Security Improvements to Directory of Members

Upgrade to Members' E-mail Address Security

The Directory of AVLIC Members has undergone updates to the coding and programming to improve the security of members' e-mail addresses. 

 

The concern was that spam-bots (automated computer programs which harvest e-mail addresses from the internet with the intent to create spam lists) could access the former page-coding to harvest the e-mail addresses of members listed in the Directory. The e-mail addresses could then be used to create junk-mail lists or direct target campaigns (as described in Potentially Fraudulent E-mail Soliciting Interpreting Services).

 

Spam-mail lists collected before the re-programming cannot be rescinded; however, new spam-mail lists can no longer be generated. As a result of re-programming, the Directory of AVLIC Members is no longer suceptable to automated e-mail address collection (spam-bot) software.

 

Your AVLIC Board and office are doing our best to protect your e-mail addresses. We are confident these current updates will provide more security from spam-bots trolling the Directory of AVLIC Members. If you have any further questions or concerns, please let us know by contacting avlic@avlic.ca.


For members who want to know all the details, here is more information about the reprogramming process:

 

Even though the Directory of AVLIC Members appears to be unchanged from the former layout, the programming behind the scenes has been updated and made more secure.

  • Before the change, a member's e-mail address was displayed and an automated "mailto:" protocol was generated (by clicking on the member's e-mail address the user's mail program automatically populated an e-mail to the member). These features were not a concern, but the e-mail address was readily contained in the page-coding. Spam bots are designed to search for this type of page-coding with e-mail addresses and harvest the addresses for their spam lists.
  • Now the re-programming has been done, the layout looks the same, a member's e-mail address is still visibly displayed, an automated "mailto:" protocol is still generated; however, the e-mail address on the page-coding has been replaced with a generic "+results+" coding. Spam-bots are not able to read the member's e-mail address and the automated search result only yields the useless term: +results+ 

 

Captcha

Members may question why the e-mail address is still visibly displayed and an automated "mailto:" protocol is still generated. The reasoning is because this allows a legitimate consumer to be able to see the member's e-mail address and the handy, automated ‘send an e-mail to the person’ feature is still available. Consideration was given to using a Captcha® type of system (sample Captcha® shown to the right), but the re-programming that was used yields the same protection in a more user-friendly way.

 

From a more technical standpoint, web crawlers can no longer use AJAX programming to retrieve information from our Directory's database, specifically members' e-mail addresses.