# e-mail

havron@cs.cornell.edu

The mail forwarding service powering this address is unwieldy: usually it takes a minute or so for me to get e-mails sent here, and in the worst case, I do not get e-mails for an hour or more after the initial timestamp! Yikes!

sgh65@cornell.edu

I will get your message instantaneously if you send it to this perhaps “less-memorable” address; it’s my initials concatenated with the year my university (1865) or CS department (1965) was founded, modulo 100.

# Nota Bene: The E-mail Obfuscation Game

## Should you play the game?

My addresses are easily harvested; for now, I allow this because I want to build a better understanding of the detriments of obfuscation strategies to user-friendliness (including JS environment assumptions) before committing to deploying one. The ultimate necessity of obfuscation is also unclear to me.

Most harvesters use sophisticated regex (and in the case of addresses embedded in images, OCR) techniques to reconstruct e-mail addresses. More aggressive adversaries might simply hire humans on Amazon’s Mechanical Turk as harvesters, which breaks virtually all obfuscation strategies!

If you are planning on adopting an obfuscation strategy of your own, please first consider interesting honeypot experiments you could run through posting targeted aliases of your e-mail address publicly…

## More Optimal Obfuscation Strategies

For anyone interested in playing the e-mail obfuscation game, there’s a myriad of strategies that often trade user-friendliness for stronger obfuscation guarantees (e.g. e-mail addresses hidden behind Google CAPTCHAs seem pretty robust).

Short of directly inviting people to contact me, I have not come up with a reliable and user-friendly obfuscation strategy to protect myself from the inevitable crowd-source-powered (human) harvesters. My strategy would likely entail a written description of how to construct my address, described in a way that is sufficiently difficult for state-of-the-art NLP techniques to solve, and such that there is a way for the construction to distinguish between legitimate users and human harvesters.

Have a great strategy in mind? Let’s chat!