Address munging

From Wikipedia, the free encyclopedia

Address munging is the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organisations who send unsolicited bulk e-mail. Address munging is intended to disguise an e-mail address in a way that prevents computer software seeing the real address, or even any address at all, but still allows a human reader to reconstruct the original and contact the author: an email address such as, "no-one@example.com", becomes "no-one at example dot com", for instance. Any e-mail address posted in public is likely to be automatically collected by computer software used by bulk emailers — a process known as e-mail address harvesting — and addresses posted on webpages, Usenet or chat rooms are particularly vulnerable to this.[1] Private e-mail sent between individuals is highly unlikely to be collected, but e-mail sent to a mailing list that is archived and made available via the web or passed onto a Usenet news server and made public, may eventually be scanned and collected.

Disguising addresses makes it more difficult for people to send e-mail to each other. Many see it as an attempt to fix a symptom rather than solving the real problem of e-mail spam, at the expense of causing problems for innocent users.[2]

The use of address munging on Usenet is contrary to the recommendations of RFC 1036 governing the format of Usenet posts, which requires a valid e-mail address be supplied in the From: field of the post. In practice, few people follow this so strictly.[3]

As an alternative to address munging, there are several "transparent" techniques that allow people to post a valid e-mail address, but still make it difficult for automated recognition and collection of the address:

  • "Transparent name mangling" involves replacing characters in the address with equivalent HTML references from the list of XML and HTML character entity references.
  • Posting all or part of the e-mail address as an image
  • Posting an e-mail address as a text logo and shrinking it to normal size using inline CSS.[4]
  • Posting an e-mail address with the order of characters jumbled and restoring the order using CSS.[5]
  • Building the link by client-side scripting.[6]

An example of munging "user@example.com" via client-side scripting would be:

The use of images and scripts for address obfuscation can cause problems for people using screenreaders and users with disabilities.

According to a 2003 study by the Center for Democracy and Technology, even the simplest "transparent name mangling" of e-mail addresses can be effective.[7]

Common methods of disguising addresses include:

Disguised address Recovering the original address
no-one at example (dot) com Replace " at " with "@", and " (dot) " with "."
no-one@elpmaxe.com.invalid Reverse domain name: elpmaxe to example
remove .invalid
moc.elpmaxe@eno-on Reverse the entire address
no-one@exampleREMOVEME.com.invalid Instructions in the address itself;
remove .invalid
no-one@exampleNOSPAM.com.invalid Remove NOSPAM from the address, remove .invalid.
n o - o n e @ e x a m p l e . c o m This is still readable, but the spaces between letters stop automatic spambots.

It's a good idea to include instructions afterwards since many people are unaware of the practice of address munging.

These may not always work, as some spambots are known to remove "NOSPAM" from e-mail addresses, and such.

The reserved top level domain .invalid is appended to ensure that a real e-mail address is not inadvertently generated. One problem is that some spammers will now remove obvious munges and send spam to the cleaned up address. For this reason many people recommend using a totally invalid address (especially in the From line) and perhaps a disposable email address in the Reply To.

  1. ^ Email Address Harvesting: How Spammers Reap What You Sow, Federal Trade Commission. URL accessed on 24 April 2006.
  2. ^ Address Munging Considered Harmful, Matt Curtin
  3. ^ See Usenet.
  4. ^ Email CSS obfuscation tool (Generator requires javascript enabled, output for displaying emails requires basic CSS)
  5. ^ PHP jumbler tool
  6. ^ JavaScript address script generator (Generator requires cookies enabled, output for displaying emails requires javascript enabled)
  7. ^ "Why Am I Getting All This Spam? Unsolicited Commercial E-mail Research Six Month Report" March 2003.

v d e
This article is part of the Spamming series.
E-mail spam DNSBLSpamhausAnti-spam techniquesSpambotAddress mungingSORBS
E-mail authenticationDirectory Harvest AttackSpamCopDictionary spamming
Spamdexing Google bombKeyword stuffingCloakingLink farmWeb ring
Referer spamBlog spamSpam blogs
Telemarketing AutodialerMobile phone spamVoIP spam
Scams PhishingAdvance fee fraudLottery scamMake money fastPump and dump
Misc. Messaging spamNewsgroup spamFlyposting
History of spammingNetwork Abuse Clearinghouse
Retrieved from "http://en.wikipedia.org../../../a/d/d/Address_munging.html"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.