Summary: Email obfuscation
Version: 7 April 2005
Prerequisites:
Status:
Maintainer:
Goal
eProtect is an email obfuscation add-on for PmWiki. It intercepts pages before they are saved, and rewrites email addresses in a protected format.
Solution
With the eProtect script [[mailto:username@domain.net]] is automatically replaced with [[hidden-email:hfre@qbznva.arg]] when you save the page you are currently editing. The actual version of this script supports also alternative linktext e.g. [[mailto:username@domain.net | Nice guy]] is then replaced with [[hidden-email:hfre@qbznva.arg | Nice guy]].
Upon viewing the page, this [[hidden-email:]] directive is interpreted by eProtect, and then translated into a small javascript which is programmed to decode the protected address. If you gave an alternative linktext then this linktext is displayed.
Viewing the source code of the page will not reveal the true email address, nor will clicking on the "Edit Page" link.
But beware: Do not use the email-address as alternative text as this would render this script useless.
About Email Obfuscation
Email obfuscation is simple method of obscuring an email address so email harvesters cannot easily extract that information from your website. Email obfuscation is not encryption, so it's not terribly difficult for someone to write a de-obfuscation script, however, my preliminary research indicated that none of the top email harvesters currently on the market have any such features. BTW: The encoding is ROT13.
Download
Installation
- Copy e-protect.php to your
cookbook/ folder.
- Add this line to your config.php file:
include_once('cookbook/e-protect.php');
- That's it! You're now protected and every
[[mailto: statement is automatically converted.
Comments
The recipe as it is excludes blind people from using PmWiki. Of course, if a screen reader program as used by the blind can read the mail address, then so can a mail harvesting robot.
One possible way out that I see is adding a link that leads to a "contact" page that will accept a subject line and a text (the mail address would be implicit - else we'd be offering a mail gateway to arbitrary people).
The implicit assumption here is that a spammer isn't interested in an HTML page that allows him to send a mail to just a single address.
Joachim Durchholz March 25, 2005, at 12:01 PM
There's one rather real problem with this recipe: it uses JavaScript. That's bad, because many people (including myself) have switched it off due to its annoyance factor and its security implications. Unfortunately, switching scripting on and off on a per-site basis isn't implemented in Mozilla yet, so I'm loath to switching JS on even for a wiki that I trust - I have too often forgotten to switch it off when moving to other sites to be comfortable with JS even on an occasional basis.
Requiring mail harvesters to execute JS isn't a real obstacle as well. They are known to use OCR with neural nets to get past "use a pass phrase on a GIF that's further distorted and blurred" barriers, which takes far more CPU cycles than executing a few measly scripts.
This leaves me with the impression that we can do some obfuscation to force harvesters into at least some effort, and wait until Internet mail is turned into something that requires authenticated senders...
Joachim Durchholz March 25, 2005, at 12:01 PM
Resources
I did a lot of research on spam, anti-spam, obfuscation, and email harvesters. I found quite a few sites and various methods and approaches. Here are just a few of the (better) sites that I visited.
- http://www.private.org.il/harvest.html "How Do Spammers Harvest Email Addresses?"
A very informative arcticle all-around, especially for people who are new to the Internet and don't have a clue. (http://www.private.org.il/harvest.html)
- http://www.spamhaus.org/news.lasso?article=9 "The Spam Definition and Legalization Game"
An interesting article about spam and law makers (USA). (http://www.spamhaus.org/news.lasso?article=9)
- http://ez2ba.com/html/help/guides/get-rid-of-spam.html "How To Get Rid Of Spam"
A decent page with a lot of suggestions to reduce spam that you probably wouldn't have thought of. (http://ez2ba.com/html/help/guides/get-rid-of-spam.html)
- http://www.spamblogging.com/archives/000081.html "Proof Of Concept To Throw Off The Bots"
A very "geek speak" method. It would probably work too, if only I could understand what this guy was talking about. Still good reading if you are really bored one day!
http://www.spamblogging.com/archives/000081.html
- Some on-line email obfuscators (cut and paste to your html pages).
Contributors
- Steve Leite (see PmWiki 1.x Cookbook)
- Karl Loncarek Klonk
See Also
History
-
- 07-Apr-2005 Replaced
str_rot13 with strtr with proper parameters. This fixes the issues with @ and with str_rot13 not being available in early versions of PHP. JoachimDurchholz
- 07-Apr-2005 Changed install directory from
local/ to cookbook/ JoachimDurchholz
- 18-Nov-2004 Conversion and extension for use with PmWiki 2.x Klonk
- 07-Jan-2005 Found a problem in decoding the email addresses when SideBar and main text contains emails to decode. Moved script to page header. Klonk
- 29-Jan-2005 Reformatted html links in Resources to prevent ez2ba.com from redirecting to homepage due to trailing space (%20) after URL when page title included in double-brackets. Kevin
- 15-Feb-2005 Added support for
[[text -> mailto:target]] markup Klonk
- 18-Feb-2005 Fixed bug (missing commenting of Javascript); now produced code is valid XHTML Klonk
- 18-11-2004 I almost have rewritten it completely to get it working with PmWiki2. The text of this page is also almost copied from PmWiki 1.x. I just added some stuff to point out the changes I added to the script. Comments are welcome... Now I can move my homepage to PmWiki2 ;-) Klonk
- 11-05-2004 This script was originally written by Steve Leite for PmWiki 1.x.
