On Fri, 15 Aug 2003 16:32:20 -0400, in <alt.privacy.spyware>, "Jbob"
<jbob1957@NoHotmail1.com> wrote:
>
[snip]
>
> I've have also read the posting for AOL users however that was written
> several years ago. I question the technique of using INVALID in place of
> the domain.
[snip]

Not "in place of"; but "appended to" (so that ".invalid" effectively becomes
the TLD) -- at least presuming that you want to leave a human-decipherable
address in that field.

> In the very same section it mentions not using something that
> is too "Standard". If everyone is using .INVALID then wouldn't that make
> it easy for the bots/harvesters to just strip out the INVALID and then
> all the Spammers need to do is add either .com or .net and then get a
> users valid email address?
[snip]

But that is not the only "correct" way to MUNGe, just one of the
possibilities (someone else mentioned that it grew out of the limitations
imposed by AOHell's lame mail system). And further, nothing says that the
address you use, when the trailing ".invalid" is stripped off, must be valid
(or even point to a valid domain). The key point is that the trailing
".invalid" flags the address as... well... "invalid" -- so a (properly
functioning) sending server just stops trying to deal with it and moves on.

I agree that some 'bots attempt to de-MUNGe the addresses they harvest; but
most of them do an INCREDIBLY bad job, so even this simplistic approach is
remarkably effective. Another valid approach is to use <example.com>, which
by definition does not go anywhere; and yet another is to use a
whitelisted/auto-responder address at a domain you control.

> Seems like bad advice to me. Besides you didn't use
> invalid in your munge :-)
[snip]

What "munge"? I don't MUNGe my "From:" address, I *tag* it with a
date-sensitive "plus tag" -- that's a different technique entirely; and one
of the reasons I use it can be found in the phrase... "Give 'em enough rope
to hang themselves."

The "Reply-To: string doesn't use a valid TLD, so it won't resolve or route.
Hence, no wasted traffic (tho' admittedly, the sending server would still
have to do a trivial amount of tap-dancing to determine that, if anyone were
dumb enough to try sending mail to <address@signature.blk>).

Finally, the address in my .sig *is* (lightly) MUNGed; but still uses one of
my own domains -- so any misdirections based on a bad de-MUNGing job would
presumably not be inflicted on others.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -