
Ask HN: Why do HN users still obscure their e-mail addresses? - ddod
I've been noticing that just about everyone on HN uses some form of e-mail concealment (e.g. [myusername]@gmail.com), and I'm wondering why.<p>The fear of spam crawlers seems very 1997, especially if you're using a modern e-mail provider. I've had my e-mail address public and mailtod on multiple high-visibility sites for about 5 years now, and I can't remember the last spam e-mail I've gotten. Is this practice just a vestige of Internet-past, or is there some other reason I'm missing?
======
gvb
1\. Modern e-mail providers do filter out most spam, but it doesn't hurt to
help lighten their load.

2\. My pet theory is that the people making money out of spam are not the
spammers, it is the people _selling lists of email addresses._ Hey, I just cut
their total of email addresses by a vanishingly small fraction.

3\. I lived through 1997. It wasn't pretty. Old habits die hard.

4\. I consider my obfuscation to be the signature of a hacker. :-P

P.S. Your email is not visible in your information (the email entry in your
account registration is not publicly visible, you have to put it in your
"about" box to make it visible).

------
patio11
I have been asked, personally, why I don't make my email address clear on e.g.
my about page before. I use discovery of my email address as FizzBuzz for my
attention. If you're insufficiently invested in wanting to talk to me to find
my email address, we will both be happier if you don't email me.

~~~
sbierwagen
?

Perhaps I am deaf to the joke, but your email seems pretty trivially
discoverable. The way you had phrased it, I went to your about page expecting
a devious puzzle, and was disappointed.

~~~
wikwocket
His email is trivially discoverable in the same way that FizzBuzz is trivially
programmable.

The point is not that it is hard; the point is that even a very very low
barrier to entry may weed out a surprisingly large number of unsuitable
applicants.

------
kylec
I agree. I asked about this a while ago on Super User:

[http://superuser.com/questions/235937/does-e-mail-address-
ob...](http://superuser.com/questions/235937/does-e-mail-address-obfuscation-
actually-work)

The top answer links to a study done a few years ago that showed that
revealing your email in plain text did result in increased spam, but I don't
think the study went into how effectively that spam was handled by modern spam
filters.

In my own person experience, I've had my email address on my HN profile,
Twitter page, personal website, Stack Exchange profiles, etc for years without
any problem. I do get the occasional rare piece of spam but I think that it's
more than offset by providing a no-nonsense way for people to contact me.

~~~
FaceKicker
Regardless of the effectiveness of spam filters (unless they are literally
perfect - 100% precision and 100% recall), doing something like the "Building
with Javascript" method seems strictly better than doing nothing based on the
linked study - it reduces spam by 99.3% and adds no work for humans who want
to email you. Except for humans who have JS disabled by default, I guess...

~~~
nickknw
That's exactly why I use a combination method on my personal website[0].

By default it uses the JS method for a clickable link, but if someone doesn't
have JS enabled it degrades to "Email: nick at this domain (For a clickable
link, turn on javascript)".

It relies on the assumption that 'someone not using javascript' == 'someone
computer-savvy enough to figure out what that means', but for the people that
are likely to be reading my site, I think that's a pretty safe assumption to
make.

[0] - <http://nickknowlson.com/contact/>

~~~
weinzierl
'someone not using javascript' == 'someone computer-savvy enough to figure out
what that means' || crawler

~~~
nickknw
Are you saying:

'someone not using javascript' == ('someone computer-savvy enough to figure
out what that means' || crawler)?

If so, yes that's the point. I don't want to give crawlers my email address.

------
citricsquid
The current shit I'm dealing with is people using my email address to send
spam to others (fake headers etc) and then I get the "you can't send here" or
"this email address is dead" responses... _that_ sucks, I have thousands of
them and I read every email so it gets old fast.

~~~
bri3d
I had the same opinion of your parent poster, so I tried my unobfuscated mail,
and now I've got the same issue as you.

While I've trained Gmail to mark delivery status notifications as spam
automatically, it's frustrating to go from maybe 5-10 real, actual emails a
day and no spam at all to over ten thousand delivery status notifications a
week (spammers have started using thousands of 8-character hex@domain
combination addresses, and everything from my domain directs to me to catch
real people I meet making typos).

I also sometimes worry that I may have to deal with some form of poorly-
orchestrated vigilante retribution and/or potential blacklisting even though
it's clear that the mail is not actually coming from me.

~~~
sejje
I had someone forge my AOL email address into the headers somewhere around
1999 and send out lots of spam.

A "vigilante" confronted me on AIM, we chatted about it, and he's now one of
my best friends.

Not that you want it happening, just an anecdote.

------
swalsh
It's for the same reason my cousin flinched every time he heard a soda can
opening after returning from Iraq. We've learned a way to protect ourselves,
and though the threat isn't biological... self protection mechanisms take some
time to fade away.

------
flipstewart
I don't do this, but if I did, it would be to prevent tech recruiter spam,
which is the only kind of spam I've seen in a long while.

~~~
omarchowdhury
How is that going to prevent tech recruiters? They can read and parse... I
think.

~~~
flipstewart
Oh I wish tech recruiters were people, but they're not. I get emails for jobs
in other countries involving abilities I simply don't have. Tech recruiting
emails come from people scraping sites like this and then sending mass emails
hoping the contents will apply to some of the recipients and maybe they'll
even get a response.

