Yes it is true in most cases because you need a pattern for email harvesting, the more complex the pattern the more expensive (time/money) it is for spammers to work at getting emails. Of course nothing stops manual harvesting, but that is very low. The thing that is usually done is non JS encoded, plain text emails are harvested (check any 1-2 year old website that is unchanged, and I bet you $20 bucks its plain text email and they get tons of spam).
At my company all the external facing emails are obfuscated using a series of server side & JS client side methods.
So an email never really looks like an email, and the pattern ALWAYS changes. You would be surprised how well this method works, sure some methods are compromised and easily broken, but more elaborate methods of email obfuscation usually make the harvesting pointless as the sheer amount of pattern detection would require a lot of invested resources.
Brute force of CAPTCHAS is different, where the hackers/spammers/harvesters TARGET a specific site. This does not really apply to small mom & pop websites who might use a myriad of obfuscation methods, or sites where users post different format emails in a variety of email obfuscation ways (omitting the .com or .net, etc).
Most harvesters are not Javascript aware, that is they do not process JS. Making those methods more costly for harvesters. There are some harvesters that do try to process JS, but like I said it is very costly when you are running millions of emails in a matter of minutes, you don't want to go down to 10s or 100s if you can do 1000s.
My method of doing an each time random method works very well, I have yet to get any spam on my account.
This post is definitely of interest here. – Clément – 2017-04-21T15:19:16.053
10Google's word on this is that turning @ into at of any form makes it easier to find on Google. Even with a ten year old hotmail address, I can link nearly all of my spam to times I gave away my address (fake names, etc). I don't get much spam from my email being publicly findable. – tobylane – 2011-01-21T10:53:52.163
Here's an alternative: http://www.iconico.com/emailProtector/
– paradroid – 2011-01-21T11:44:08.797@Saytha Looks like Ivo submitted it too. Probably better to vote up that one instead.
– Kyle Cronin – 2011-01-21T18:10:25.4206
Dupe: it was asked 1 year ago on SO. The interesting thing is that the accepted answer was the same of this post linking the same article
– systempuntoout – 2011-01-22T00:22:03.863It's not obfuscation, but I would say this is a good place to use disposable email addresses and rotate the addresses periodically (ie, automatically), with the idea that harvesters won't use the information as quickly as legitimate correspondents will. – Stephanie – 2011-07-28T01:02:54.113
I just use a website like scr.im which uses CAPTCHA before allowing anyone to see your email address. It's easy to create, easy to access for those that want to see your email address, and effective.
– galacticninja – 2012-04-06T11:18:41.357