Re: Secure Web Directory?

[Joseph Tam <tam () MATH UBC CA>]

Fisch, Neal writes:

> In an attempt to cut down on the amount email phishing we receive we're
> interested in see if any universities are protecting (or considering to
> protect) their outward facing web directories, or if they have any
> other solutions against directory scraping that have been useful.

It depends on your circumstances.  I assume your directory needs to
be publically accessible (i.e. you can't put it behind a authenticated
portal or network access policy), you can do various things.

        - use Javascript to encode/obfuscate mailto's
        - convert address text -> images.  They can be
                OCR'd, but you can add image distortions
                (a la CAPTCHA) to make it harder but there
                is dimninishing returns.  Nothing is going
                protect you manual harvesting using cheap
                labour.  You can also use CSS tricks to
                composite an image together.
        - CAPTCHAs
        - text obfuscation (e.g. "this (at) that (dot) com") but
                simple ones can be easily converted, so you should
                do something a little more sophisticated.
        - hide addresses and use contact forms (with input throttle
                safeguards, of course)

This is not an anti-harvest technique per se, but bait addresses are a
really good way to get intel on this activity.  Any messages sent to such
an address is by definition unsolicited.  A few sent by the same sender
is by definition UBE (=Spam).   No need to infer via blacklist lookup,
Bayesian analysis, or SA's bags of rules: just turf it.

Joseph Tam <tam () math ubc ca>