Editing Address munging

{{Short description|Privacy technique to cloak e-mail addresses}}
{{Update|part=Alternatives|reason=References a study from two decades ago|date=February 2023}}
'''Address munging''' is the practice of disguising
an [[e-mail address]] to prevent it from being automatically collected by  unsolicited bulk e-mail providers.<ref>{{Cite web |title=Goodreads |url=https://www.goodreads.com/book/show/16731494-address-munging |access-date=2023-06-17 |website=Goodreads |language=en}}</ref> 
Address munging is intended to disguise an e-mail address in a way that prevents computer software from seeing the real address, or even any address at all, but still allows a human reader to reconstruct the original and contact the author: an email address such as, "<nowiki>no-one@example.com</nowiki>", becomes "no-one at example dot com", for instance.

Any e-mail address posted in public is likely to be automatically collected by [[computer software]] used by bulk emailers (a process known as [[e-mail address harvesting|e-mail address scavenging]]). Addresses posted on [[webpage]]s, [[Usenet]] or [[chat rooms]] are particularly vulnerable to this.<ref>[http://www.ftc.gov/bcp/conline/pubs/alerts/spamalrt.htm Email Address Harvesting: How Spammers Reap What You Sow] {{webarchive |url=https://web.archive.org/web/20060424083903/http://www.ftc.gov/bcp/conline/pubs/alerts/spamalrt.htm |date=April 24, 2006 }}, Federal Trade Commission. URL accessed on 24 April 2006.</ref> Private e-mail sent between individuals is highly unlikely to be collected, but e-mail sent to a [[mailing list]] that is [[archive]]d and made available via the [[World Wide Web|web]], or passed on to a [[Usenet]] [[news server]] and made public, may eventually be scanned and collected.

==Disadvantages==
Disguising addresses makes it more difficult for people to send [[electronic mail|e-mail]] to each other. Many see it as an attempt to fix a symptom rather than solving the real problem of [[e-mail spam]], at the expense of causing problems for innocent users.<ref>[http://www.interhack.net/pubs/munging-harmful/ Address Munging Considered Harmful], Matt Curtin</ref> In addition, there are e-mail address harvesters who have found ways to read the munged email addresses.

The use of address munging on Usenet is contrary to the recommendations of RFC 1036 governing the format of Usenet posts, which requires a valid e-mail address be supplied in the From: field of the post. In practice, few people follow this recommendation strictly.<ref>See Usenet.</ref>

Disguising e-mail addresses in a systematic manner (for example, user[at]domain[dot]com) offers little protection.<ref>{{Cite web |last=Cadman |first=Kasey |date=2023-08-12 |title=The Ineffectiveness of Email Address Munging: Understanding and Alternatives |url=https://focustechs.co.uk/the-ineffectiveness-of-email-address-munging-understanding-and-alternatives/ |access-date=2024-07-18 |website=Focus Technology Solutions |language=en-GB}}</ref>

Any impediment reduces the user's willingness to take the extra trouble to email the user. In contrast, well-maintained [[e-mail filtering]] on the user's end does not drive away potential correspondents. No spam filter is 100% immune to false positives, however, and the same potential correspondent that would have been deterred by address munging may instead end up wasting time on long letters that will merely disappear into junk mail folders.

For commercial entities, maintaining contact forms on web pages rather than publicizing e-mail addresses may be one way to ensure that incoming messages are relatively spam-free yet do not get lost. In conjunction with [[CAPTCHA]] fields, spam on such comment fields can be reduced to effectively zero, except that non-accessibility of CAPTCHAs bring the same deterrent problems as address munging itself.

== Alternatives ==
As an alternative to address munging, there are several "transparent" techniques that allow people to post a valid e-mail address, but still make it difficult for automated recognition and collection of the address:

