If you're new here, you may want to subscribe to my RSS feed. So that you can read the latest updates about Web2.0 tools, Making Money Online, Tips in SEO, Ajax and many more. Thanks for visiting ProgramimiCOM!

The best way to protect an email address is to never reveal it.

The two best ways to receive communication without revealing your address is (1) with web forms that don’t require your email address in a hidden field or elsewhere on the web page and (2) with spam-harvest-proof email links from flow-to.com

Sometimes, an email address must be revealed, it just can’t be helped. When there is a choice, consider using a less permanent or less important address in those situations.

It seems that once an email address gets on spammers’ lists, it is there for as long as spammers exist.

Some Ways Email Addresses Are Harvested

“Harvest” — The action of obtaining an email address, manually or with software, without permission, for the purpose of sending email to it.

Any email address that can be seen by a human can be harvested.

Any email address in the source code of accessible documents (like web pages) can be harvested.

Those are broad statements. Nevertheless, they are true.

Spammers can hire cheap labor to manually type email addresses into lists. And, spammers can hire programmers to make ever more sophisticated harvesting software.

Here are some ways email addresses can harvested.

• Email addresses can be harvested from posts in forums, Groups, guest books, News, blogs, IRC, chat rooms, instant messengers, email lists, and newsletters that publish or provide email addresses or where an email address is in your signature area.
• Email addresses on web pages can be harvested by even the most mundane of harvesting software, whether printed as plain text, hidden in HTML tags, or in a mailto: link.
• Email addresses transformed as HTML entities or obfuscated with other other HTML encoding schemes are easily extracted by even relatively unsophisticated harvesting software.
• Email addresses in user profiles at web sites where they can be viewed by the public are also vulnerable.
• Web page forms that require a recipient email address specified in a hidden field make spammers smile.
• Printed material, like directories and magazine ads, are subject to harvesting.
• Domain registration records can have their addresses harvested.
• Email addresses in online white and yellow pages are almost certain to be harvested.
• Email addresses embedded in images can be harvested.

  We used this technique on our contact pages for a long time. Eventually, they were harvested, through several address changes. Whether harvested by sophisticated software, or manually, they got on spammers’ lists.

  Also, email addresses embedded in images are not available to blind readers and those using text-only browsers.

• At this time, some JavaScript obfuscation methods seem to work pretty well as protection from automated harvesters. Yet, it can’t be depended upon. The source code for parsing JavaScript is available on the Internet.

  It’s only a matter of time until harvesting software will be able to extract email addresses obfuscated with JavaScript, just like browsers do. They might already be doing it.

• Friends’ and business acquaintances’ computers infected with specialized viruses or trojans can hand their entire address books to a spammer’s computer — and your address may be in the book.
• Replying to spam will either confirm your address or, if your From: address is different than where the spam was sent to, provide the spammer with another good address to spam.
• Some browsers can be configured to specify an email address for use when logging into anonymous FTP sessions. They might also send the address as an HTTP_FROM header line when grabbing HTML web pages. The address can be harvested in both of those ways by the unscrupulous.

  One solution: Specify name@example.com as the address — unless your browser has an actual email client built-in.

  I know of no real reason to provide a valid address for anonymous FTP sessions or for the HTTP_FROM header line. In neither case is it normally expected that the address will be used to send you email.

• In your email software, turn off JavaScript, Java applets, and any other active content that you can. Some of these, or the software they might install, might be used to send your email address, or even your entire address book, to a spammer.

In some of the above situations, a spam-harvest-proof email link URL from flow-to.com can be used in lieu of your real email address.

For example, mailto: links can be replaced with the spam-harvest-proof email link, letting your site users click to send you email — without needing JavaScript or other special browser features — like people used to do when the web was relatively harvesting software-free and spammers were less sophisticated.

And, the spam-harvest-proof email link URL can be used in ezines, magazine ads, forum posts, anywhere a regular URL can be used.

The Best Secret Email Address

An email account is a mailbox with an email address.

For best protection, the email address of your mailbox should never be used anywhere, for anything other than the identification of the mailbox.

Other email addresses can then be forwarded to the mailbox’s address.

If the address of your mailbox falls in the hands of spammers, the address can’t just be disabled like forwarded addresses can. Instead, a whole new mailbox needs to be created. All addresses that forwarded to the old mailbox now need to forward to the new mailbox.

