YOURLS: Email Obfuscation with URL Shortener - worthwhile idea?
I installed YOURLS URL shortening script on a domain I have because I like the idea of having my own URL shortener (and just for fun LOL).
Anyway I noticed that if you put an email address instead of a URL into Yourls (prefixing it with "mailto:", example: mailto:example@example.com), Yourls will actually shorten the link just fine just like any HTTP link. And when you click on the short link, your browser behaves just as if you click directly on a mailto: link - your email handler responds.
So that got me thinking, isn't this a good way to obfuscate email addresses to keep email harvesting bots from collecting it?
Seems to me it might even be better than using scr.im because with scr.im the email address is printed on a page even if it's behind a captcha wall, so a bot could possibly cheat teh captcha then have access ot the email (in fact, there is a youtube video where someone accomplishes just this, but it is a few years old).
But with Yourls the email address is not printed on a page, it only exists in your db. It does exist in your admin interface, but a bot would have to hack your admin login to get access to the email address.
Do you think it's possible an email harvester could still somehow "scrape" and email address shortened with Yourls (or any other URL shortener service that allows mailto: links)?
Would love to hear thoughts from those who know more about email harvesting bots than I do. I don't know a whole lot, except that typically they scrape source code and harvest any text that looks like xxxx@yyyy.tld or mailto:xxxx@yyyy.tld, for the most part. If you short-link the email address, the email address does not exist in the source code.
EDIT: Realize that I am not asking if this is a 100% way to beat harvesting bots. There is no such thing. Rather, I am asking what others, who have a better knowledge of email harvesting bots, think about how effective this method would be on seriously reducing the harvesting of your email address.
email links
add a comment |
I installed YOURLS URL shortening script on a domain I have because I like the idea of having my own URL shortener (and just for fun LOL).
Anyway I noticed that if you put an email address instead of a URL into Yourls (prefixing it with "mailto:", example: mailto:example@example.com), Yourls will actually shorten the link just fine just like any HTTP link. And when you click on the short link, your browser behaves just as if you click directly on a mailto: link - your email handler responds.
So that got me thinking, isn't this a good way to obfuscate email addresses to keep email harvesting bots from collecting it?
Seems to me it might even be better than using scr.im because with scr.im the email address is printed on a page even if it's behind a captcha wall, so a bot could possibly cheat teh captcha then have access ot the email (in fact, there is a youtube video where someone accomplishes just this, but it is a few years old).
But with Yourls the email address is not printed on a page, it only exists in your db. It does exist in your admin interface, but a bot would have to hack your admin login to get access to the email address.
Do you think it's possible an email harvester could still somehow "scrape" and email address shortened with Yourls (or any other URL shortener service that allows mailto: links)?
Would love to hear thoughts from those who know more about email harvesting bots than I do. I don't know a whole lot, except that typically they scrape source code and harvest any text that looks like xxxx@yyyy.tld or mailto:xxxx@yyyy.tld, for the most part. If you short-link the email address, the email address does not exist in the source code.
EDIT: Realize that I am not asking if this is a 100% way to beat harvesting bots. There is no such thing. Rather, I am asking what others, who have a better knowledge of email harvesting bots, think about how effective this method would be on seriously reducing the harvesting of your email address.
email links
1
It's trivial to modify a bot to find it, so it may be OK at first, but as soon as it's sniffed out it's done.
– Enis P. Aginić
Jan 25 at 6:51
@Enis P. Aginić How common is it that harvesting bots are written to sniff out email addresses "hidden" in a shortened URL?
– Larry T
Jan 25 at 11:17
I ment if a bot developer figures out people are doing this, it's very easy to modify the bot to find the email hidden in this way. And it would (probably) be the same reusable solution for any URL shortener service. Stick with stuff that is hard for computers to do, such as CAPTCHA and contact forms if possible.
– Enis P. Aginić
Jan 26 at 12:06
@Enis P. Aginić Yes, I understand it's best to use captcha and whatnot, but sometimes there is a need to display email addresses. For instance,a lot of companies have a listing of all their sales people or other employees on their website and list their phone # and email address. Not to mention, many (if not most) contact form code doesn't mask the email address. It's right there in the source code.
– Larry T
Jan 27 at 1:42
Well if you must have it displayed maybe look into services offering email obfuscation, CloudFlare for example and be ready to deal with some spam by using good email provider... These services may be able to keep up, but you on your own - I'm not so sure. Bots are getting smarter, and I bet we will soon see "AI powered" bots.
– Enis P. Aginić
Jan 28 at 15:36
add a comment |
I installed YOURLS URL shortening script on a domain I have because I like the idea of having my own URL shortener (and just for fun LOL).
Anyway I noticed that if you put an email address instead of a URL into Yourls (prefixing it with "mailto:", example: mailto:example@example.com), Yourls will actually shorten the link just fine just like any HTTP link. And when you click on the short link, your browser behaves just as if you click directly on a mailto: link - your email handler responds.
