// Internet Duct Tape

Why Posting Your Email Address in Plain Text is Never a Good Idea

Posted in Building a Community, Technology, Web 2.0 and Social Media by engtech on January 20, 2007

The popular blog TechCrunch was trying to give away 100 free accounts to a web service called Spinvox and was surprised/astounded when a competitor named SimulScribe spammed everyone who participated. What did TechCrunch do wrong? They asked participants to write their email address in the publicly viewable comments.

That begs the question: How fast could a spammer spam if a spammer could find your email address?

In early September of 2006 I wrote a how to post on Setting Up Multiple Gmail Accounts from One Account (also see: How to Access Gmail When It’s Blocked at Work). I created a throw-away Gmail account at 2:36pm on September 10th, 2006 to use as an example in this post.

The first spam in that account was received at 11:12 AM on September 11th, 2006. By the 13th there was 16 spam messages. It has been averaging 160 spam messages a month.

This is not a lot until you consider that this is an email address that appeared on the Internet only once, on one blog post on one web page of a blog that wasn’t that popular at the time. It is not a common word/name and I’ve never used that email address anywhere other than in that post. It takes less than a day for an email address that appears in a web page to start receiving spam.

The TechCrunch commenters should expect a lot more spam than just the note from SimulScribe as a result of their posting their email address online.

What TechCrunch Should Have Done

If you want to collect email addresses for a contest, create an email account specifically for that contest or have a contest email account and filter by subject line. The email will be sent privately between TechCrunch and the contest holder and that will remove any chance of spammers getting the contact information.

Posting Your Email Address On Your Blog

There are complicated CSS / Javascript hacks to display your email address in a way that is human readable but is unlikely to be interpreted by a spambot (since they ignore CSS / Javascript), but the easiest solution I’ve ever found for posting your email address on the web is to create an image file that displays your email address.

engtech email address

(I’m not blasting the guys at TechCrunch, this is a common mistake that everyone makes. Most people don’t think twice about posting their email address and they really should.)

7 Responses

Subscribe to comments with RSS.

  1. Michael Arrington said, on January 20, 2007 at 3:04 am

    yeah, i think the idea of setting up a quick email account for this is the best idea and what I’ll do in the future.

  2. Allen said, on January 20, 2007 at 3:11 am

    Good post – when I did the gift exchange – I posted giftexchange@cn and within 9 minutes the spam started. Yes, 9 minutes. And today I still get 30-40 on that address.

    I have won so much money I could buy half the world!

  3. engtech said, on January 20, 2007 at 6:49 am

    Ah, those Nigerians.

    I still have no idea how they had so much trouble when they had so many riches.

  4. Cavey said, on January 20, 2007 at 10:51 am

    Yes, posting e-mailaddresses in plain text on webpages is stupid. I have had to change e-mailaddresses many times, because of my own stupidity, and others that puts my e-mailaddress on the web or services that asks for your friends e-mailaddresses.

    But you should test with a different account than a g-mail. I have a g-mailaccount. I have never given it to anybody, I have never posted it anywhere, I have never used it. Still, my spamfolder keeps filling up with spam. Directly addressed to my address.

  5. IWRConsultancy said, on February 21, 2007 at 10:55 pm

    There seems to be a major issue with lack of awareness of the facts surrounding email-harvesing. I was amazed to see that quite a few local webdesigners are still merrily publishing email-addresses in plaintext on the sites they build, and then wondering why the account gets hammered with spam.

    It goes further than that. A large proportion of CMS systems and webdesign-programs still fail to warn the user that they are making a serious blunder when they type a plaintext mailto: into a page. Yet the same systems -faddishly and pointlessly- will nag like hell if the user enters an tag without alt-text.

    Methinks there a need for general awareness-raising, plus perhaps an amendment to the RFCs deprecating plaintext mailto: links. At least if that were done, the academics would start teaching webdesign-students that this is extremely bad practice.

  6. engtech said, on February 21, 2007 at 10:59 pm

    @IWR: Full agreement.

  7. […] Why Posting Your Email Address in Plain Text is Never a Good Idea […]

Comments are closed.

%d bloggers like this: