0
I installed YOURLS URL shortening script on a domain I have because I like the idea of having my own URL shortener (and just for fun LOL).
Anyway I noticed that if you put an email address instead of a URL into Yourls (prefixing it with "mailto:", example: mailto:example@example.com), Yourls will actually shorten the link just fine just like any HTTP link. And when you click on the short link, your browser behaves just as if you click directly on a mailto: link - your email handler responds.
So that got me thinking, isn't this a good way to obfuscate email addresses to keep email harvesting bots from collecting it?
Seems to me it might even be better than using scr.im because with scr.im the email address is printed on a page even if it's behind a captcha wall, so a bot could possibly cheat teh captcha then have access ot the email (in fact, there is a youtube video where someone accomplishes just this, but it is a few years old).
But with Yourls the email address is not printed on a page, it only exists in your db. It does exist in your admin interface, but a bot would have to hack your admin login to get access to the email address.
Do you think it's possible an email harvester could still somehow "scrape" and email address shortened with Yourls (or any other URL shortener service that allows mailto: links)?
Would love to hear thoughts from those who know more about email harvesting bots than I do. I don't know a whole lot, except that typically they scrape source code and harvest any text that looks like xxxx@yyyy.tld or mailto:xxxx@yyyy.tld, for the most part. If you short-link the email address, the email address does not exist in the source code.
EDIT: Realize that I am not asking if this is a 100% way to beat harvesting bots. There is no such thing. Rather, I am asking what others, who have a better knowledge of email harvesting bots, think about how effective this method would be on seriously reducing the harvesting of your email address.
Larry T
Posted 2019-01-25T06:37:27.783
Reputation: 21
1It's trivial to modify a bot to find it, so it may be OK at first, but as soon as it's sniffed out it's done. – Enis P. Aginić – 2019-01-25T06:51:40.197
@Enis P. Aginić How common is it that harvesting bots are written to sniff out email addresses "hidden" in a shortened URL? – Larry T – 2019-01-25T11:17:03.627
I ment if a bot developer figures out people are doing this, it's very easy to modify the bot to find the email hidden in this way. And it would (probably) be the same reusable solution for any URL shortener service. Stick with stuff that is hard for computers to do, such as CAPTCHA and contact forms if possible. – Enis P. Aginić – 2019-01-26T12:06:02.803
@Enis P. Aginić Yes, I understand it's best to use captcha and whatnot, but sometimes there is a need to display email addresses. For instance,a lot of companies have a listing of all their sales people or other employees on their website and list their phone # and email address. Not to mention, many (if not most) contact form code doesn't mask the email address. It's right there in the source code. – Larry T – 2019-01-27T01:42:58.587
Well if you must have it displayed maybe look into services offering email obfuscation, CloudFlare for example and be ready to deal with some spam by using good email provider... These services may be able to keep up, but you on your own - I'm not so sure. Bots are getting smarter, and I bet we will soon see "AI powered" bots. – Enis P. Aginić – 2019-01-28T15:36:32.200