Mozilla Security

Email Image Protection

Many people think that making an image out of an email is a good way to protect it from being harvested by spam bots. It’s now possible to convert it from an image to email link via a Firefox extension. Guess what, an email harvester can do this just as well. What’s a better solution against email harvesters? Don’t put any trace of an email address online, use a form. Yes you could distort the image a bit to make it more difficult, but using a CAPTCHA as an email isn’t going to make you any friends. JavaScript can also be done, but no reason why it can’t be interpreted (though that may be more difficult in some cases, since a JS engine isn’t the easiest thing to work with, and implementing anything less can easily be defeated by throwing some extra JS in there. Some discussion on the Firefox Extension implementation can also be found on Gerv’s blog where he proposed the idea.

3 replies on “Email Image Protection”

Duh, it stripped the HTML… I’ll try again:

na<span style=”display:none”>30iv90e9</span>ylor<span style=”display:none”>tq5</span>83@<span style=”display:none”>9kkk</span>gmail<span style=”display:none”>44b</span>.<span style=”display:none”>xex</span>com

The extension only works with the specific font and style Facebook uses. Generalising it to any text is a hard problem (that’s why CAPTCHAs are still reasonably effective). The other problem, in the general case, is determining which images on a web page are actually email addresses.

Please don’t encourage people to replace email address links with forms. I recently moved house. I was able to email my change of address to 15 companies easily, but for some, I had to fill in individual “feedback forms”, which was a pain. The customer is always right. Provide a means to contact your company by email. Deal with the spam – it’s a fact of life.

Leave a Reply

Your email address will not be published. Required fields are marked *