{"id":294,"date":"2006-09-15T00:18:30","date_gmt":"2006-09-14T13:18:30","guid":{"rendered":"http:\/\/www.somethinkodd.com\/oddthinking\/emailshroud-20\/emailshroud-advanced-settings\/"},"modified":"2006-09-15T00:18:30","modified_gmt":"2006-09-14T13:18:30","slug":"emailshroud-advanced-settings","status":"publish","type":"page","link":"https:\/\/www.somethinkodd.com\/oddthinking\/emailshroud-wordpress-plugin\/emailshroud-advanced-settings\/","title":{"rendered":"Advanced Settings"},"content":{"rendered":"<h3><a name=\"advanced\"><\/a>Advanced Settings for EmailShroud<\/h3>\n<h4>Dealing without JavaScript.<\/h4>\n<p>For users with JavaScript, EmailShroud appears transparent \u00e2\u20ac\u201c they won\u00e2\u20ac\u2122t even notice it is there.<\/p>\n<p>However, a small minority of people use browsers which do not support JavaScript \u00e2\u20ac\u201c often this is for reasons of extra security. For these users, EmailShroud is noticeable. There are two ways that EmailShroud can handle these cases known as \u00e2\u20ac\u0153Action Plans\u00e2\u20ac\u009d<\/p>\n<h5>Divert to default decoder page on EmailShroud site.<\/h5>\n<p>The default behaviour is to replace the email address with a link to a decoder web-page on SomethinkOdd.com. This web-page decodes the obfuscated email address and displays it, but the user must type it in manually to their email program.<\/p>\n<p><em>Note: This default behaviour diverts the user to a 3rd party web-site \u00e2\u20ac\u201c i.e. this one. <\/em>In the unlikely case that the amount of CPU and bandwidth used by this service becomes non-trivial, I reserve the right to add (tasteful) adverts to the page that they see. I understand that may be unacceptable to some people, and I offer them an alternative action plan \u00e2\u20ac\u201c see below.<\/p>\n<h5>Transform Address<\/h5>\n<p>An alternative action plan is to include the email address in the text, after being transformed in some way so it is no longer recognizable as an email address (e.g. including some garbage in the email address, with instructions to the reader to remove it.)<\/p>\n<p>You can use the default transformation, or change the parameters to produce your own. I encourage you to produce your own to (a) localize the text to your blog\u00e2\u20ac\u2122s language or style, and (b) to prevent spammers from writing code to overcome this technique.<\/p>\n<p>The transformation occurs in three parts:<\/p>\n<ul>\n<li>a prefix, placed before the address.<\/li>\n<li>a replacement for the @ symbol.<\/li>\n<li>a suffix, placed after the address.<\/li>\n<\/ul>\n<p>This allows popular transformations like:<\/p>\n<ul>\n<li>replace the \u00e2\u20ac\u0153@\u00e2\u20ac\u009d with \u00e2\u20ac\u0153@NOSPAM.\u00e2\u20ac\u009d Or \u00e2\u20ac\u0153@REMOVEME\u00e2\u20ac\u009d<\/li>\n<li>replace the \u00e2\u20ac\u0153@\u00e2\u20ac\u009d with \u00e2\u20ac\u0153 AT \u00e2\u20ac\u0153.<\/li>\n<li>Optionally, add some text to explain to people how to modify the address.<\/li>\n<\/ul>\n<h4>Security Settings<\/h4>\n<p>EmailShroud works by obfuscating the email address. In theory, this won&#8217;t stop a motivated hacker from extracting the email address &#8211; all the information is available to decrypt the email address. In practice, it doesn&#8217;t take much to obscure the email address to a level that a spammer won&#8217;t bother, and will move on to another web-site to harvest someone else&#8217;s address.<\/p>\n<p>EmailShroud offers three levels of obfuscation so you can tradeoff between the level of security and the cost of decoding.<\/p>\n<h5>Rearrangement<\/h5>\n<p>Rearrangement is a very simple system and takes negligible computation to encode and decode. It was the only solution available in EmailShroud 1.0. While I maintain that rearrangement is currently sufficient obfuscation, critics of EmailShroud 1.0 considered it insufficient, which is why EmailShroud now offers three levels.<\/p>\n<h5>Reverse\/Shuffle<\/h5>\n<p>Reverse\/Shuffle is a still a simple system, and takes very little computation to encode and decode. Its advantage over Rearrangement is that it cannot be decoded with a trivial &#8220;regular expression&#8221; engine.<\/p>\n<h5>Triple DES (3DES)<\/h5>\n<p>3DES uses standard industry-standard encryption techniques. It is computationally it is fairly expensive, to encode and decode. It should discourage the efforts of even the stubbornest spammer!<\/p>\n<p>On a page with many email addresses, you may notice a delay in loading while the computation is performed.<\/p>\n<div class=\"aside\">The 3DES security level has been provided to silence any remaining critics of the  obfuscation levels available. In my opinion it is overkill, and is not recommended.<\/div>\n<p>Note: 3DES cannot be turned on while redirecting non-Javascript users to the EmailShroud site. This is for three reasons:<\/p>\n<ul>\n<li>The EmailShroud site remains the weakest link in the obfuscation. The spammers could merely follow the link to the EmailShroud site, and let it do the decrypting, then harvest the lightly obfuscated address from the page. If you want this level of obfuscation, you should use your own, novel, transformation strings.<\/li>\n<li>It is computationally too expensive; if EmailShroud became too popular, my server would spend its entire day decrypting email addresses.<\/li>\n<li>I had a stab at implementing it anyway, but it was very buggy and I got bored. \ud83d\ude42<\/li>\n<\/ul>\n<h4>How to Set and Debug the Options<\/h4>\n<ol>\n<li>Open the Options Panel\n<ol>\n<li>Login to your WordPress Admin site.<\/li>\n<li>Select the Options page.<\/li>\n<li>Click on the EmailShroud tab.<\/li>\n<\/ol>\n<\/li>\n<li>Select the Desired Action Plan.<\/li>\n<ul>\n<li>If you chose Transform, you can select the desired transformation parameters.\n\t<\/li>\n<li>Tip: Take care with leading and trailing spaces.<\/li>\n<\/ul>\n<li>Select the desired Security Level.<\/li>\n<li>Select Update Options, and check for warnings.<\/li>\n<li>Test your settings by turning off JavaScript in your browser, and clicking on an email address.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Advanced Settings for EmailShroud Dealing without JavaScript. For users with JavaScript, EmailShroud appears transparent \u00e2\u20ac\u201c they won\u00e2\u20ac\u2122t even notice it is there. However, a small minority of people use browsers which do not support JavaScript \u00e2\u20ac\u201c often this is for reasons of extra security. For these users, EmailShroud is noticeable. There are two ways that [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":292,"menu_order":20,"comment_status":"open","ping_status":"open","template":"","meta":{"_s2mail":"","footnotes":""},"class_list":["post-294","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/pages\/294","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/comments?post=294"}],"version-history":[{"count":0,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/pages\/294\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/pages\/292"}],"wp:attachment":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/media?parent=294"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}