Awhile ago, Silvan Mühlemann conducted a 1.5 year experiment whereby different approaches to email obfuscation were tested for effectiveness. Nine different methods were implemented, with each test account receiving anywhere from 1800 to zero spam emails. Here is an excerpt from the article:
When displaying an e-mail address on a website you obviously want to obfuscate it to avoid it getting harvested by spammers. But which obfuscation method is the best one? I drove a test to find out.
After reading through the article and its many findings, here are what seem to be the best methods for obfuscating email addresses displayed publicly on web pages..
Several months after the release of the Arabic and Spanish versions of Contact Coldform, I am pleased to announce the release of a French translation of the plugin. The new French translation is graciously provided by Tony Tohme, who is also helping with the upcoming Russian translation of the Coldform. Thank you, Tony! :)
To download the French version of Contact Coldform, check out the plugin’s home page, where you will find additional information, future updates, and much more.
Great news! Contact Coldform is now available in Spanish (Spain). Special thanks to Fernando Tellado of Ayuda Wordpress for his superb Spanish translation of the Coldform. Fernando has articulately translated both the administration panel and all of the (X)HTML/text output as well. Contact Coldform is now the perfect solution for Spanish users of WordPress who desire a super-clean, standards-based contact form. Thanks Fernando! :)
This unfeatured post provides information for (re)establishing wireless Internet access from AT&T/Cingular Data Service (via WAP or MEdia Net) for the HTC/AT&T 8525 mobile device. Or something. This information is useful if you are unable to connect to the Internet and receiving error messages similar to the following:
Error: Your Internet connection is not configured properly. Please verify your settings in Data Connections.
Note: Use of the following settings enables the AT&T 8525 to access MEdia Net (WAP) pages using the MEdia Net connection profile. Additional features such as Wi-Fi and device based e-mail along with other 3rd party applications may not be compatible with the proxy settings associated with the MEdia Net profile. If there are connection issues with e-mail and/or Wi-Fi, configure and use the My ISP profile to resolve connectivity issues. Please note that, configuring the AT&T 8525 to use My ISP will disable MEdia Net (WAP) web pages when My ISP is used for connectivity. However, regular Internet (HTML) web page browsing will function as normal.
In the current version of my custom contact-form WordPress plugin, Contact Coldform, there is no built-in method of sending emails to multiple addresses. The thought of adding such functionality had not occurred to me until recently, when a Coldform user asked about enabling it. After a bit of investigation, it turns out that integrating multiple-recipient functionality into Contact Coldform is as easy as it is practical. I will definitely be adding this feature to the next release of the Coldform, however, here is the modification procedure for those who just can’t wait.
Several months ago, I changed my email address to stop spam. Since then, I have been updating every instance of my old address that I can find. In WordPress, I edited all of my theme files and updated my profile information in the “Users” admin area. Several days later while digging through the comments table in the WordPress database, I realized that the user-profile update is only pro-actively effective. There were still hundreds of instances of my old email address associated with comment-author information in the comments table. No big whoop for some, but the devastating inconsistency of it all would have kept me from a good night’s sleep (or maybe that was the caffeine..).
After investigating some unusual 404 errors the other day, I found myself digging through the WordPress Admin trying to locate the “Subscribe to Comments” options panel. As it turns out, administrative options for the Subscribe to Comments plugin are split into two different areas. First, the S2C plugin provides configuration options under “Options>SubscribetoComments”, which enables users to tweak everything from subscription messages to custom CSS styles. New to me was the other half of the S2C administration area: the Subscription Manager! Carefully hidden under “Manage>Subscriptions”, the Subscription Manager provides several useful ways to filter your email subscribers:
Announcing an improved, Arabic version of my latest WordPress plugin, Contact Coldform. The new version features complete UTF-8 compatibility and has been completely translated to the Arabic language. Here is a detailed breakdown of changes made for the Arabic version:
Completely translated to Arabic
Encoded in UTF-8 without BOM
Emails now sent in HTML format
Added line breaks in HTML format
Right-to-left text presentation
Customized layout for Arabic
Full UTF-8 support
Of course, none of this would have been possible without the generous help of:
For more information, check out the original thread at ar-wp.com. There you may obtain more information and also download the Arabic version of Contact Coldform. You may also download the Arabic version via the Coldform home page.
