[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: use of HTML in AddressModifyCode

I guess put a javascript link on the "click" and de-obfuscate that way.
This way you can have arbitrarily complicated encoding.

In fact the thought occurs that you could put complete garbage on the
screen, use nasty javascript to demangle it so that it shows correctly....
I wonder how many web-bots have javascript aware renderers...?

Ed W

P.S. Javascript is horrible....

----- Original Message -----
From: "Earl Hood" <earl@earlhood.com>
To: <mhonarc@ncsa.uiuc.edu>
Sent: Tuesday, May 28, 2002 4:53 PM
Subject: Re: use of HTML in AddressModifyCode


> On May 28, 2002 at 00:16, Jym Dyer wrote:
>
> > =v= I do something along these lines:
> >
> > jym<!--
> > spamtrap@example.com -->&copy;<!--
> > NOSPAM -->econet.org
> >
> > Breaking lines up with comments doesn't seem to bother *any*
> > browser, so long as I keep it tight and don't introduce
> > whitespace.  It's not difficult for a parser to strip all
> > comments, but I've managed to get the spamtrap address culled
> > and used by spammers, so I've managed to mess with some of them.
>
> I like it.
>
> > =v= My approach hinges on replacing @ with &copy; (&reg; is also
> > a possibility), and I suppose it could be taken a step further
> > by replacing . with &middot; -- you end up with something a
> > human can figure out and parsers don't seem to have (yet).
>
> Obfsucation is like an arms race.  As obfsucation techniques
> get more elaborate, spambot writers will eventually learn to
> deal with them.
>
> > =v= I've pretty much given up on mailto: URLs.  If anything, I
> > just use things like "mailto:REPLACE THIS WITH MY EMAIL ADDRESS".
>
> Plus, I wonder how much they really get used (at least in the context
> of mail archives).
>
> It seems it may be useful to have some kind resource in MHonArc
> that allows manipulation of addresses in the HTML domain (say
> ADDRESSCONVERTER).
>
> Of course, one could use one of the API callbacks to post process
> the HTML version of a message to obfsucate addresses.  Of course,
> you then have to deal with not messing up message-ids.
>
> --ewh
>
>
[Index of Archives]     [Bugtraq]     [Yosemite News]     [Mhonarc Home]