Re: Modern best practice for putting a contact email on the web

To: Dan Ritter <dsr@randomstring.org>
Cc: debian-user <debian-user@lists.debian.org>
Subject: Re: Modern best practice for putting a contact email on the web
From: Celejar <celejar@gmail.com>
Date: Mon, 5 Apr 2021 16:14:52 -0400
Message-id: <[🔎] 20210405161452.c11c829f2e99893061ac31e8@gmail.com>
In-reply-to: <[🔎] YGtqQFmBODO0Rhai@randomstring.org>
References: <[🔎] 20210405123402.135aeb462616905844095ec5@gmail.com> <[🔎] YGtS917wz47Eg4GR@randomstring.org> <[🔎] 20210405144915.36bd7ee84f08d58f21277fed@gmail.com> <[🔎] YGtqQFmBODO0Rhai@randomstring.org>

On Mon, 5 Apr 2021 15:51:28 -0400
Dan Ritter <dsr@randomstring.org> wrote:

> Celejar wrote: 
> > On Mon, 5 Apr 2021 14:12:07 -0400
> > Dan Ritter <dsr@randomstring.org> wrote:
> > 
> > > Celejar wrote: 
> > > > Hi,
> > > > 
> > > > What's the recommended modern best practice for putting a contact email
> > > > address on the web while avoiding having it scraped by spam / fraud
> > > > bots?
> > > 
> > > Assume that every address will be hit by spammers and scammers.
> > > Put in appropriate antispam and antimalware precautions.
> > 
> > Okay, but why isn't trying to limit spammers getting hold of an address
> > a logical part of a defense in depth strategy?
> 
> Because it doesn't work. If it worked as well as, say, moving
> your SSH port*, I would encourage it. It does not.

Source? Is this your personal experience, or do you have some other
basis for this? Cloudflare, for example, asserts that:

"Cloudflare Email Address Obfuscation helps in spam prevention by
hiding email addresses appearing in your pages from email harvesters
and other bots, while remaining visible to your site visitors."

https://support.cloudflare.com/hc/en-us/articles/200170016-What-is-Email-Address-Obfuscation-

...

> > > Train your people to recognize spam and scams.
> > 
> > I'm talking about a small hobby project that I run in my spare time. I
> > just want to reduce spam to an address that I may put up to allow
> > people to reach me.
> 
> OK, use tagged addresses. Gmail has that feature for free.
> 
> I'll give you an example: when I registered for an account on
> tvtropes.org, I handed them dsr-tropes@randomstring.org.
> 
> A few months later, I knew that their database had been raided,
> and since I had never received anything useful at that address, 
> I told my mailfilter to drop dsr-tropes@ into the spam bin.
> 
> celejar+debianusers@gmail.com will be directed to your GMail
> account. So will celejar+celerysticks@, celejar+support@, and
> celejar+supportApril2021@gmail.com.
> 
> When the spam load becomes too much, change it on the support
> page and tell Gmail to spam-bin the old address.

Worth considering, certainly. I try to avoid Gmail as much as possible
(I know that I'm still using it for d-u), but I can check to see
whether the other email providers I use support plus addressing.

Thanks,

Celejar

Reply to:

Follow-Ups:
- Re: Modern best practice for putting a contact email on the web
  - From: Henning Follmann <hfollmann@itcfollmann.com>
- Re: Modern best practice for putting a contact email on the web
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Modern best practice for putting a contact email on the web
  - From: "Alexander V. Makartsev" <avbetev@gmail.com>

References:
- Modern best practice for putting a contact email on the web
  - From: Celejar <celejar@gmail.com>
- Re: Modern best practice for putting a contact email on the web
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Modern best practice for putting a contact email on the web
  - From: Celejar <celejar@gmail.com>
- Re: Modern best practice for putting a contact email on the web
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: Modern best practice for putting a contact email on the web
Next by Date: Re: Help with msmtp-mta
Previous by thread: Re: Modern best practice for putting a contact email on the web
Next by thread: Re: Modern best practice for putting a contact email on the web
Index(es):
- Date
- Thread