Welcome to the homepage for Contact Coldform, a free contact-form plugin for WordPress. Contact Coldform is designed with a sharp focus on clean code, solid performance, and ease of use. No frills, no gimmicks, only pure contact-form satisfaction. If you are looking for a solid, well-designed, user-friendly, fully customizable contact form, look no further: Coldform is perfect for any WordPress blogger. The comprehensive Options panel makes Coldform easy for beginners to take full control, while the consistent, logical PHP/(X)HTML code makes Coldform ideal for advanced users desiring customized functionality. The best of both worlds: a “clean-slate” contact form that provides everything you want and nothing you don’t! :)
Coldform Features:
Compatible with WordPress versions 1.5 - 2.8 and beyond.
Plug-n-play: add Coldform to any WordPress page or post.
Simple installation — upload, activate, and customize.
Complete WordPress Administrative Options panel for full control.
“Oh no, not again!” It looks like another one of my non-existent bank accounts has been blocked at Bank of America. But that’s cool, because I like, totally graduated from third grade. Knowing best for all grammar and words in email. Let’s examine yet anotheridioticphishingattempt, shall we? First, let’s have a look at the full-meal deal (sans bank logos, links, and other forged minutia):
From : abuse@bankofamerica.com
Date : Wednesday, November 07, 2007 6:19 AM
To : none
Subject : Online Banking Alert
------------------------------
Your Online Banking is Blocked
Because of unusual number of invalid login attempts on you account,
we had to believe that, their might be some security problem on you
account. So we have decided to put an extra verification process to
ensure your identity and your account security. Please click on
sign in to Online Banking to continue to the verification process
and ensure your account security. It is all about your security.
Thank you, and visit the customer service section.
------------------------------
First of all, it needs to be said that, especially in our modern, “phishing-aware” world, it is absolutely critical for would-be phishers to comprehend thoroughly the language in which their bait will be delivered. This is especially true when it comes to the emulation of formal communication from legitimate business establishments such as banks, online shops, and governmental offices.
Insanity reigns in the blogosphere! Check out this sweet little spam comment that found its way to my moderation queue..
Cloth Hello to all, its my new pages about cloth cloth diaper You can buy here 24\7.
Yes indeed, “Cloth diaper”!! Come on now, is the competition really that fierce in the cloth diaper industry that companies must turn to the slimy spam cartel for scummy comment links?
“its my new pages about cloth” — WTF?!!! Dude! I can’t wait to check out your sweet-ass pages about cloth diapers. Can I check out some killer cloth-diaper photos while I’m there?
May I just take a moment to thank anyone and everyone who was in any way involved with this absolutely priceless spam turd — keep up the great work, scumbags! Way to push those cloth diapers, “24\7”!
The AT&T 8525 is the first UMTS/HSDPA smart phone to be offered in the United States. It has integrated Bluetooth 2.0, Wi-Fi, and supports AT&T’s new music, video, and location-based services. The Windows Mobile device also has push e-mail capabilities, a 2-megapixel camera, a spacious QWERTY keyboard, and good call quality. — CNET Editors’ Review of the AT&T 8525
Perishable Press via AT&T 8525 (click image for more..) Thusly inspired, I recently purchased an AT&T 8525 Pocket PC by HTC. The device now serves as my virtual satellite, keeping me connected to the internet, networked to the office, and prepared for serious business. With its many features and streamlined functionality, the AT&T 8525 enables me to operate in maximized fashion, increasing efficiency and improving productivity. This article presents a concise rundown of how each of the phone’s primary features helps me to succeed as I fight a hellish battle everyday.
Of all the bizarre, nonsensical, and pointless spam we have received so far this year, this one takes the cake. It was delivered to our designated spam account earlier this month as a plain-text email, which opens with an explanation. Apparently, "Bob Diamond" is "an Hiring Manager" looking to advertise a couple of important items. The first ad seems remotely realistic, but the second ad.. it’s like, "teddy bear features" out of nowhere — you can’t be serious. Also worth mentioning, the triple signature effect — Bob signs his name not once or twice, but three times. Check it out..
Note: The methods described in this post apply to older versions of Internet Explorer (<6) and Outlook Express (<6), and are provided here for reference purposes only.
Fix the "Unable to poll for new messages" error
Here is an error message that some Outlook Express users receive when sending or receiving email, or after creating a new email account:
Unable to poll for new messages on your HTTP server.
Account: 'Hotmail'
Server: 'http://services.msn.com/svcs/hotmail/httpmail.asp'
Protocol: HTTPMail
Server Response: 'End tag 'D:response' does not match the start tag 'D:prop'.
