Re: [cobalt-users] Getting Mail Bombed!

["Steve Werby" <steve-lists@xxxxxxxxxxxx>]

"David Lucas" <david@xxxxxxxxxxxxxxxx> wrote:
> One of the real problems here is that the worm is finding email addresses
> on our web sites.  You know, a customer comes to our web site and looks
> around.  You have an email on one of those pages.

It's probably not a good idea to put your email addresses on the web in the
proper format.  Spammers are constantly using programs to harvest email
addresses from websites and as you've found out, once the email addresses
end up on someone's pc they can be exploited there as well.  In most cases I
now either don't list email addresses on sites I build and do one of the
following:

1. Implement contact forms which do not reveal the destination email
address, instead handling entirely from a PHP (or occasionally Perl) script.
2. Obfuscate the email address using an obfuscation method the harvesters
aren't checking for yet.

FYI, here's the obfuscation scheme I use.  It's my own concotion though
there may be others using it as well and feel free to do so yourself.

steve at(@) befriend dot(.) com

It's different enough from most standard email obfuscation schemes that I
don't think the harvesting programs have a rule to notice it yet.  David, I
know this won't help you short-term, but IMO it's a good idea long-term.  On
my company site I use it in my code gallery and use a PHP form on the
contact form which pretty much results in all my spam coming to the email
address associated with my record in the domain name registry.  For boring
examples see:

http://www.befriend.com/contact.html
http://www.befriend.com/code_gallery/php/

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/