22 Aug 2011

Why I Don't Obfuscate My Email

One of the longstanding ‘tricks’ that I see around the web is people obfuscating their email addresses. A quick search reveals that A List Apart talked about it in 2002 and again in 2007, so it’s been around for a hell of a long time in internet terms. We still do it on the Shopify App Store when displaying developer emails. I’m not usually one to question security decisions but seriously, why the hell are we still doing this?

Spam is a solved problem

I can’t remember the last time I got a piece of spam in my inbox. There’s a pile of spam in my spam folder, but who cares? Since 2004 when I got Gmail spam has been a non-issue for me. Even if every spammer on the globe got my email I think that my filter could probably handle it.

It’s fucking annoying

Every time I see davefp (at) gmail (dot) com, I cringe. Who wants to go around removing/replacing additional crap that has been added to an address to make it more ‘secure’? If anything, I’m less likely to want to email you if you write your email like that.

It doesn’t work

I hate email obfuscation for the same reason I dislike DRM: It only harms those without malicicious intent. The example above can be defeated with a single regular expression and about 30 seconds of editing my crawling script. Meanwhile, every single human beings that has legitimate reasons to be emailing me still has to decode my address.

So please, I beg of you: stop obfuscating your email address on Twitter, Facebook, Google+ , or wherever else you might be posting it. You’re not protecting yourself, you’re just pissing off the rest of the internet.

Thanks for reading! If you like my writing, you may be interested in my book: Healthy Webhook Consumption with Rails

David at 10:00