Port: 0
Secure(SSL): No
Error Number: 0xC00CE56D
In our previous article on creating spamless email links via JavaScript, the presented method, although relatively simple to implement, is not the most effective solution available. Spambots, email harvesters, and other online scumbags relentlessly advance their scanning technology, perpetually rendering obsolete yesterday’s methods.
In the case of spamless email links created client-side via JavaScript, many spambots now are able to decipher certain email addresses hidden within the JavaScript code itself. Spambots scan JavaScript for keywords such as "email" or "mail", or even character strings containing ".com" or the "@" symbol. Spambots collect and decipher such data and return the favor with a flood of email spam.
Fortunately, the flexibility of JavaScript enables us to encode our email links as simply or as convoluted as needed. Indeed, our first post on spam-free email links focused on simplicity at the expense of long-term effectiveness, with multiple email addresses requiring multiple instances of the JavaScript function.
In this article we present a technique which obfuscates all email data within the JavaScript itself, making it virtually impossible for current technology to extract accurately any email addresses contained therein. This is a more durable, industrial-strength method for protecting your inbox from the spammers. Although slightly more complicated, this method accommodates multiple email addresses within a single, robust JavaScript function. So, without further ado..
Trying to backup your Outlook Express .dbx files on Windows XP may prove difficult if you can’t find them. Well, fret no more, my friend. Here is the generalized path to the Outlook Express folder, which contains all of the .dbx files for a particular user. Copy, paste, and shortcut:
C:\Documents and Settings\[username]\Local Settings\Application Data\Identities\{12345678-1234-ABCD-EFGH-1234567890AB}\Microsoft\Outlook Express
* [username] = each user will should have their set of .dbx files.
* {12345678-1234-ABCD-EFGH-1234567890AB} = represents a unique alphanumeric string.
If you have question, comment, or concern, and prefer to leave a comment rather than send an email, please drop a comment via the form below. I keep a close eye on all comments left on this post, and will do my best to respond in as soon as possible. Please note that all comments left at this post are open to the public and available for anyone to see. That said, have at it!
Let’s face it, spam sucks. Give spammers the figurative finger by using this nifty bit of JavaScript to hide your email address from the harvesters. Here is an easy “copy-&-paste” snippet for including a spam-proof email address in your web pages. Although there are a million ways of doing this, I am posting this for the record (and because I just can’t stand deleting usable code). This technique uses JavaScript, and therefore is not 100% ideal for all users. My advice would be to include a <noscript> element that contains an image of your email address. That way, users without JavaScript will still have access to your (spam-proof) email address. Of course, image-based text presents issues for text-only browsers, but hey, you gotta start somewhere! ;)
Spamless Email
Secure the function by adding this block of code to the document head, or by placing it within an external JavaScript file:
<script type="text/javascript">
<!--//--><![CDATA[//><!--
function email(name, domain, extension) {
if (!document.write) return false;
if (document.write) {
var name; var domain; var extension;
document.write('<a href="' + 'mailto:' + name + '@' + domain + '.' + extension + '">' + name + '@' + domain + '.' + extension + '<\/a>');
}
}
//--><!]]>
</script>
Then, add this to the document body, replacing the three variables with real values:
Here is an example of how the function may be configured on an actual web page. This is the specific code that we use at Monzilla Media to hide email addresses from the spamholes:
<script type="text/javascript">
<!--//--><![CDATA[//><!--
function email(m, o, n) {
if (!document.write) return false;
if (document.write) {
var m; var o; var n;
document.write('<p>Contact: <a href="' + 'mailto:' + m + '@' + o + '.' + n + '?subject=General%20Business" title="Contact">' + m + '@' + o + '.' + n + '<\/a><\/p>');
}
}
//--><!]]>
</script>
<script type="text/javascript">
<!--//--><![CDATA[//><!--
email("m0n", "monzilla", "biz");
//--><!]]>
</script>
<noscript><p>(enable javascript or view source to see the email link)</p></noscript>
Your online credit card account has high-risk activity status. We are contacting you to remind you that on March. 13, 2006 our Account Review Team identified some unusual activity in your account. In accordance with Chase Bank’s User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved.
We encourage you to log in and perform the steps necessary to restore your account access as soon as possible. Allowing your account access to remain limited for an extended period of time may result in further limitations on the use of your account and possible account closure. If you would like close your credit card account, please contact us, as soon as possible.
Login to your limit account and restore online access: https://www.[…].com. This notification is part of the All-Electronic Program you enrolled in to receive your activity report online.
