Re: RE: Anti-spambot hacks? (patch)

From: Bjarni R. Einarsson <bre_at_netverjar.is_at_hypermail-project.org>
Date: Mon, 8 Nov 1999 08:59:10 +0100
Message-ID: <19991108085910.A2657_at_diskordiah.localdomain>


On 1999-11-07, 18:57:40 (-0500), Otis Gospodnetic wrote:
> In case this helps - see how www.egroups.com does this.
> If my address is foo_at_bar.com they'll change it to fo-_at_bar.com I think.
> I'm not sure how a user can figure out the real e-mail address from that
> though...

This actually strikes me as a much better idea than what I was doing in my patch; making the mangler lossy means that address harvestors can't just use a reverse-lookup table as they could have with my method. To help user's guess the real address I'd mangle the domain though, not the user part. Usually domain names have enough context to allow a reader to guess the correct email address, and signatures often help too.

I've rewritten my spamprotect routine to implement this strategy (the rest of my patch would be unchanged). This routine also is guaranteed to always mangle an email address the same way, so downloading an entire archive and automatically comparing "similaur" addresses won't work. :-)

This routine is also less disruptive of things that aren't email addresses than my old one.

Code:

/*
** This function mangles the domain part of an email address (or anything
** that looks like an email address), hopefully protecting it from automatic
** email harvestors.
**
** Returns an allocated string.

*/  

#define isdomain(c) (isalnum(c) || (c == '.') || (c == '-')) char *spamprotect(char *input, int fixedwidth) {

    char *c, ck;
    int i;
    struct Push buff;  

    INIT_PUSH(buff);  

    /* Mangle the domain part of an email address.

     */
     if (set_spamprotect) 
      while (NULL != (c = strchr(input, '_at_')))
    {
        /* Move a few chars into the domain name... */
		c++;
        for (i = 0; i < (*c%3)+1; i++) if (isdomain(*(c+1))) c++;
 
        /* Copy, guarantee the routine advances past the '_at_' */
        ck = *c;
        *c = '\0';
        PushString(&buff, input);
        *c = ck;
 
        /* This test will never fail if we really are in an email address.
         * It might fail for something else, which is a Good Thing (tm).
         */
        if (isdomain(*c))
        {
            PushByte(&buff, '#'); /* Illegal in domain names */
            input = c+1;
        }
        else 
          input = c; /* Don't skip, just advance. */
    }
    PushString(&buff, input);  

    RETURN_PUSH(buff);
}

-- 
Bjarni R. Einarsson                           PGP: 02764305, B7A3AB89
 bre_at_netverjar.is           -><-           http://www.mmedia.is/~bre/

Netverjar gegn ruslpósti: http://www.netverjar.is/baratta/ruslpostur/
Received on Mon 08 Nov 1999 10:01:57 AM GMT

This archive was generated by hypermail 2.2.0 : Thu 22 Feb 2007 07:33:51 PM GMT GMT