[eBook] Spam-Proof Your E-Mail Address by Brian Livingston
https://windowssecrets.com/spamproof/buy.php
This is the project blog for the Dario La email obfuscation project at university of edinburgh
https://windowssecrets.com/spamproof/buy.php
The original spam email harvesting project. http://www.projecthoneypot.org/
Found an interesting mailing list quite a while back just before I got my RSI and lost my ability to type. Here's a link to index to articles on SPAM.
The second version of the project's email harvesting honeypot was launched at arablelaboratories.com.
Must identify a useability limit and upper bound on how long a user is willing to wait before getting an email address. How "frustrating the expectation is".
University Email Anti-Spam Fact Finding
Project Musings: 13 Oct 2005
Project Description:
Plan of attack for Honours Project.
TRY TO DO SIMPLE VERSION OF 1 OR 2 IN TIME FOR PROJECT MEETING
1. Build a simple obfuscation tool based on user choice of techniques.
Suitable for users that only have static pages.
a. simple Javascript - executing Javascript on client computes mailto tag
b. translate e-mail name into an image
Emphasis here is on stitching existing tools together for easy use
[DO THIS FIRST]
2. Experiment
Generate fresh e-mail names via different techniques and see which
generate spam.
a. Control case - name in clear
b. simple Javascript (as with 1a)
c. image (as with 1b)
d. in clear in pdf document
e. current Informatics technique (name @ inf.ed.ac.uk) (purpose of this
is to check how effective current technique is)
[DO THIS SECOND -- SO AS TO MAXIMIZE TIME TO ACCUMULATE DATA]
3. PDF e-mail obfuscation tool
[TECHNOLOGICALLY STRAIGHTFORWARD, BUT PERSONALLY, PHIL COULD MAKE USE OF
THIS]
4. Diagnostic tool -- at users request, crawl their website and report
vulnerabilities [DO NOT RELEASE AS OPEN SOURCE]
[TECHNOLOGICALLY STRAIGHTFORWARD, PERSONALLY PHIL IS LESS INTERESTED IN
THIS]
5. Study obfuscated code techniques and apply them to generate a more
sophisticated Javascript obfuscator
[THIS HAS MOST ACADEMIC CONTENT]
6. Consider alternative to Javascript (e.g., challenge-response running
on server) for clients that do not have Javascript -- this probably
requires that user have CGI capability.
[TECHNOLOGICALLY STRAIGHTFORWARD]
7. User-engineer a site distributing these tools in order to make it
popular. Count downloads to measure success.
[RELEVANT TO INFORMATICS, BUT USES DIFFERENT MUSCLES]
8. Apply AJAX techniques, possibly using Captcha and/or using self
modifyng code.
[PERSONALLY INTERESTING TO PHIL, MAY BE PRETTY CHALLENGING]
9. Build well-engineered tool
10. Study which techniques are effective -- what sort of things will
spambots easily do (e.g., perhaps, execute Javascript) and not easily do
(e.g., if Javascript is expensive when will they stop)?
Overall plan:
Start with something simple, so you have a definite result under your
belt: 1, 2, 9, start 7.
Then spend bulk of time on something intellectually challenging, such as
5 or perhaps 8.