Re: Modern best practice for putting a contact email on the web
On Mon, 05 Apr 2021 16:50:30 -0400
Stefan Monnier <monnier@iro.umontreal.ca> wrote:
> Celejar [2021-04-05 14:49:15] wrote:
> > On Mon, 5 Apr 2021 14:12:07 -0400 Dan Ritter <dsr@randomstring.org> wrote:
> >> Celejar wrote:
> >> > What's the recommended modern best practice for putting a contact email
> >> > address on the web while avoiding having it scraped by spam / fraud
> >> > bots?
> >> Assume that every address will be hit by spammers and scammers.
> >> Put in appropriate antispam and antimalware precautions.
> > Okay, but why isn't trying to limit spammers getting hold of an address
> > a logical part of a defense in depth strategy?
>
> I think Dan is right: what he says is "the recommended modern practice".
> Defense in depth has to be weighted against the annoyance for real
> users, and sadly it's much easier to tweak a scraper once to handle
> yet-another-obfuscation-trick than it is for real users to jump through
> the same hoops (because those users only jump through those hoops once,
> so they pay the full price rather than spreading the price over
> millions of pages).
>
> >> Train your people to recognize spam and scams.
> > I'm talking about a small hobby project that I run in my spare time. I
> > just want to reduce spam to an address that I may put up to allow
> > people to reach me.
>
> The only alternative is to use something else than email, which requires
> users to have/create an account and authenticate themselves (e.g. an issue
> tracker on SourceHut).
Understood. In this particular case, at least, it will be difficult to
do that, since I don't control the page in question - I just have the
ability to drop some text / HTML into it. I suppose I could put a link
on the page to a page that I do control, and have some type of form /
login system there ...
Celejar
Reply to: