Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Why do HN users still obscure their e-mail addresses?
42 points by ddod on Oct 1, 2012 | hide | past | favorite | 39 comments
I've been noticing that just about everyone on HN uses some form of e-mail concealment (e.g. [myusername]@gmail.com), and I'm wondering why.

The fear of spam crawlers seems very 1997, especially if you're using a modern e-mail provider. I've had my e-mail address public and mailtod on multiple high-visibility sites for about 5 years now, and I can't remember the last spam e-mail I've gotten. Is this practice just a vestige of Internet-past, or is there some other reason I'm missing?




1. Modern e-mail providers do filter out most spam, but it doesn't hurt to help lighten their load.

2. My pet theory is that the people making money out of spam are not the spammers, it is the people selling lists of email addresses. Hey, I just cut their total of email addresses by a vanishingly small fraction.

3. I lived through 1997. It wasn't pretty. Old habits die hard.

4. I consider my obfuscation to be the signature of a hacker. :-P

P.S. Your email is not visible in your information (the email entry in your account registration is not publicly visible, you have to put it in your "about" box to make it visible).


I have been asked, personally, why I don't make my email address clear on e.g. my about page before. I use discovery of my email address as FizzBuzz for my attention. If you're insufficiently invested in wanting to talk to me to find my email address, we will both be happier if you don't email me.


?

Perhaps I am deaf to the joke, but your email seems pretty trivially discoverable. The way you had phrased it, I went to your about page expecting a devious puzzle, and was disappointed.


His email is trivially discoverable in the same way that FizzBuzz is trivially programmable.

The point is not that it is hard; the point is that even a very very low barrier to entry may weed out a surprisingly large number of unsuitable applicants.


I agree. I asked about this a while ago on Super User:

http://superuser.com/questions/235937/does-e-mail-address-ob...

The top answer links to a study done a few years ago that showed that revealing your email in plain text did result in increased spam, but I don't think the study went into how effectively that spam was handled by modern spam filters.

In my own person experience, I've had my email address on my HN profile, Twitter page, personal website, Stack Exchange profiles, etc for years without any problem. I do get the occasional rare piece of spam but I think that it's more than offset by providing a no-nonsense way for people to contact me.


Regardless of the effectiveness of spam filters (unless they are literally perfect - 100% precision and 100% recall), doing something like the "Building with Javascript" method seems strictly better than doing nothing based on the linked study - it reduces spam by 99.3% and adds no work for humans who want to email you. Except for humans who have JS disabled by default, I guess...


That's exactly why I use a combination method on my personal website[0].

By default it uses the JS method for a clickable link, but if someone doesn't have JS enabled it degrades to "Email: nick at this domain (For a clickable link, turn on javascript)".

It relies on the assumption that 'someone not using javascript' == 'someone computer-savvy enough to figure out what that means', but for the people that are likely to be reading my site, I think that's a pretty safe assumption to make.

[0] - http://nickknowlson.com/contact/


'someone not using javascript' == 'someone computer-savvy enough to figure out what that means' || crawler


Are you saying:

'someone not using javascript' == ('someone computer-savvy enough to figure out what that means' || crawler)?

If so, yes that's the point. I don't want to give crawlers my email address.


The current shit I'm dealing with is people using my email address to send spam to others (fake headers etc) and then I get the "you can't send here" or "this email address is dead" responses... that sucks, I have thousands of them and I read every email so it gets old fast.


Glad to know I'm not alone.

It seems there's a spammer who's latched onto my domain. They're sending out emails to thousands of people from <some random alphanumeric string>@<my domain>. Every email sent to my domain ends up in my inbox so I get all the bounces.

I've mitigated this somewhat by setting up SPF on my domain. I use Google Apps so this article was handy: http://support.google.com/a/bin/answer.py?hl=en&answer=1...


Thanks for the link! I've reconfigured my domains DNS, if this works I am forever in your debt. I'll pass this on to a friend who also has the same issue, hopefully I can stop wasting my time getting rid of all this spam now.


I had the same opinion of your parent poster, so I tried my unobfuscated mail, and now I've got the same issue as you.

While I've trained Gmail to mark delivery status notifications as spam automatically, it's frustrating to go from maybe 5-10 real, actual emails a day and no spam at all to over ten thousand delivery status notifications a week (spammers have started using thousands of 8-character hex@domain combination addresses, and everything from my domain directs to me to catch real people I meet making typos).

I also sometimes worry that I may have to deal with some form of poorly-orchestrated vigilante retribution and/or potential blacklisting even though it's clear that the mail is not actually coming from me.


I had someone forge my AOL email address into the headers somewhere around 1999 and send out lots of spam.

A "vigilante" confronted me on AIM, we chatted about it, and he's now one of my best friends.

Not that you want it happening, just an anecdote.


As your thread-sibling notes, Sender Policy Framework solves this by using DNS records to state which mail servers are permitted to send mail from your domain.


It's for the same reason my cousin flinched every time he heard a soda can opening after returning from Iraq. We've learned a way to protect ourselves, and though the threat isn't biological... self protection mechanisms take some time to fade away.


I don't do this, but if I did, it would be to prevent tech recruiter spam, which is the only kind of spam I've seen in a long while.


How is that going to prevent tech recruiters? They can read and parse... I think.


Oh I wish tech recruiters were people, but they're not. I get emails for jobs in other countries involving abilities I simply don't have. Tech recruiting emails come from people scraping sites like this and then sending mass emails hoping the contents will apply to some of the recipients and maybe they'll even get a response.


Interesting.

I've never gotten spam before (actually never, not once), until I put my email address-- obfuscated-- into HN. Now I get one every week or so (the horror!).

I guess the reason we obfuscate is the general horror that once your email address is in a list there is no way of getting it out, so it's better to be safe than sorry.


Never?

Was your first email address @gmail.com, or something?


Nope. I'm in my late 20s, so admitedly I've only been active on the Internet for 10-15 years. I've had email addresses at my (NZ) ISP, my uni, Operamail (really), hotmail and yes, gmail.

Basically, I think I just didn't publish it raw anywhere, and I wasn't part of any user groups or anything that forces raw email addr publication.

I also have never got any viruses or anything like that either. I guess I'm cautious.


Supposedly the Gmail filter is the best. I still see it make an annoying number of errors.

I have my Gmail account as a secondary, occasionally used address, and looking at it right now, of the 23 messages it displays "above the fold" in my inbox, 7 are spam.

Currently I don't see any false-positives in the Gmail 'spam' folder, but in the past, I've even seen legitimate messages from Google's own lists there (!).

It's not that my spam filters elsewhere are any better. But, at least they don't cause me to lose forever false positives that I neglect to notice within 30 days. And, there is a definite correlation between how much spam you get and how many places your naked address appears. So if you ever review your spam folder for false positives, that process is easier if you've bee protective of your address (and thus get less spam).


Do you mark spam email that you get as spam? I rarely get spam in my GMail, but when I do I mark it as spam. Of course, maybe our habits are just different, but I like to reassure myself that I'm helping the system chug along.


I do, but only on the occasional times I check Gmail at all. It's possible it'd become better for me with more intense use/training, but I'm not ready to leap into even more dependency on Google services based on the experience so far.


Ah, well in that case it's probably partially explained by a lower volume of legitimate email that you get there if you don't really use it much.


Years ago I wasn't too careful with my email address. After using the same accounts for some time and eventually moving on to something a little more memorable (presentable, etc.) I decided to try and take care of it by not posting it anywhere without at least minimum obfuscation, and not signing up for anything I didn't explicitly trust. Four years on, and my spam folder gets at most 2 messages a month. A couple are some stupid pharma-spam, but most of them come from when my grandmother's email list got scraped. So hey, it's not bad. I hardly even have to check the spam folder for false positives, and may even turn it off completely.


I think it becomes extra-silly when you think about how easy it is to circumvent most people's additions.

I get phone call solicitations, I think from posting my phone number on Craigslist. I thought about obscuring it, and then started thinking about how most of them are so easy to decode--so I tried it for fun. Filter parentheses, whitespace, change "six" to 6, etc. See if you end up with ten digits.

Phone numbers are easier than email addresses, but I was able to scrape 95%+ of them properly, and would have gotten higher with any real effort.

I'd post the code if I could find it. It was trivial.


I never have hidden my email address, and I've never used a spam filter. I used to get a lot of spam, maybe 50 messages or so a day. Back when I got that many, I was sort of motivated to set up a spam filter... but I still never got around to it. These days, still unfiltered, I only get 2-5 a day, and I think (for me at least) setting up a spam filter is a waste of time. I guess all the cracking down on open relays and filtering SMTP etc. has done the trick?


I don't my email is orionblastar@gmail.com I don't think I hide it anymore. Only problem I get are from trolls not spammers. Gmail filters out spammers very well.


Apparently some troll sent me an email faked from hacker news that my password had changed. Nice try trolls.


I think a better question may be why don't people use an alternative to e-mail to manage inbound solicitations.

And I'm Joe@Gramicon.com. But I'd prefer gramicon.com/itsjoeco.


I don't obfuscate my email on HN, but I do on bbot.org, where I can use markup trickery to obfuscate it in source, but not on the rendered page.


HN users seem to be very anal and paranoid. That's my theory. It's not a knock, just an observation. Hang around the comments long enough and it's pretty clear. Better safe than sorry I suppose. Just look at the answers here. You have to admit they show tendencies toward being anal and paranoia.


I don't really conceal my email address anywhere online. I also don't get spam. Gmail has solved that problem for me, thankfully. Like a Ronco Rotisserie oven[1]... "set it and forget it!"

1) http://www.youtube.com/watch?v=O5s1jY1Nwl4


check your spam folder with gmail, they started to have false positives for me (they used to be really good)


I had as much legitimate mail going to the spam folder as I did actual spam, though I had entirely too much of that too. It's pretty useless IMO.


Old habits die hard, but bad habits kill.


I recently posted about this problem and created a solution for users who dont want to get spammed.

Take a look here: http://leoreavidar.com/email.php




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: