To mangle your publicly-posted email address sufficiently when you post it publicly
that spammers cannot harvest it for bulk mailing lists, yet not so badly that
legitimate senders cannot manually reconstruct it.
Munging is not for private emails. To mung there is both
pointless and rude. You use the munging techniques for posting your email address on
the web, in newsgroups or in blogs to slow down an avalanche of spam.
Why does my email address appear on my website only as an inconvenient
non-clickable image? e.g.
Because I have such a high Internet profile, without that munging technique, I get
thousands of spams a day. It is unfortunate to inconveniece my legitimate
correspondents with munging. The alternative is to discard legitimate correspondence
accidentally as spam.
Why You Should Mung Your Address
- Munging avoids junk email.
- Junk emailers harvest email addresses from Usenet newsgroup posts, both in the
headers and text body, anything that remotely looks like an email address.
- Munging is easy to do compared with other methods of avoiding spam.
- Munging lowers the percentage of good addresses harvested by the address
Why You Should Not Mung Your Address
Use of Invalid
If you want no mail at all from anyone, use an id
that ends in invalid, e.g. roedy@invalid. Don’t mention any domain anywhere. This is the
official way to do it. If your newsreader won’t let you do that, then give it
an address of the form email@example.com or failing that
If you are munging, you should put .invalid as the
TLD (Top Level Domain) on the end to warn that the address is munged, e. g.
How To Mung
Examples of pointless munging, too easy to defeat by
You don’t want to irritate your legitimate readers by requiring too many
keystrokes to correct the address, e.g. g_e_o_r_g_e_@_a_o_l_d_o_t_com.invalid take many keystrokes to correct,
but is easy to correct via automation.
- g e o r g e @ a o l d o t com.invalid
To mung, you must be creative and original. You have to defeat two classes of
The trick to fooling (1) is to use a new pattern. The trick to fooling (2) is to
require specific knowledge an unskilled person would not have, e. g.
- algorithms that demung common patterns, willing to test several variant
- ladies in their housecoats working from home willing to test several variant
Unfortunately, if you leave hints about how to remove your mung, little ladies
in their housecoats working for $0.06 an hour in China
can read them just aswell.
- roedy@HIGHKELVINmail.com.invalid. It still may go
sailing over the heads of people you want to decode it to hotmail.com.
- firstname.lastname@example.org (leave out the
references to Norway)
- When you post any email address on the web in two parts separated by a graphic
@ sign, with a deceptive alt tag. like this: dumbo
- Change your email address to a word not found in the dictionary or in
Names for Baby. Spammers will try sending to every possible word,
given name and surname on a given email host and remember what gets delivered for
future mailings. If you have a common name for your email address e.g.
email@example.com, even perfect munging to camouflage it won’t save you.
On the other hand, if you are too subtle, your legitimate callers won’t
notice the mung, or won’t be able to correctly remove it on the first try.
The Graphics Email Icon Approach :
⇐ png graphic icon, not text
I tell people to look on my website
at the top of any page or more particularly at http://mindprod.com/image/mailto/roedy.png. The image
gives my true email address, but it would be difficult for a machine to read it,
though a lady working in a housecoat for $0.06 an hour
in China could. I used an odd font and made it slightly blurry to deter
OCR (Optical Character Recognition). You can generate similar graphics email icon with
SpamGourmet.com will give you valid email address.
However, all mail directed there is just thrown away. This avoids the problem of
bounced messages being generated. You will of course lose legitimate mail as well
from people who don’t know that spamgourmet does this.
You may find that many companies now
are hiding their email addresses. To send them email you must go to their website and
send them a message by filling in a form. They have had it up to the teeth with spam.
One approach is to change your public email address from time to time and discard
the old one when it becomes too spam saturated. Keep a private one for personal
communication you never post.
Eventually some Mafioso is going get ticked by spam and take some spectacular
revenge which may discourage people entering the profession.
- mung FAQ The techniques he
recommends for munging I believe are far too easy to defeat by automation. I base
this opinion based this on my experience writing a legitimate email address
harvester and de-munger I use to send the location of the
FAQs (Frequently Asked Questionses)
to first time posters in comp.lang.java.help.
- I propose an email system based on digital ids and digitally signed documents.
See mailreader/newsreader student
project. If this were implemented spam as we know it would disappear. The
Internet currently provides a free lunch to spammers. We can hardly expect good
capitalists to do anything but leap into the feeding frenzy.