Support

Admin Tools

#30621 obfuscating email

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 30 November 2018 07:36 CST

Friday, 30 November 2018 03:29 CST

jjst135
Hi!

We do not use obfuscating email on websites of our clients. We did before (with javascript), but that sometimes caused more issues then it was useful in my opinion.

The main object of obfuscating email is to prevent 'spam spiders' from harvesting e-mail addresses. But does Admin Tools not block those kind of spiders / browsers they use? So if we have set up Admin Tools to bock the (default) list of browsers/software, would that also not protect against these e-mail collecting spiders?

Kind regards,
Jip

Friday, 30 November 2018 04:49 CST

nicholas
Nobody is using email obfuscation because it was found to be ineffective. Using OCR to read emails off images and Selenium allowing you to script a browser as though it was operated by a human there's no effective method of obfuscating email addresses that's anywhere close to being halfway effective against spammers. While you can block most spammers from your site using any number of tools and methods you won't stop them all. Even if you could, your email address would end up in your clients' address books. The same clients who happily upload their address books to any odd service asking them to. The same clients who click on dubious links and have their address books siphoned out to God knows where. The same clients who use cheap (and some not so cheap...) Android phones with spyware preinstalled at the factory.

You just have to live with the fact that your email address will eventually end up in a spammer's list. All you can do is have a good spam filter on your email server and client. Anything else is largely a fantasy.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 30 November 2018 05:03 CST

jjst135
Thanks for your reply Nicholas.

I was not worried about our own email address being 'picked up' by spammers. They already know that one ;-) I was probably looking for an answer I can give my clients (who's website I have build) that ask me to 'obscurify' their contact or other mail addresses on the website.

But your answer probably does give me a good direction...

Techniques like Javascript or typing myname[at]domain.com will probably not stop e-mail harvesters (anymore). We could let users first 'solve' a captcha before showing email addresses. Or only use a contact form. But when clients decide to publish their email addresses on their site it's more of a choice to just put them out their I guess.

A good spamfilter is of course a far better way to fight spam. And I agree there are lot's of other ways email addresses will be made public in ways you describe.

About Admin Tools: The filter to block specific agents in Admin Tools does not filter these kind of harvesters / psiders at all? Or maybe some?



Friday, 30 November 2018 07:36 CST

nicholas
Using a contact form is your best bet but that, too, doesn't mean that the associated email address will never receive spam. It will just stall it a little more.

Regarding your question, Admin Tools will block the user agents listed. Nothing prevents a spam bot from impersonating a legitimate user agent to work past this restriction. It is quite trivial, really.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!