To protect the security of your account, Chase Bank, employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the Chase Bank system for unusual activity. […]
? We Have Noticed That Your Wells Fargo Online Bank Account Needs To Be Updated, because we have made a new updates on our online banking service and we lost some information of our customer online banking accounts, we are sorry for that but you should update your Wells Fargo online bank account. To verify your online account and access your bank account, to be able to send and recive money online.
please click on the link below to continue :
simply sign on from Account Services to Active Your Account .
Have additional questions? Send us an email by clicking on “Contact Us” while you are signed on to Online Banking, or call 1-800-956-4442. We’re available 24 hours a day, 7 days a week.
For a good laugh, consider the following email message:
Subject: Attention! Several VISA Credit Card bases have been LOST!
Good afternoon, unfortunately some processings have been cracked by hackers, so a new secure code to protect your data has been introduced by visa.
You should check your card balance and in case of suspicious transactions immediately contact your card issuing bank.
If all transactions are alright, it doesn’t mean the card is not lost and cannot be used. Probably, your card issuers have not updated information yet.
That is why we strongly recommend you to visit our web-site and update your profile, otherwise we cannot guarantee stolen money repayment.
i have been using the google homepage
(google.com) as my personal internet
start page for several years now.
i have emailed before with praise
for the page’s very simple &
elegant design asthetics.
however, i am occasionally annoyed with
the periodic advertising frequenting the page.
For example, today i discovered the return
of the pesky “google toolbar” advertisement.
yuck. (strictly speaking of the start page)
i realize that i am scrutinizing a bit here,
but i find it necessary to voice my humble
opinion concerning one of the few products
actually worthy of my insightful criticisms.
seriously, please remove the image of the
google toolbar from the start page. please.
it matters. maybe some “we care text”
every now and then, but please,
no more images.
thank you for your concern.
thanks again for a truly great product.
i suspect there’s business a brewin’ in the bak woodz. geez. it seems like this quarter will never end. hour after hour…i have had so much time to study for finals that i have had plenty of time to do other things like eat and sleep in a sort of spacey, nervous anticipation of things to come. space age. the new millionium. all that millioniums — all that messy, messy meals. hot meals. mcMeals. uncle messy with a hot rockin’ holiday deal. hot fist, fisty sister…twisted fister. aarrrgggh.
Awhile ago, Silvan Mühlemann conducted a 1.5 year experiment whereby different approaches to email obfuscation were tested for effectiveness. Nine different methods were implemented, with each test account receiving anywhere from 1800 to zero spam emails. Here is an excerpt from the article:![[ ~{*}~ ]](http://perishablepress.com/press/wp-content/images/2008/misc-chunks/email-update-deco.gif)
Several months ago, I changed my email address to stop spam. Since then, I have been updating every instance of my old address that I can find. In WordPress, I edited all of my theme files and updated my profile information in the “Users” admin area. Several days later while digging through the ![[ Image: Jonny Quest (Inverted) ]](http://perishablepress.com/press/wp-content/images/2008/subscriptions/subscriptions-quest.gif "jonny123@gmail.com?")
After investigating some unusual ![[ Image: Coldform Icon ]](http://perishablepress.com/press/wp-content/images/2008/wp-coldform/coldform-icon.gif "Contact Coldform"){kind=icon}
Welcome to the homepage for Contact Coldform, a free contact-form plugin for WordPress. Contact Coldform is designed with a sharp focus on clean code, solid performance, and ease of use. No frills, no gimmicks, only pure contact-form satisfaction. If you are looking for a solid, well-designed, user-friendly, fully customizable contact form, look no further: Coldform is perfect for any WordPress blogger. The comprehensive Options panel makes Coldform easy for beginners to take full control, while the consistent, logical PHP/(X)HTML code makes Coldform ideal for advanced users desiring customized functionality. The best of both worlds: a “clean-slate” contact form that provides everything you want and nothing you don’t! :)![[ Image: HTC 8525 ]](http://perishablepress.com/press/wp-content/images/2007/misc-chunks/8525-pocket-pc.jpg)
![[ Photo of Mr. T ]](http://perishablepress.com/press/wp-content/images/2006/misc-chunks/spamless-email.jpg)
Let’s face it, spam sucks. Give spammers the figurative finger by using this nifty bit of JavaScript to hide your email address from the harvesters. Here is an easy “copy-&-paste” snippet for including a spam-proof email address in your web pages. Although there are a million ways of doing this, I am posting this for the record (and because I just can’t stand deleting usable code). This technique uses JavaScript, and therefore is not 100% ideal for all users. My advice would be to include a