Our anti-spam solutions base one of their spam protection techniques on the assumption that web crawlers are not sophisticated enough to be able to identify encoded email addresses. Is this assumption correct?
It Is a Reasonable Assumption?
The huge share of the email adresses that appear on web pages are unprotected. If we assume someone was willing to construct a tool capable of extracting those few email addresses that are protected, they would have to make a substantial effort for a minute result. Moreover, this assumption is of little relevance in case the user challenge option
of the encoder is used.
We have performed a simple experiment to try to confirm this hypothesis. Over more than three years, email probes have been placed on several web pages. The pages chosen were all indexed by the major search engines and had external inbound links. Probes were valid email addresses, created for the purpose. Their length, as well a the random character sequence they were composed of made it highly improbable for them to be guessed (e.g. K0Qsva83sBYN8vKmJU@example.com
). Whearas half of the probes placed on each page were protected, the other half were not.
None of the protected addresses received any emails, whereas all the others have been harvested and spammed. Un-protected addresses started to receive spam after as little as two days.
To date (Feb 2006), the protection techniques employed are efficient.