On Mon, 5 Apr 2021 15:51:28 -0400 Dan Ritter <d...@randomstring.org> wrote:
> Celejar wrote: > > On Mon, 5 Apr 2021 14:12:07 -0400 > > Dan Ritter <d...@randomstring.org> wrote: > > > > > Celejar wrote: > > > > Hi, > > > > > > > > What's the recommended modern best practice for putting a contact email > > > > address on the web while avoiding having it scraped by spam / fraud > > > > bots? > > > > > > Assume that every address will be hit by spammers and scammers. > > > Put in appropriate antispam and antimalware precautions. > > > > Okay, but why isn't trying to limit spammers getting hold of an address > > a logical part of a defense in depth strategy? > > Because it doesn't work. If it worked as well as, say, moving > your SSH port*, I would encourage it. It does not. Source? Is this your personal experience, or do you have some other basis for this? Cloudflare, for example, asserts that: "Cloudflare Email Address Obfuscation helps in spam prevention by hiding email addresses appearing in your pages from email harvesters and other bots, while remaining visible to your site visitors." https://support.cloudflare.com/hc/en-us/articles/200170016-What-is-Email-Address-Obfuscation- ... > > > Train your people to recognize spam and scams. > > > > I'm talking about a small hobby project that I run in my spare time. I > > just want to reduce spam to an address that I may put up to allow > > people to reach me. > > OK, use tagged addresses. Gmail has that feature for free. > > I'll give you an example: when I registered for an account on > tvtropes.org, I handed them dsr-tro...@randomstring.org. > > A few months later, I knew that their database had been raided, > and since I had never received anything useful at that address, > I told my mailfilter to drop dsr-tropes@ into the spam bin. > > celejar+debianus...@gmail.com will be directed to your GMail > account. So will celejar+celerysticks@, celejar+support@, and > celejar+supportapril2...@gmail.com. > > When the spam load becomes too much, change it on the support > page and tell Gmail to spam-bin the old address. Worth considering, certainly. I try to avoid Gmail as much as possible (I know that I'm still using it for d-u), but I can check to see whether the other email providers I use support plus addressing. Thanks, Celejar
