Address munging

__NOTOC__Address munging is the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations who send unsolicited bulk e-mail. Address munging is intended to disguise an e-mail address in a way that prevents computer software seeing the real address, or even any address at all, but still allows a human reader to reconstruct the original and contact the author: an email address such as, "no-one@example.com", becomes "no-one at example dot com", for instance. Any e-mail address posted in public is likely to be automatically collected by computer software used by bulk emailers — a process known as e-mail address harvesting — and addresses posted on webpages, Usenet or chat rooms are particularly vulnerable to this. [ [http://www.ftc.gov/bcp/conline/pubs/alerts/spamalrt.htm Email Address Harvesting: How Spammers Reap What You Sow] , Federal Trade Commission. URL accessed on 24 April 2006.] Private e-mail sent between individuals is highly unlikely to be collected, but e-mail sent to a mailing list that is archived and made available via the web or passed onto a Usenet news server and made public, may eventually be scanned and collected.

Disadvantages

Disguising addresses makes it more difficult for people to send e-mail to each other. Many see it as an attempt to fix a symptom rather than solving the real problem of e-mail spam, at the expense of causing problems for innocent users. [ [http://www.interhack.net/pubs/munging-harmful/ Address Munging Considered Harmful] , Matt Curtin]

The use of address munging on Usenet is contrary to the recommendations of RFC 1036 governing the format of Usenet posts, which requires a valid e-mail address be supplied in the From: field of the post. In practice, few people follow this so strictly. [See Usenet.]

Disguising e-mail address in a systematic manner (for example, user [at] domain [dot] com), is just as bad as not disguising the address at all as such addresses can be revealed through a simple [http://www.google.co.uk/search?q=%22at+*+dot%22 Google Search] .

Any impediment reduces the users willing to take the extra trouble toemail the user. In contrast, well maintained email filtering on the user's end does not drive awaypotential correspondents. Then again, no spam filter is 100% immune to false positives, and the same potential correspondent that would have been deterred by address munging may instead end up wasting time on long letters that will merely disappear in junk mail folders.

For commercial entities, maintaining contact forms on web pages rather than publicizing Email addresses may be one way to ensure that incoming messages are relatively spam-free yet do not get lost. In conjunction with CAPTCHA fields, spam on such comment fields can be reduced to effectively zero, except that non-accessibility of CAPTCHAs bring exactly the same deterrent problems as address munging itself.

Alternatives

As an alternative to address munging, there are several "transparent" techniques that allow people to post a valid e-mail address, but still make it difficult for automated recognition and collection of the address:

* "Transparent name mangling" involves replacing characters in the address with equivalent HTML references from the list of XML and HTML character entity references. [ [http://perso.crans.org/raffo/aem Address munging tool] (Generator requires the Java Virtual Machine installed and its browser plugin enabled.)]
* Posting all or part of the e-mail address as an image
* Posting an e-mail address as a text logo and shrinking it to normal size using inline CSS. [ [http://bugs.kde.org/attachment.cgi?id=20909 Email CSS obfuscation tool] (Generator requires javascript enabled, output for displaying emails requires basic CSS)]
* Posting an e-mail address with the order of characters jumbled and restoring the order using CSS. [ [http://bithack.se/pub/ PHP jumbler tool] ]
* Building the link by client-side scripting. [ [http://www.spamstop.org/spamtools/email JavaScript address script generator] (Generator requires cookies enabled, output for displaying emails requires javascript enabled)]
* Using server-side scripting to run a contact form. [ [http://www.addressmunger.com/contact_form_generator PHP contact form generator] ]

An example of munging "user@example.com" via client-side scripting would be:

The use of images and scripts for address obfuscation can cause problems for people using screenreaders and users with disabilities,and ignores users of text browsers like lynx and w3m, although being transparent means they don't disadvantage non-English speakers that cannot understand the plain text bound to a single language that is part of non-transparent munged addresses or instructions that accompany them.

According to a 2003 study by the Center for Democracy and Technology, even the simplest "transparent name mangling" of e-mail addresses can be effective. [ [http://www.cdt.org/speech/spam/030319spamreport.shtml "Why Am I Getting All This Spam? Unsolicited Commercial E-mail Research Six Month Report" March 2003.] ]

Examples

Common methods of disguising addresses include:

It's a good idea to include instructions afterwards since many people are unaware of the practice of address munging.

These may not always work, as some spambots are known to remove "NOSPAM" from e-mail addresses, and such.

The reserved top level domain .invalid is appended to ensure that a real e-mail address is not inadvertently generated. One problem is that some spammers will now remove obvious munges and send spam to the cleaned up address. For this reason many people recommend using a totally invalid addressvague|example please|date=March 2008 (especially in the From line) and perhaps a disposable email address in the Reply To.

Notes

ee also

*Netiquette
*Internet bot

External links

* [http://www.faqs.org/faqs/net-abuse-faq/munging-address/ Address Munging Frequently Asked Questions]
* [http://www.2kevin.net/munging.html Newsgroup address munging]