Hacker News new | ask | show | jobs
by maouida 4502 days ago
great idea.

I think you can give the user the option to specify the email hash (MD5 maybe) instead of clear text email.

so either:

<form action="//api.formspree.com/user@example.com">

OR

<form action="//api.formspree.com/b58996c504c5638798eb6b511e6f49af">

You can provide the user a small tool to generate the email hash.

Good luck
3 comments
jodrellblank 4502 days ago
Gravatar uses MD5(email) as an identifier, so using that would potentially identify the recipient quite easily.
link
joshmlewis 4502 days ago
But it's good enough that an auto scraper or spam bot will find it easily.
link
maouida 4502 days ago
The recipient can be identified by email or md5(email).
link
icebraining 4502 days ago
But then how can they know where to send the email to?
link
maouida 4502 days ago
They have the email (confirmed email) in their DB. they can easily calculate the hash on the fly.
link
cbhl 4502 days ago
I'd use base64 instead of a MD5 hash, but I'm not a huge fan of security by obscurity.
link
Scryptonite 4502 days ago
This might also work:

    <form action="//api.formspree.com/user.smith/gmail.com">
Truthfully, base64 is probably better at deterring email harvesters.
link