users would understand.

    If you have a site with addresses like this, please use the following code to go through your company website to find all e-mail addresses and change them to their proper form, or remove them completely.

    BELOW is the script written in perl.

    Code:
    #!/usr/bin/perl
@emailList =("l3tt3rsAndNumb3rs\@domain.com","has-dash\@domain.com","hasApostrophe.o'leary\@domain.org","uncommonTLD\@domain.museum","uncommonTLD\@domain.travel","uncommonTLD\@domain.mobi","countryCodeTLD\@domain.uk","countryCodeTLD\@domain.rw","lettersInDomain\@911.com","underscore_inLocal\@domain.net","IPInsteadOfDomain\@127.0.0.1","IPAndPort\@127.0.0.1:25","subdomain\@sub.domain.com","local\@dash-inDomain.com","dot.inLocal\@foo.com","a\@singleLetterLocal.org","singleLetterDomain\@x.org","&*=?^+{}'~\@validCharsInLocal.net","missingDomain\@.com","\@missingLocal.org","missingSign.net","missingDot\@com","two\@\@signs.com","colonButNoPort\@127.0.0.1:","someone-else\@127.0.0.1.26",".localStartsWithDot\@domain.com","localEndsWithDot.\@domain.com","two..consecutiveDots\@domain.com","domainStartsWithDash\@-domain.com","domainEndsWithDash\@domain-.com","TLDDoesntExist\@domain.moc","numbersInTLD\@domain.c0m","missingTLD\@domain.","! \"#$%(),/;<>[]`|\@CharsInLocal.org","invalidCharsInDomain\@! \"#$%(),/;<>_[]`|.org","local\@SecondLevelDomainNamesAreInvalidIfTheyAreLongerThan64Charactersss.org","jim (at) yahoo (dot) com","jim{at}gmail.net","jim{at}gmail{dot}net","jim {at} yahoo {dot} net","jim <AT> yahoo <DOT> net", "jim -AT- yahoo -DOT- net","jimatyahoodotnet");

foreach $code (@emailList)
{
# if ($code =~ /^([-a-z0-9~!$%^&*_=+}{\'?])+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*(@|at|.at.|\s+at\s+|\s+.at.\s+)([a-z0-9]([-a-z0-9_]?[a-z0-9])*(\.[-a-z0-9_]+)*(\.|dot|.dot.|\s+dot\s+|\s+.dot.\s+)(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z]{2})|([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})((\.|dot|.dot.|\s+dot\s+|\s+.dot.\s+)([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})){3})(:[0-9]{1,5})?$/i)
if ($code =~ /^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*(@|at|.at.|\s+at\s+|\s+.at.\s+)([a-z0-9]([-a-z0-9_]?[a-z0-9])*(\.[-a-z0-9_]+)*(\.|dot|.dot.|\s+dot\s+|\s+.dot.\s+)(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z]{2})|([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})((\.|dot|.dot.|\s+dot\s+|\s+.dot.\s+)([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})){3})(:[0-9]{1,5})?$/i)
	{
	if ($code =~ /^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*(@)([a-z0-9]([-a-z0-9_]?[a-z0-9])*(\.[-a-z0-9_]+)*(\.)(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z]{2})|([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})(\.([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})){3})(:[0-9]{1,5})?$/i)
		{
		print "VALID $code \n";
		}
	else 
		{
		print "VALID $code -- Real e-mail address is: ";
		$code =~ s/(@|[\W]at[\W]|\s+at\s+|\s+.at.\s+)/@/ig;
		$code =~ s/(\.|[\W]dot[\W]|\s+dot\s+|\s+.dot.\s+)/\./ig;
		if ($code =~ /[^@]/){$code =~ s/at/@/;}
		if ($code =~ /[^\.]/){$code =~ s/dot/\./g;}		
		print "$code \n";
		}	
	}
else
	{
	print "INVALID $code \n ";
	}
	
}
    OUTPUT OF SCRIPT IS BELOW

    Code:
    VALID l3tt3rsAndNumb3rs@domain.com
VALID has-dash@domain.com
VALID hasApostrophe.o'leary@domain.org
VALID uncommonTLD@domain.museum
VALID uncommonTLD@domain.travel
VALID uncommonTLD@domain.mobi
VALID countryCodeTLD@domain.uk
VALID countryCodeTLD@domain.rw
VALID lettersInDomain@911.com
VALID underscore_inLocal@domain.net
VALID IPInsteadOfDomain@127.0.0.1
VALID IPAndPort@127.0.0.1:25
VALID subdomain@sub.domain.com
VALID local@dash-inDomain.com
VALID dot.inLocal@foo.com
VALID a@singleLetterLocal.org
VALID singleLetterDomain@x.org
VALID &*=?^+{}'~@validCharsInLocal.net
INVALID missingDomain@.com
 INVALID @missingLocal.org
 INVALID missingSign.net
 INVALID missingDot@com
 INVALID two@@signs.com
 INVALID colonButNoPort@127.0.0.1:
 INVALID someone-else@127.0.0.1.26
 INVALID .localStartsWithDot@domain.com
 INVALID localEndsWithDot.@domain.com
 INVALID two..consecutiveDots@domain.com
 INVALID domainStartsWithDash@-domain.com
 INVALID domainEndsWithDash@domain-.com
 INVALID TLDDoesntExist@domain.moc
 INVALID numbersInTLD@domain.c0m
 INVALID missingTLD@domain.
 INVALID ! "#0(),/;<>[]`|@CharsInLocal.org
 INVALID invalidCharsInDomain@! "#0(),/;<>_[]`|.org
 VALID local@SecondLevelDomainNamesAreInvalidIfTheyAreLongerThan64Charactersss.o
rg
VALID jim (at) yahoo (dot) com -- Real e-mail address is: jim@yahoo.com
VALID jim{at}gmail.net -- Real e-mail address is: jim@gmail.net
VALID jim{at}gmail{dot}net -- Real e-mail address is: jim@gmail.net
VALID jim {at} yahoo {dot} net -- Real e-mail address is: jim@yahoo.net
VALID jim <AT> yahoo <DOT> net -- Real e-mail address is: jim@yahoo.net
VALID jim -AT- yahoo -DOT- net -- Real e-mail address is: jim@yahoo.net
VALID jimatyahoodotnet -- Real e-mail address is: jim@yahoo.net
    Tags: None
Previous template Next
Working...
X