Do not publish your email on the Internet. That’s is one of the first lessons to learn when you start using the Internet. Once your email has been cached by a search engine it will sooner or later be discovered by bots that crawl the Internet for this valuable information.
All kinds of protection have been created to prevent this from happening. Some suggest using images instead of text, many obscure their emails in the hope that the bots will not be able to identify the right one and others are not publishing their mail at all.
Tinymail steps in and tries to be a barrier between your email address and the Internet. It does that by linking your email address to a Tinymail webpage which becomes your profile page. Instead of publishing your email on the web you embed the Tinymail code that is created after linking the email to a Tinymail email address.
The Tinymail code is showing part of the real email address and a link to the profile page which is only accessible if the user enters a captcha. If he does that he can take a look at the real email.
The idea itself is nice but it has two flaws in my opinion.The first is that it adds another step to the contact process. That might not be a problem if you desperately are trying to contact one but it is definitely a problem for other forms like providing feedback on a product. Users might give up in frustration and prefer to spend their time elsewhere.
The second is the captcha protection. Captchas have been broken in the past and once it is broken it could become a haven for a email collector who stored all those Tinymail emails in a database waiting for the right moment to decipher them all.
It would be nice if the email link could be deleted again after usage for a certain time, maybe even let it run out automatically after x days where x is a figure that the user can define in the options.
Related posts:
Check if a website is revealing email addressesCloak your Email with Emailcloaker
Thunderbird Email Address Crawler
Gmail Increases Email Security With Phishing Protection
Disposable Email Address Yopmail
Temporary Email Extension for Firefox
Phishing Protection Tips
Email Marketing Software Email On Acid
18 Responses to “Tinymail Email Protection”
Trackbacks/Pingbacks
-
[...] there is an analysis on ghacks, which talks about the two flaws of this [...]
-
[...] Via | gHacks [...]
Kind of like reCAPTCHA Mailhide.
If it’s your own website, it’s far better to have a contact form that gets submitted to your own email. For even better spam protection, have the contact form sent to a secondary email address which then gets forwarded to your real email. That way if that secondary address starts getting spam, you can just ditch that one and make a new one.
I agree with you about the captchas though. They’re getting solved by advanced software, and they’re even getting hard for humans to decipher.
But I found a site today called note2email that uses a different type of captcha that seems harder to crack. Instead of the usual “fill in the text you see here” type, this one asks you to identify which image listed is a part of the site’s logo. You choose from 3 or 4 images, the correct one varying in position, rotation and zoom level. And the URL of the image is a temporary one, like /files/images/temp/14430200.jpg. That might be the next big solution for authentication problems.
??your comment page requires me to publish my email address when your article says not to give that info away???
Your email is not published public ally when you enter it and I have no use for it.
So how do I enter an URL in a form where the format of the email address is checked by JavaScript?
“just me” does have a point, almost every blog comment form asks for an email address and says it won’t publish, but why ask at all? While that’s probably true for the majority, I bet there are some bloggers out there who farm these addresses from their database and use them in some way. I’ve just thought of one as it happens.
However, I treat comments on my site in the same way a letters editor on a newspaper would. If someone comments, then they should provide some way for me, as editor, to contact them if needs be.
David I think that’s the main reason. If someone comments we need a way to get back to them. Posting an email is not really a way to thwart of spam because anyone can type a bogus email address anyway.
And there are definitely some bloggers who farm emails. My suggestion would be to create an account at Yahoo or Gmail or wherever and use that solely for commenting.
Daniel you do not. This is only for publishing on websites, forums and other publicly accessible places, not web forms that do not get published on the web
I think I’ve said it before, here and elsewhere, but no amount of obfuscation will prevent spam hitting your mailbox eventually because the spammers guess (en masse) email addresses anyway, so that you may never have made an address public, but if it’s simple, it will be invented by a bot somewhere and added to a list if it doesn’t bounce. I wrote about how to prevent this happening on Sciencetext:
http://www.sciencetext.com/sqt-anonymize-your-email.html
ReCapatcha has already been cracked..
I just took a look at the comments addresses in mySQL database – there are currently 666 approved…scareeeee!
I have same email address for eight years. It was published in the open hundreds of times.
I get at most 2-3 spam emails weekly. Spam filter in Opera can easily handle hundred times that.
Read somewhere in the post recently that good chunk of people actually use/buy stuff that is spammed to them. That’s main problem – click link in spam and you admit that you read it and interested.
Email spam is huge because no matter how much people complain – they make it viable and profitable. If you ignore it – it just stops coming.
Stop complaining and start ignoring. If everyone does that spam will disappear instantly.
The only captchas I consider both secure and painless for a human being are those of logic, like the intruder image among a set of logically linked ones.
Concerning email, DEA (Disposable Email Address) seems to me the only efficient privacy method. DEA + Mailwasher (filtering email via Spamhaus and Spamcop) = not one spam : I have zero spam.
The nicest thing with DEA is when a given DEA has been given to only one correspondent : if spam you know where it comes from. That’s why you never get spam!
blake,
if you have to select 1 image out of 4 then 25% of the time , the spam bot will get it right?
martin,
you can contact your posters by answering them on this page.
if the poster wants an answer he will come back here to look at the other answers.
my point is .. i don’t know you. you don’t know me…why do you want to keep in touch?
it is a waste of cyberspace for me to type in a fake email address anyway..
What if I want an answer because of a comment made. A clarification perhaps, a source or a better explanation? A source has to be contactable, that’s my opinion.
sorry, i think what i mean is – do not make it mandatory for he user to enter an email address.
as of now it is required.
my 2c worth of nothing really.
it was just a contradiction on your own post.
thanks
I think ‘just me says’ is a wise and intelligent person, very intelligent, brilliant. Oxford, Cambridge, Harvard, Stanford ? :=)