So that got me thinking, isn't this a good way to obfuscate email addresses to keep email harvesting bots from collecting it?
Seems to me it might even be better than using scr.im because with scr.im the email address is printed on a page even if it's behind a captcha wall, so a bot could possibly cheat teh captcha then have access ot the email (in fact, there is a youtube video where someone accomplishes just this, but it is a few years old).
But with Yourls the email address is not printed on a page, it only exists in your db. It does exist in your admin interface, but a bot would have to hack your admin login to get access to the email address.
Do you think it's possible an email harvester could still somehow "scrape" and email address shortened with Yourls (or any other URL shortener service that allows mailto: links)?
Would love to hear thoughts from those who know more about email harvesting bots than I do. I don't know a whole lot, except that typically they scrape source code and harvest any text that looks like xxxx@yyyy.tld or mailto:xxxx@yyyy.tld, for the most part. If you short-link the email address, the email address does not exist in the source code.
EDIT: Realize that I am not asking if this is a 100% way to beat harvesting bots. There is no such thing. Rather, I am asking what others, who have a better knowledge of email harvesting bots, think about how effective this method would be on seriously reducing the harvesting of your email address.
email links
I installed YOURLS URL shortening script on a domain I have because I like the idea of having my own URL shortener (and just for fun LOL).
Anyway I noticed that if you put an email address instead of a URL into Yourls (prefixing it with "mailto:", example: mailto:example@example.com), Yourls will actually shorten the link just fine just like any HTTP link. And when you click on the short link, your browser behaves just as if you click directly on a mailto: link - your email handler responds.
So that got me thinking, isn't this a good way to obfuscate email addresses to keep email harvesting bots from collecting it?
Seems to me it might even be better than using scr.im because with scr.im the email address is printed on a page even if it's behind a captcha wall, so a bot could possibly cheat teh captcha then have access ot the email (in fact, there is a youtube video where someone accomplishes just this, but it is a few years old).
But with Yourls the email address is not printed on a page, it only exists in your db. It does exist in your admin interface, but a bot would have to hack your admin login to get access to the email address.
Do you think it's possible an email harvester could still somehow "scrape" and email address shortened with Yourls (or any other URL shortener service that allows mailto: links)?
Would love to hear thoughts from those who know more about email harvesting bots than I do. I don't know a whole lot, except that typically they scrape source code and harvest any text that looks like xxxx@yyyy.tld or mailto:xxxx@yyyy.tld, for the most part. If you short-link the email address, the email address does not exist in the source code.
EDIT: Realize that I am not asking if this is a 100% way to beat harvesting bots. There is no such thing. Rather, I am asking what others, who have a better knowledge of email harvesting bots, think about how effective this method would be on seriously reducing the harvesting of your email address.
email links
email links
edited Jan 25 at 6:44
Larry T
asked Jan 25 at 6:37
Larry TLarry T
166
166
1
It's trivial to modify a bot to find it, so it may be OK at first, but as soon as it's sniffed out it's done.
– Enis P. Aginić
Jan 25 at 6:51
@Enis P. Aginić How common is it that harvesting bots are written to sniff out email addresses "hidden" in a shortened URL?
– Larry T
Jan 25 at 11:17
I ment if a bot developer figures out people are doing this, it's very easy to modify the bot to find the email hidden in this way. And it would (probably) be the same reusable solution for any URL shortener service. Stick with stuff that is hard for computers to do, such as CAPTCHA and contact forms if possible.
– Enis P. Aginić
Jan 26 at 12:06
@Enis P. Aginić Yes, I understand it's best to use captcha and whatnot, but sometimes there is a need to display email addresses. For instance,a lot of companies have a listing of all their sales people or other employees on their website and list their phone # and email address. Not to mention, many (if not most) contact form code doesn't mask the email address. It's right there in the source code.
– Larry T
Jan 27 at 1:42
Well if you must have it displayed maybe look into services offering email obfuscation, CloudFlare for example and be ready to deal with some spam by using good email provider... These services may be able to keep up, but you on your own - I'm not so sure. Bots are getting smarter, and I bet we will soon see "AI powered" bots.
– Enis P. Aginić
Jan 28 at 15:36
add a comment |
1
It's trivial to modify a bot to find it, so it may be OK at first, but as soon as it's sniffed out it's done.
– Enis P. Aginić
Jan 25 at 6:51
@Enis P. Aginić How common is it that harvesting bots are written to sniff out email addresses "hidden" in a shortened URL?
– Larry T
Jan 25 at 11:17
I ment if a bot developer figures out people are doing this, it's very easy to modify the bot to find the email hidden in this way. And it would (probably) be the same reusable solution for any URL shortener service. Stick with stuff that is hard for computers to do, such as CAPTCHA and contact forms if possible.