------
SCdF
Interesting.

I've never gotten spam before (actually never, not once), until I put my email
address-- obfuscated-- into HN. Now I get one every week or so (the horror!).

I guess the reason we obfuscate is the general horror that once your email
address is in a list there is no way of getting it out, so it's better to be
safe than sorry.

~~~
sbierwagen
_Never?_

Was your first email address @gmail.com, or something?

~~~
SCdF
Nope. I'm in my late 20s, so admitedly I've only been active on the Internet
for 10-15 years. I've had email addresses at my (NZ) ISP, my uni, Operamail
(really), hotmail and yes, gmail.

Basically, I think I just didn't publish it raw anywhere, and I wasn't part of
any user groups or anything that forces raw email addr publication.

I also have never got any viruses or anything like that either. I guess I'm
cautious.

------
gojomo
Supposedly the Gmail filter is the best. I still see it make an annoying
number of errors.

I have my Gmail account as a secondary, occasionally used address, and looking
at it right now, of the 23 messages it displays "above the fold" in my inbox,
_7_ are spam.

Currently I don't see any false-positives in the Gmail 'spam' folder, but in
the past, I've even seen legitimate messages from Google's own lists there
(!).

It's not that my spam filters elsewhere are any better. But, at least they
don't cause me to lose forever false positives that I neglect to notice within
30 days. And, there is a definite correlation between how much spam you get
and how many places your naked address appears. So if you _ever_ review your
spam folder for false positives, that process is easier if you've bee
protective of your address (and thus get less spam).

~~~
prophetjohn
Do you mark spam email that you get as spam? I rarely get spam in my GMail,
but when I do I mark it as spam. Of course, maybe our habits are just
different, but I like to reassure myself that I'm helping the system chug
along.

~~~
gojomo
I do, but only on the occasional times I check Gmail at all. It's possible
it'd become better for me with more intense use/training, but I'm not ready to
leap into even more dependency on Google services based on the experience so
far.

~~~
prophetjohn
Ah, well in that case it's probably partially explained by a lower volume of
legitimate email that you get there if you don't really use it much.

------
evoxed
Years ago I wasn't too careful with my email address. After using the same
accounts for some time and eventually moving on to something a little more
memorable (presentable, etc.) I decided to try and take care of it by not
posting it anywhere without at least minimum obfuscation, and not signing up
for anything I didn't explicitly trust. Four years on, and my spam folder gets
at most 2 messages a month. A couple are some stupid pharma-spam, but most of
them come from when my grandmother's email list got scraped. So hey, it's not
bad. I hardly even have to check the spam folder for false positives, and may
even turn it off completely.

------
sejje
I think it becomes extra-silly when you think about how easy it is to
circumvent most people's additions.

I get phone call solicitations, I think from posting my phone number on
Craigslist. I thought about obscuring it, and then started thinking about how
most of them are so easy to decode--so I tried it for fun. Filter parentheses,
whitespace, change "six" to 6, etc. See if you end up with ten digits.

Phone numbers are easier than email addresses, but I was able to scrape 95%+
of them properly, and would have gotten higher with any real effort.

I'd post the code if I could find it. It was trivial.

------
tsuyoshi
I never have hidden my email address, and I've never used a spam filter. I
used to get a lot of spam, maybe 50 messages or so a day. Back when I got that
many, I was sort of motivated to set up a spam filter... but I still never got
around to it. These days, still unfiltered, I only get 2-5 a day, and I think
(for me at least) setting up a spam filter is a waste of time. I guess all the
cracking down on open relays and filtering SMTP etc. has done the trick?

------
orionblastar
I don't my email is orionblastar@gmail.com I don't think I hide it anymore.
Only problem I get are from trolls not spammers. Gmail filters out spammers
very well.

~~~
orionblastar
Apparently some troll sent me an email faked from hacker news that my password
had changed. Nice try trolls.

------
joeco
I think a better question may be why don't people use an alternative to e-mail
to manage inbound solicitations.

And I'm Joe@Gramicon.com. But I'd prefer gramicon.com/itsjoeco.

------
sbierwagen
I don't obfuscate my email on HN, but I do on bbot.org, where I can use markup
trickery to obfuscate it in source, but not on the rendered page.

------
bpatrianakos
HN users seem to be very anal and paranoid. That's my theory. It's not a
knock, just an observation. Hang around the comments long enough and it's
pretty clear. Better safe than sorry I suppose. Just look at the answers here.
You have to admit they show tendencies toward being anal and paranoia.

------
whalesalad
I don't really conceal my email address anywhere online. I also don't get
spam. Gmail has solved that problem for me, thankfully. Like a Ronco
Rotisserie oven[1]... "set it and forget it!"

1) <http://www.youtube.com/watch?v=O5s1jY1Nwl4>

~~~
gmail2
check your spam folder with gmail, they started to have false positives for me
(they used to be really good)

~~~
espyb
I had as much legitimate mail going to the spam folder as I did actual spam,
though I had entirely too much of that too. It's pretty useless IMO.

------
RollAHardSix
Old habits die hard, but bad habits kill.

------
bavidar
I recently posted about this problem and created a solution for users who dont
want to get spammed.

Take a look here: <http://leoreavidar.com/email.php>

