Romans 12:17 & 18 offers the following instructions "Do not repay anyone evil for evil. Be careful to do what is right in the eyes of everybody. If it is possible, as far as it depends on you, live at peace with everyone"
I’ve also heard it said in various pulpits and Sunday schools "Locks on the door only keep the honest man honest."
When I lived in NYC, like many 20-sumthins, I had a bike. A nice mountain bike. I’m 40-sumthing now, and still have that bike. One of the reasons is I did not buy the run-of-the-mill light-n-affordable Kryptonite lock everyone else was using. I lugged some 10 pound, imported from the U.K., cold-steel ‘Universal Lock’. Not because this lock was impenetrable, but because it was a a pain in the "ars nova" to break. As a result, thieves would take the bike next to mine.
That is sort of what Mark Pilgrim is talking about when he writes about a Club vs. LoJack approach to securing your email address only our web site when he writes of the "Club" scenario:
The more interesting thing about these “option 2” approaches is that they each only work as long as they are not widespread. Consider the analogy of protecting email addresses from spam harvesters. Enterprising young webmasters who think they’re cool will obfuscate their email address with a combination of numeric entities, hexadecimal ASCII characters, and other junk. And spammers will simply use scripts that cut through such obfuscation like butter (deobfuscation methods explained). Even the vaunted Hivelogic Email Address Encoder is not safe anymore. Why? Because once enough people started using it, it was worth somebody’s time to write a simple regular expression to reduce it to numeric entities, which can be deobfuscated into plaintext.
Eeeyooouuch Mark! That felt about as good as a sharp poke in the eye! Was it something I said?
Unless the "industrious" spammer has taken the time to build a smart flexible ‘bot, then I’m safer using my ‘obfuscated’ address as opposed to hanging one out there in plain text. I also encode the "mailto:" in a further effort to make email links look-n-feel like hyperlinks.
In other words, a smart, determined
thief, I mean spammer, is going to getcha if you put your email address up on your church website. The trick is to make it such pain in the posterior and to camouflage it in such a way that they move onto easier prey. So yes, Mark P. is right when he opines that what is really needed is a LoJack solution so we can hunt down spammers and prosecute them with every legal means available to us. So in response, I’ve made some modifications to the Mean Dean Anti-Spam EMail Obfuscation Tool.
You can now encode email addresses mangled such variations as:
Yes, I know, these are still Club-like solutions that trade-off usability for security. So I’ve made one other modification. For those of you who have the ability to create email forwarders and or have an email catch-all (usually those of you who have ‘Real Domains‘), the obfuscator now encodes crude almost LoJack-like addresses such as:
These entries are based upon a LoJack-ish approach taken by Anders Jacobsen in his article entitled ‘Email addresses with a "+" are VALID‘. An article that came to my attention after he left a comment on my website with a very identifiable, traceable and if need be, blockable email address merely by encoding his address with some additional information between the ‘+’ signs.
Using this technique, the email address I use on this site is no longer as easy to cut through butter – at least for now. After all, Mark P. gets it right when he asserts that at some point it may be "worth somebody’s time to write a simple regular expression to reduce it to numeric entities." Though considering the nature of the spammer, I tend to think deflection and camouflage this level do provide me slightly more protection than the average bear.
In fact, I only disagree with Pilgrim’s process in one degree. There should be a third option I call the "dye-pack" solution. An email address that explodes all over the spammer and indelibly marks the address, rendering the address ‘unsellable’ and making it easy for the authorities to track down spammers like the filthy dogs that they are.