Why “username at domain dot com” isn’t fooling the spammers

  • Sumo

A long time ago, when the World Wide Web was in its infancy, all the web developers used a “mailto link” like username@domain.com for e-mail addresses on their websites. A reader could simply click on the link, and her favorite mail reader would pop up with the “To:” and possibly even the “Subject:” lines pre-filled. Those days were good. However, the spammers, or more accurately, the e-mail harvesters, quickly realized that they could pad their e-mail lists by grabbing all the mailto links on a page. A few web developers got clever and dropped the link, putting addresses into their pages as simple text. But, the harvesters weren’t fooled for long. They began to grab both the mailto links and anything with an @ sign in it. It didn’t matter if sometimes they got nonsense like “flowers@$20/dozen”. It cost them little to try the “address” and strip it from the list when the mail bounced.

So then some other web denizens started to write out the “at” and/or the “dot” to thwart the harvesters. The harvesters caught on again. Here are some of the many permutations that have been tried:

  • username@domain.com
  • username at domain.com
  • username at domain dot com
  • username (at) domain (dot) com (with and without spaces)
  • username [at] domain [dot] com (with and without spaces)
  • username_at_domain_dot_com
  • userSPAMname at domain dot com
  • userREMOVEMEname at domain dot com
  • user(SPAM)name at domain dot com
  • username+spam at domain dot com
  • any of the above replacing “at” with “AT” or “@” and/or replacing “dot” with “DOT” or “.”

I hate to be the bearer of bad news, but a good programmer could write a SINGLE LINE of code using what’s called a “regular expression” that would recognize ALL of those formats as potential e-mail addresses. Another line or two might be needed to strip the extraneous characters out of the latter examples, but that’s it.

If you are posting your e-mail address in a form that follows the below pattern (choose one item from each column), then the harvesters’ web scraping code can already find you. Don’t feel left out if you’ve got a longer address like username@machine.domain.com or username@domain.com.ca, they’ve got you, too, if you’re following a similar pattern.

username * @
* domain * .
* com
* = no, one, or any combination of non-alphanumeric character(s)

It’s true that if you do something unique to disguise your e-mail address, the harvesters won’t find you right away, but once people begin to copy your format, the harvesters will code your pattern into their web scraping routines. Trying to disguise your e-mail address by putting it in any generalizable form is somewhat akin to putting a lock on your luggage. It makes you feel like your property is safer, and it’ll keep the lowest level thief out, but in the end, it’s only a minor deterrent to someone who really wants what’s inside.


Share with others:
  • Facebook
  • Twitter
  • Digg
  • StumbleUpon
  • del.icio.us
  • Diigo
  • Google Bookmarks
  • Technorati
  • Yahoo! Buzz
This entry was posted in Entering giveaways, Web browsing and tagged e-mail address, spammers. Bookmark the permalink.

7 Responses to Why “username at domain dot com” isn’t fooling the spammers

  1. Pingback: Surprise: There’s really no need to conceal your email address from spammers – Quartz | Right laptop mart

  2. Pingback: Is it safe to put your email online? Yes! | Jason's Blog

Leave a Reply

Your email address will not be published. Required fields are marked *