Re: Modern best practice for putting a contact email on the web
Celejar wrote:
> On Mon, 5 Apr 2021 15:51:28 -0400
> Dan Ritter <dsr@randomstring.org> wrote:
>
> > > Okay, but why isn't trying to limit spammers getting hold of an address
> > > a logical part of a defense in depth strategy?
> >
> > Because it doesn't work. If it worked as well as, say, moving
> > your SSH port*, I would encourage it. It does not.
>
> Source? Is this your personal experience, or do you have some other
> basis for this? Cloudflare, for example, asserts that:
>
> "Cloudflare Email Address Obfuscation helps in spam prevention by
> hiding email addresses appearing in your pages from email harvesters
> and other bots, while remaining visible to your site visitors."
Source: experience from being actively involved in the Internet
for 25 years, including time on anti-spam initiatives at BBN and
Akamai, various mail anti-abuse working groups (now
https://www.m3aawg.org/ which I'm not currently involved with
particularly) and running personal and corporate mail servers
for most of that time.
> > OK, use tagged addresses. Gmail has that feature for free.
> >
> > page and tell Gmail to spam-bin the old address.
>
> Worth considering, certainly. I try to avoid Gmail as much as possible
> (I know that I'm still using it for d-u), but I can check to see
> whether the other email providers I use support plus addressing.
The good ones will. The best ones will also offer - addressing
on the same terms. Turns out that a bunch of idiots think that +
is not a valid mail left-hand-side character, but - is.
-dsr-
Reply to: