Celejar wrote: > On Mon, 5 Apr 2021 14:12:07 -0400 > Dan Ritter <d...@randomstring.org> wrote: > > > Celejar wrote: > > > Hi, > > > > > > What's the recommended modern best practice for putting a contact email > > > address on the web while avoiding having it scraped by spam / fraud > > > bots? > > > > Assume that every address will be hit by spammers and scammers. > > Put in appropriate antispam and antimalware precautions. > > Okay, but why isn't trying to limit spammers getting hold of an address > a logical part of a defense in depth strategy?
Because it doesn't work. If it worked as well as, say, moving your SSH port*, I would encourage it. It does not. *Moving your SSH port does nothing for your security; it does reduce the number of log entries to ignore. > > Train your people to recognize spam and scams. > > I'm talking about a small hobby project that I run in my spare time. I > just want to reduce spam to an address that I may put up to allow > people to reach me. OK, use tagged addresses. Gmail has that feature for free. I'll give you an example: when I registered for an account on tvtropes.org, I handed them dsr-tro...@randomstring.org. A few months later, I knew that their database had been raided, and since I had never received anything useful at that address, I told my mailfilter to drop dsr-tropes@ into the spam bin. celejar+debianus...@gmail.com will be directed to your GMail account. So will celejar+celerysticks@, celejar+support@, and celejar+supportapril2...@gmail.com. When the spam load becomes too much, change it on the support page and tell Gmail to spam-bin the old address. -dsr-
