Does email obfuscation work? Does your favorite method work? Does the email obfuscation method you're using with your blog work? Maybe email obfuscation works; maybe it doesn't. It's hard to tell, because we don't conduct controlled tests. Until now.

The Plan to Test Email Obfuscation

It's simply disturbing how many people claim that email obfuscation works or claim that it does not work. Either way, I have not seen any proof to support either claim. The proof is all based on anecdote and common sense. Anecdote and common sense at not bad, but they are not enough to base specific claims on either. My plan is to provide, as best I can, solid evidence using controlled tests. Two friends and I are going to conduct the test.

The test is to create new email addresses, that I do not use for anything else, and publish them on several Web sites using email obfuscation methods. The email addresses that receive spam will be proven ineffective. The email addresses that do not receieve spam will be proven effective.

Preparing for the Email Obfuscation Test

To make sure the test is conducted in a reliable manner, there are several issues to consider.

Issues to Consider

• How do we judge that any email receieved a) is spam, b) was sent by a spambot, and c) was harvested by a spambot? While it should be obvious whether recieved email is spam or not, it is possible that a human collected the email address manually. PRIMARY TEST: We want to rule out human intervention in the act of harvesting email addresses. We are primarily interested in automated email harvesting programs. Automated email harvesting is what email obfuscation is designed to prevent.
• How do we isolate the email addresses in order to prevent humans from finding and using the email addresses, so that only spambots will find them? We should design the test so that only spambots, not humans, will find the email addresses; the best way to do this might be to create links that spambots will follow but that humans would be unaware of. The links could be visually hidden.
• How will we be sure that spambot can find the email addresses, if we are hiding them somehow? While we do want to hide the email addresses in some way so that people won't find and use them, we need to make sure that the measure we take do not prevent or hinder spambots.
• If a person does find the email address, how do we tell the user that the email address is fake so they won't use it? No matter how well thought out our tactics happen to be, there is always the chance that a person will find the email address and use it. We need to reduce the changes that a person will use any of the test email addresses. Malicious people might even try to ruin our test by pretending to be a spambot and sending fake spam.

When Will the Test Start?

The test will start after we have addressed the issues to consider and have written the code for the test. This preparation may take a couple of weeks. So the test will most likely start in the middle to the end of September, 2006.