It’s a whole lot less hassle to keep the address of the mailbox secret. Email addresses that forward to the mailbox can be deactivated and new ones created with relative ease.

Believe it or not, deciding upon a secret email address is not as straight-forward as one might think.

The very best secret email address is a random set of 12 or more characters for the “name” part (the part preceding the @ character), that contains at least one period, hyphen, or underscore, and that has never been used before.

The random 12+ characters rule is pretty good insurance against dictionary attacks. (A dictionary attack can be common words or random characters in the name part of the email address, hundreds or thousands of variations sent to a mail server in the hopes that some or at least one spam gets through.) That’s not to say a dictionary attack will never send spam to your address; just that it’s less likely.

Don’t yield to the temptation of using an old email address that you haven’t used for a long time. If it’s ever been on spammers’ lists, it may still be there.

For example, we had an email address get on spammers’ lists in mid-1999. It was deactivated soon thereafter. In 2002, I decided to re-use the address (I kinda liked it, you know). Guess what, the spam resumed immediately, the very next time I downloaded my email. It had remained on their lists all this time.

[Update: The evening of the day this article was written (late February, 2007), I reactivated that email address. The next morning, 4 spam emails were received there. After more than half a decade of being invalid, the address is still on spammers’ lists!]

If you are thinking about getting a new domain for your secret email address, check archive.org first. Type in the URL of your proposed domain name to see if the domain has existed in the past. If yes, chances are some email addresses with that domain are already on spammers’ lists.

Also, type your proposed domain name into search engines to find clues to a prior existence.

Similarly, if your email address is @ a large or popular ISP, you’re always taking a chance that your new address was used by someone else in the past.

Don’t ever reveal your secret address, not even in outgoing email.

To receive email at your secret address, forward other addresses to it.

Ways To Protect and Manage Email Addresses

Keep the email address that is your mailbox a secret. Other email addresses can be forwarded to that mailbox.

Email addresses must be revealed in certain circumstances. It just can’t be helped. All such addresses should be forwarding addresses rather than the address of the mailbox itself.

Addresses used when sending email —

When an email is sent out, the To: line contains an email address, a valid address if you want to receive replies.

Should you use only one or a very few email addresses in outgoing email, then those are the only ones vulnerable should someone’s address book be compromised.

If every email you send out causes the recipient to automatically be added to your own address book, then you already have a list of email addresses you can send a notice to if you must deactivate an address due to the amount of spam it receives.

Your web page forms —

Email addresses where web page form submissions are sent to are probably best not used anywhere else. If such an address gets on spammer’s lists, it can be a hassle to change the address in the form processing software (depending on the software, of course).

Use form processing software that doesn’t require your email address anywhere on the web page, not even in a hidden form field. Otherwise, your address is highly visible to spammers’ harvesting software.

The primary drawback to using web page forms is that sometimes the people submitting the form mistype their own email address. You can’t reply to an invalid address.

Your spam-harvest-proof email link —

The delivery address for your spam-harvest-proof email link from flow-to.com is probably best not used anywhere else. Although it’s easy to change the destination address, an uncompromised address is even easier.

Ezines, email newsletters, and email lists —

Ezines and email lists must arrive at a valid email address. It may be prudent to have these sent to an email address used only for this purpose, maybe even an exclusive address for each category of subscription.

A compromised address that needs to be deactivated then has an effect only on the subscriptions sent to it.

Filling in other site’s forms —

Some forms will not accept just anything in fields where an email address is required, what’s typed in must at least resemble an email address.

It may be prudent to use only one specific email address when filling in forms for other web sites, an address used for nothing else. If it ends up on spammers’ lists, the address can be deactivated and a new one created.

A separate email address might be used when purchasing products, and another when an email address is required to obtain an otherwise free product.

Conclusion

Using a separate email address for separate activities or purposes can reduce repercussions when one of them needs to be deactivated.

The two best ways to receive communication without revealing your address is with web forms that can’t compromise your email address and with spam-harvest-proof email links from flow-to.com

The only way I know of to fully protect an email address is to obtain one that’s never been used and then never reveal it. Even then, it is possible to receive a spam once in a while as a result of dictionary attacks.