Java Glossary : mung

Last updated 2004-06-28 by Roedy Green ©1996-2004 Canadian Mind Products

Java definitions: 0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

You are here : home : Java Glossary : M words : mung.

mung

To mangle your publicly-posted email address sufficiently when you post it publicly that spammers cannot harvest it for bulk mailing lists, yet not so badly that legitimate senders cannot manually reconstruct it.

Munging is not for private emails. To mung there is both pointless and rude.

Why You Should Mung Your Address

• Munging avoids junk email.
• Junk emailers harvest email addresses from Usenet newsgroup posts, both in the headers and text body, anything that remotely looks like an email address.
• Munging is easy to do compared with other methods of avoiding spam.
• Munging lowers the percentage of good addresses harvested by the address thieves.

Why You Should Not Mung Your Address

• It breaks the automated 'reply by email' feature found in most newsreaders, forcing people to manually de-mung the address in order to email topical replies to your posts. People legitimately trying to contact you may not notice your address is munged, may refuse to take the effort to demung, or may demung incorrectly and their important messages may never get to you.
• You will irritate people legitimately trying to contact you with your little mother-may-I games. You are saying to the world, my convenience in attempting to be free from spam is more important than your convenience to be able to contact me. I am more important than you are. So there!
• If you use the same software for newsgroups and email, you will have to change the address back and forth, to avoid sending regular email with a munged address. It is both rude and inconsiderate to send personal email with a munged address. You are saying to your recipient, I want you to listen to me, but I have no interest in hearing back from you, and further I think you are likely to be careless with my address and let it fall in the hands of bulk email harvesters by posting it on the web or by selling it to them.
• It violates RFCs, the rules upon which Usenet is built.
• If you don't use the proper munging @invalid suffix, every mail sent to a munged address leads to a bounce. A bounce is an automatically generated email sent to the sender of any email that can't be delivered. Most spammers don't use real FROM: email-addresses or use the real FROM: address of some unrelated third party. Spam-mails are sent via open mail-servers, that allow relaying of mail where neither FROM: and TO: addresses necessarily belong the the server's domain. With munged email-addresses you increase the amount of data being generated during a spam-attack because:
  • A bounce will be generated on the receiving TO: side.
  • Using a non-existing FROM: address, a second bounce will be generated on the sending side.
  • Using an existing address, the innocent person receives thousands of these FROM: bounces.
  Transporting all thse bounces must be payed by the FROM: and TO: ISPs. The spammer has no additional costs, because he isn't involved.

  You can avoid these disadvantages by using the official invalid address xxx@invalid.

Use of Invalid

If you want no mail at all from anyone, use an id that ends in invalid, e.g. roedy@invalid. Don't mention any domain anywhere. This is the official way to do it. If your newsreader won't let you do that, then give it an address of the form xxx@invalid.invalid or failing that xxx@invalid.com

If you are munging, you should put .invalid as the TLD on the end to warn that the address is munged. e.g. roedy@notthemoonbutthe.com.invalid.

How To Mung

Examples of pointless munging, too easy to defeat by automation.

• george@nospam.aol.com.invalid
• georgeREMOVE.THIS@aol.com.invalid
• g e o r g e @ a o l d o t com.invalid
• georgeSPLIN@TERaol.com.invalid

You don't want to irritate your legitimate readers by requiring too many keystrokes to correct the address, e.g. g_e_o_r_g_e_@_a_o_l_d_o_t_com.invalid take many keystrokes to correct, but is easy to correct via automation.

To mung, you must be creative and original. You have to defeat two classes of demungers:

1. algorithms that demung common patterns, willing to test several variant demungings.
2. ladies in their housecoats working from home willing to test several variant demungings.

The trick to fooling (1) is to use a new pattern. The trick to fooling (2) is to require specific knowledge an unskilled person would not have. e.g.

1. roedy@HIGHKELVINmail.com.invalid. It still may go sailing over the heads of people you want to decode it to hotmail.com.
2. roedy@bluemindprod.com.no.invalid (leave out the references to Norway)

Unfortunately, if you leave hints how to remove your mung, little ladies in their housecoats can read them just as well.

On the other hand, if you are too subtle, your legitimate callers won't notice the mung, or won't be able to correctly remove it on the first try.

The Graphics Approach

I tell people to look on my website at the top of any page or more particularly at http://mindprod.com/images/mailtoroedy.png. The gif gives my true email address, but it would be difficult for a machine to read it, though a housecoat lady could. I used an odd font and made it slightly blurry to deter OCR.

SpamGourmet.com

SpamGourmet.com will give you valid email address. However, all mail directed there is just thrown away. This avoids the problem of bounced messages being generated. You will of course lose legitimate mail as well from people who don't know that spamgourmet does this.

Alternative Approaches

You may find that many companies now are hiding their email addresses. To send them email you must go to their website and send them a message by filling in a form. They have had it up to the teeth with spam.

One approach is to change your public email address from time to time, and discard the old one when it becomes too spam saturated. Keep a private one for personal communication you never post.

Eventually some Mafioso is going get ticked by spam and take some spectacular revenge which may discourage people entering the profession.

• mung FAQ The techniques he recommends for munging I believe are far too easy to defeat by automation. I base this opinion based this on my experience writing a legitimate email address harvester and de-munger I use to send the location of the FAQs to first time posters in comp.lang.java.*,
• spam
• I propose an email system based on digital ids and digitally signed documents. See mailreader/newsreader student project. If this were implemented spam as we know it would disappear. The Internet currently provides a free lunch to spammers. We can hardly expect good capitalists to do anything but leap into the feeding frenzy.

Masker ¤ mung FAQ

home	Canadian Mind Products
	mindprod.com IP:[24.87.56.253]
	Your IP:[80.134.30.163]
	You are visitor number 846.
	Please send errors, omissions and suggestions
	to improve this page to Roedy Green.
	You can get a fresh copy of this page from:	or possibly from your local J: drive mirror:
	http://mindprod.com/jgloss/mung.html	J:\mindprod\jgloss\mung.html