Munge or do not

I’m highly amused at attempts I’ve seen in public forums to munge email addresses.

Spammers want your domain. Even script kiddies go further than a username@domain reference. A space between username @ domain.com is useless except to hassle anyone who wants to email you.

How do bots get addresses to spam you? From the domain, bots get your homepage, and from there they get real addresses, or they generate addresses like Sales@, WebMaster@, etc.. If you want to protect yourself from spam, never publish your raw domain name. The munge technique I use in public forums is to say:
              TG @ remove.thisNebula-RnD.com
This thwarts silly first-attempt bots that scan for user@domain addresses (as if there are any of those anymore) but unless a person is looking at the address a program isn’t going to know where the domain name actually starts. Yes, the more sophisticated programs will scan from the .com and move forward until they get a good domain, but masking the domain name itself is only going to discourage legitimate visitors from your site, and there’s only so much you can do in this aspect of anti-spam warfare.

The unfortunate aspect of that technique is that people do need to copy just a part of your domain name. But they’ve got their finger on the copy/paste anyway, so you’re just asking someone to be more selective about what they copy. My opinion is that if someone isn’t smart enough to start copying after "remove.this" then they aren’t likely to understand my product or service offerings either, so I’m not losing anything. YMMV

If you are going to try to protect your email address with munging or even a simple "user @ domain", fergoshsakes, don’t subscribe to a public forum using your real full address. Even forum software like that used in Google Groups is completely naive to assume that it’s protecting anyone with "user-at-domain.com" For this reason I never post to forums with a real address. I use sneakemail.com where I can create a disposable email address. They pre-filter mail in various ways and spam hardly ever gets through. If an address gets compromised then just delete it and create new ones – and never again give your address to whomever compromised it.

To paraphrase Master Yoda: "Munge or do not."

2 thoughts on “Munge or do not

    • Thats all good advise – However Spam bots just send emails to a range of names at the domains they find, so if a harvester has got to your web page which has the domain your mails are on then it will send mail to webmaster@, sales@, accounts@, majordomo@ etc..   so for some of us (sys admins, or site owners etc)  it does not really matter that our mail address is out there, our spam blockers have to work hard anyway.

    • You’re 100% correct of course. There’s no way to completely hide from the bad guys and of course there is no perfect solution. People harvest domain names in different ways and they pass the domain names they harvest to spammers who process the addresses in different ways. The thing I’m focused on here is that people seem to be attempting to munge their addresses as though they want to avoid spam, but the way they’re doing it is ineffective. If someone is going to take any action, at least do it properly to make the effort partially effective.

Leave a Reply