– Enis P. Aginić
Jan 26 at 12:06
@Enis P. Aginić Yes, I understand it's best to use captcha and whatnot, but sometimes there is a need to display email addresses. For instance,a lot of companies have a listing of all their sales people or other employees on their website and list their phone # and email address. Not to mention, many (if not most) contact form code doesn't mask the email address. It's right there in the source code.
– Larry T
Jan 27 at 1:42
Well if you must have it displayed maybe look into services offering email obfuscation, CloudFlare for example and be ready to deal with some spam by using good email provider... These services may be able to keep up, but you on your own - I'm not so sure. Bots are getting smarter, and I bet we will soon see "AI powered" bots.
– Enis P. Aginić
Jan 28 at 15:36
1
1
It's trivial to modify a bot to find it, so it may be OK at first, but as soon as it's sniffed out it's done.
– Enis P. Aginić
Jan 25 at 6:51
It's trivial to modify a bot to find it, so it may be OK at first, but as soon as it's sniffed out it's done.
– Enis P. Aginić
Jan 25 at 6:51
@Enis P. Aginić How common is it that harvesting bots are written to sniff out email addresses "hidden" in a shortened URL?
– Larry T
Jan 25 at 11:17
@Enis P. Aginić How common is it that harvesting bots are written to sniff out email addresses "hidden" in a shortened URL?
– Larry T
Jan 25 at 11:17
I ment if a bot developer figures out people are doing this, it's very easy to modify the bot to find the email hidden in this way. And it would (probably) be the same reusable solution for any URL shortener service. Stick with stuff that is hard for computers to do, such as CAPTCHA and contact forms if possible.
– Enis P. Aginić
Jan 26 at 12:06
I ment if a bot developer figures out people are doing this, it's very easy to modify the bot to find the email hidden in this way. And it would (probably) be the same reusable solution for any URL shortener service. Stick with stuff that is hard for computers to do, such as CAPTCHA and contact forms if possible.
– Enis P. Aginić
Jan 26 at 12:06
@Enis P. Aginić Yes, I understand it's best to use captcha and whatnot, but sometimes there is a need to display email addresses. For instance,a lot of companies have a listing of all their sales people or other employees on their website and list their phone # and email address. Not to mention, many (if not most) contact form code doesn't mask the email address. It's right there in the source code.
– Larry T
Jan 27 at 1:42
@Enis P. Aginić Yes, I understand it's best to use captcha and whatnot, but sometimes there is a need to display email addresses. For instance,a lot of companies have a listing of all their sales people or other employees on their website and list their phone # and email address. Not to mention, many (if not most) contact form code doesn't mask the email address. It's right there in the source code.
– Larry T
Jan 27 at 1:42
Well if you must have it displayed maybe look into services offering email obfuscation, CloudFlare for example and be ready to deal with some spam by using good email provider... These services may be able to keep up, but you on your own - I'm not so sure. Bots are getting smarter, and I bet we will soon see "AI powered" bots.
– Enis P. Aginić
Jan 28 at 15:36
Well if you must have it displayed maybe look into services offering email obfuscation, CloudFlare for example and be ready to deal with some spam by using good email provider... These services may be able to keep up, but you on your own - I'm not so sure. Bots are getting smarter, and I bet we will soon see "AI powered" bots.
– Enis P. Aginić
Jan 28 at 15:36
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1398222%2fyourls-email-obfuscation-with-url-shortener-worthwhile-idea%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1398222%2fyourls-email-obfuscation-with-url-shortener-worthwhile-idea%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
It's trivial to modify a bot to find it, so it may be OK at first, but as soon as it's sniffed out it's done.
– Enis P. Aginić
Jan 25 at 6:51
@Enis P. Aginić How common is it that harvesting bots are written to sniff out email addresses "hidden" in a shortened URL?
– Larry T
Jan 25 at 11:17
I ment if a bot developer figures out people are doing this, it's very easy to modify the bot to find the email hidden in this way. And it would (probably) be the same reusable solution for any URL shortener service. Stick with stuff that is hard for computers to do, such as CAPTCHA and contact forms if possible.
– Enis P. Aginić
Jan 26 at 12:06
@Enis P. Aginić Yes, I understand it's best to use captcha and whatnot, but sometimes there is a need to display email addresses. For instance,a lot of companies have a listing of all their sales people or other employees on their website and list their phone # and email address. Not to mention, many (if not most) contact form code doesn't mask the email address. It's right there in the source code.
– Larry T
Jan 27 at 1:42
Well if you must have it displayed maybe look into services offering email obfuscation, CloudFlare for example and be ready to deal with some spam by using good email provider... These services may be able to keep up, but you on your own - I'm not so sure. Bots are getting smarter, and I bet we will soon see "AI powered" bots.
– Enis P. Aginić
Jan 28 at 15:36