Educause Security Discussion mailing list archives
Re: Secure Web Directory?
From: Joseph Tam <tam () MATH UBC CA>
Date: Wed, 13 Mar 2019 14:47:30 -0700
Fisch, Neal writes:
In an attempt to cut down on the amount email phishing we receive we're interested in see if any universities are protecting (or considering to protect) their outward facing web directories, or if they have any other solutions against directory scraping that have been useful.
It depends on your circumstances. I assume your directory needs to be publically accessible (i.e. you can't put it behind a authenticated portal or network access policy), you can do various things. - use Javascript to encode/obfuscate mailto's - convert address text -> images. They can be OCR'd, but you can add image distortions (a la CAPTCHA) to make it harder but there is dimninishing returns. Nothing is going protect you manual harvesting using cheap labour. You can also use CSS tricks to composite an image together. - CAPTCHAs - text obfuscation (e.g. "this (at) that (dot) com") but simple ones can be easily converted, so you should do something a little more sophisticated. - hide addresses and use contact forms (with input throttle safeguards, of course) This is not an anti-harvest technique per se, but bait addresses are a really good way to get intel on this activity. Any messages sent to such an address is by definition unsolicited. A few sent by the same sender is by definition UBE (=Spam). No need to infer via blacklist lookup, Bayesian analysis, or SA's bags of rules: just turf it. Joseph Tam <tam () math ubc ca>
Current thread:
- Secure Web Directory? Fisch, Neal (Mar 08)
- Re: Secure Web Directory? AIS (Mar 09)
- Re: Secure Web Directory? Linc Nesheim (Mar 11)
- Re: Secure Web Directory? Fisch, Neal (Mar 15)
- <Possible follow-ups>
- Re: Secure Web Directory? Joseph Tam (Mar 13)
- Re: Secure Web Directory? Benjamin Schwartz (Mar 14)
- Re: Secure Web Directory? Mujtaba Talebi (Mar 14)
- Re: Secure Web Directory? Joseph Tam (Mar 15)