* [[Content delivery network]] vendors, such as [[Cloudflare]], offer email address obfuscation services to their clients.<ref>{{Cite web |url=https://developers.cloudflare.com/support/more-dashboard-apps/cloudflare-scrape-shield/what-is-email-address-obfuscation/ | title=What is Email Address Obfuscation?}}</ref>
* "Transparent name mangling" involves replacing characters in the address with equivalent HTML references from the [[list of XML and HTML character entity references]], e.g. the '@' gets replaced by either 'U+0040' or '&amp;#64;' and the '.' gets replaced by either 'U+002E' or '&amp;#46;' with the user knowing to take out the dashes.<ref>{{Cite web|url=https://dr0.ch/email-munging/|first=Daniele|last=Raffo|title=Email Munging|date=20 January 2015|access-date=12 February 2015|website=Daniele Raffo}}</ref>
* Posting all or part of the e-mail address as an image,<ref>{{Cite web |url=http://hidden-email.com/ |title=E-mail as an image |access-date=2009-05-17 |archive-url=https://web.archive.org/web/20090504183814/http://hidden-email.com/ |archive-date=2009-05-04 |url-status=dead }}</ref> for example, no-one[[File:At sign.svg|15px|@|link=]]example.com, where the at sign is disguised as an image, sometimes with the [[alt attribute|alternative text]] specified as "@" to allow copy-and-paste, but while altering the address to remain outside of typical [[regular expression]]s of spambots.
* Using a client-side form with the e-mail address as a CSS3 animated [[ASCII art|text logo]] captcha and shrinking it to normal size using inline [[Cascading Style Sheets|CSS]].<ref>[https://bugs.webkit.org/attachment.cgi?id=120792 Client-side contact form generator] (the generator requires JavaScript enabled, output for displaying emails requires [[Comparison of web browsers#Web technology support|CSS]])</ref>
* Posting an e-mail address with the order of characters jumbled and restoring the order using CSS.<ref>[http://bithack.se/pub/ PHP jumbler tool] {{webarchive |url=https://web.archive.org/web/20070927091755/http://bithack.se/pub/ |date=September 27, 2007 }}</ref>
* Building the link by [[client-side scripting]].<ref>[http://www.spamstop.org/spamtools/email JavaScript address script generator] (the generator requires [[HTTP cookie|cookies]] enabled, output for displaying emails requires [[Comparison of web browsers#JavaScript support|javascript]] enabled)</ref>
* Using [[client-side scripting]] to produce a multi key email address encrypter.<ref>{{Cite web|url=http://www.tonvanhattum.com.br/email_encrypter.php|first=Ton van|last=Hattum|title=Email Address on Your Site, SPAM Protection, Encrypting|date=13 March 2012|access-date=22 February 2017|website=Ton van Hattum}}</ref>
* Using [[server-side scripting]] to run a contact form.<ref>[http://www.addressmunger.com/contact_form_generator PHP contact form generator]</ref>
* Using [[Base64]] to encode the email address.

An example of munging "<nowiki>user@example.com</nowiki>" via client-side scripting would be:
<syntaxhighlight lang="javascript">
 <script type="text/javascript">
 var name = 'user';
 var at = '@';
 var domain = 'example.com';
 document.write(name + at + domain);
 </script>
</syntaxhighlight>
The use of images and scripts for address obfuscation can cause problems for people using [[screen reader]]s and users with disabilities,
and ignores users of text browsers like [[lynx (web browser)|lynx]] and [[w3m]], although being transparent means they don't disadvantage non-English speakers that cannot understand the plain text bound to a single language that is part of non-transparent munged addresses or instructions that accompany them.

According to a 2003 study by the [[Center for Democracy and Technology]], even the simplest "transparent name mangling" of e-mail addresses can be effective.<ref>{{usurped|1=[https://web.archive.org/web/20031004024511/http://www.spamhelp.org/articles/030319spamreport.pdf "Why Am I Getting All This Spam? Unsolicited Commercial E-mail Research Six Month Report" March 2003.]}} accessed 2016-09-12</ref><ref>[http://www.cdt.org/speech/spam/030319spamreport.shtml "Why Am I Getting All This Spam? Unsolicited Commercial E-mail Research Six Month Report" March 2003.] {{webarchive |url=https://web.archive.org/web/20061218222622/http://www.cdt.org/speech/spam/030319spamreport.shtml |date=December 18, 2006 }}</ref>

==Examples==
Common methods of disguising addresses include:

{| class="wikitable"
!Disguised address
!Recovering the original address
|-
|no-one at example (dot) com
|Replace " at " with "@", and " (dot) " with "."
|-
|no-one@elpmaxe.com.invalid
|Reverse [[domain name]]: ''elpmaxe'' to ''example''<br>remove [[.invalid]]
|-
|moc.elpmaxe@eno-on
|Reverse the entire address
|-
|no-one@exampleREMOVEME.com
|Instructions in the address itself; remove REMOVEME
|-
|no-one@exampleNOSPAM.com.invalid
|Remove NOSPAM and [[.invalid]] from the address.
|-
|n o - o n e @ e x a m p l e . c o m
|This is still readable, but the spaces between letters stop most automatic spambots.
|-
|no-one&lt;i&gt;@&lt;/i&gt;example&lt;i&gt;.&lt;/i&gt;com (as HTML)
|This is still readable and can be copied directly from webpages,<br>but stops many email harvesters.
|-
|''по-опе@ехатрlе.сот''
|Cannot be copied directly from Webpages, must be manually copied. All letters except l are [[Cyrillic script|Cyrillic]] [[homoglyph]]s that are identical to Latin equivalents to the human eye but are perceived differently by most computers. (See also [[IDN homograph attack]] for more malicious use of this strategy.)
|-
|no-one{{@}}example.com
|Replace the image with "@".
|}

The reserved [[top-level domain]] [[.invalid]] is appended to ensure that a real e-mail address is not inadvertently generated.

== References == 
{{Reflist}}

==See also==
*[[Internet bot]]
*[[Netiquette]]

{{spamming}}

{{DEFAULTSORT:Address Munging}}
[[Category:Spamming]]
[[Category:Email]]
[[Category:Obfuscation]]