17 replies [Last post]
larmyia
Offline
Elder
London
Last seen: 14 years 19 weeks ago
London
Timezone: GMT+1
Joined: 2005-01-25
Posts: 1060
Points: 0

This is a topic that has been brought up before on a couple of my sites where I had the email addy visible on the contact page and I've been thinking about it a lot lately. Seeing a post from fatfreddy on site check I wanted to see what some others thought.....

I know using a form will help really reduce the spam, but what about accessibility? but more pertinent for me, the other day I printed out a web page from something or other, went to email them and found the email address wasn't on there (as I'd expected and thought it was).

now, is this a case of us deciding what's in our best interests? do we want everyone to see our email addy all the time (be it online or in print) and get more spam, or go the form way and reduce the spam?

larmyia

Tags:
Hugo
Hugo's picture
Offline
Moderator
London
Last seen: 8 years 3 weeks ago
London
Joined: 2004-06-06
Posts: 15668
Points: 2806

spam via email addy on contact pages

Well for print purposes I suppose one could follow the method employed on many forums and places where an email address needs to be left but they don't want it spammed which is to write it thusly

someone at somewhere.com or somebody @ someplace.com given that most people know now how to reconstruct an email address to use it correctly, either that or one obfuscates it in some way to fool spam bots with some form of encoding, although bots are always supposed to be getting around these techniques.

Hugo.

Before you make your first post it is vital that you READ THE POSTING GUIDELINES!
----------------------------------------------------------------
Please post ALL your code - both CSS & HTML - in [code] tags
Please validate and ensure you have included a full Doctype before posting.
Why validate? Read Me

larmyia
Offline
Elder
London
Last seen: 14 years 19 weeks ago
London
Timezone: GMT+1
Joined: 2005-01-25
Posts: 1060
Points: 0

spam via email addy on contact pages

it's always give and take in this business...

larmyia

Lorraine
Lorraine's picture
Offline
Elder
UK
Last seen: 16 years 23 weeks ago
UK
Timezone: GMT+1
Joined: 2005-01-04
Posts: 1001
Points: 0

spam via email addy on contact pages

Back to fatfreddy, larmyia. I've just put up a method that may help defeat the email address harvesters - for a while that is - nothing lasts Crying .

artcoder
artcoder's picture
Offline
Enthusiast
Last seen: 9 years 4 days ago
Timezone: GMT-8
Joined: 2005-07-27
Posts: 69
Points: 0

Email address that can not be harvested by spam-bots

There are several solutions to having an email address that can not be harvested by spam-bots.

1) Use a graphic image of your email address.

2) Use obfuscated form of the email.

3) Use a submit form.

4) Use javascript to dynamically generate the email address on the fly.

I use method 2 in public forum posts. For example ...

-artcoder (at)
http://webmarksonline.com

Some people will be able to construct my real address from that. But if not, they can just click that link to my site and contact me from there.

Then at my site, I use both method 3 (see http://www.webmarksonline.com/services/contact.htm)
and method 4.

See my email link at the footer of my site. This is an actual working email link. And it prints. However, spam-bots usually can not haverst it because that link is dynamically constructed on-the-fly using Javascript at the time of page-load. In other words, if you do a view-source on my page, you will not see the actual email address. If you want to know how to construct this, email me.

-artcoder (at)
http://webmarksonline.com

briski
briski's picture
Offline
Elder
London
Last seen: 10 years 33 weeks ago
London
Timezone: GMT+1
Joined: 2004-02-16
Posts: 1066
Points: 0

spam via email addy on contact pages

It's a thorny issue I have to admit and one that get brought up by many a client. My opinion is that there is not a lot we can do that will not harm one set or users or another.

The main reason people do widgety things with their email address is to make like easier for them, often at the expence of the site users.

What I recomend is leaving the address for all to see, then tracing each and every bit of spam and paying a "visit" to it's sender. This has several benefits:

    You get to see the world,
    It's always nice to meet with new people
    It's a great stress relif to "persuede" Spammers to stop

I advise packing a couple of nice sharp pitch forks Laughing out loud

[/][/][/]
HellsBells
HellsBells's picture
Offline
Leader
Bedford, UK
Last seen: 14 years 39 weeks ago
Bedford, UK
Joined: 2004-04-07
Posts: 851
Points: 0

spam via email addy on contact pages

I obfuscate my e-mail too. The spam arriving in my inbox has dropped considerably since I did this.

My strategy is so simple an idiot could have devised it!

"Also, your CSS (no offence) makes me want to gouge my eyes out with a rusty spoon" - TPH

roytheboy
roytheboy's picture
Offline
Guru
North Wales, UK
Last seen: 9 years 27 weeks ago
North Wales, UK
Timezone: GMT+1
Joined: 2004-09-18
Posts: 2233
Points: 41

spam via email addy on contact pages

One or other of the European ecommerce directives says that you MUST display a working email address on a business website. I take the view that if they don't get your address by harvesting, they'll get it by some other means and spam always seems to be a problem whether or not the address has been harvested. So I put all my time and energy (with assistance from a sysadmin chum) into running a 99.99% effective spam filtering system (for all my clients) based on SpamAssassin with lots of bolt-on extras and some careful configuration. It's a pain having to do it but it's extremely effective and it saves having to worry about all the methods detailed above.

Life's a b*tch and then you die!

Lorraine
Lorraine's picture
Offline
Elder
UK
Last seen: 16 years 23 weeks ago
UK
Timezone: GMT+1
Joined: 2005-01-04
Posts: 1001
Points: 0

spam via email addy on contact pages

roytheboy wrote:
One or other of the European ecommerce directives says that you MUST display a working email address on a business website.

I'm sure you're right there - but I can't find the actual do-da.
However, using code like this: (It should be unbroken but I have put in a couple of spaces to allow wrap around.)
<p>email:<a href="mailto:&#x61;&#x64; &#x6D;in&#x40;x&#x79;&#x7A;&#x69;
n c&#x2E;&#x63;o&#x6D;">&#x61;&#x64;&#x6D;

n&#x40;x&#x79;&#x7A;&#x69;nc&#x2E;
&#x63;o&#x6D;</a></p>

Will obfuscate the address and any text. In this example the web site shows the address quite clearly as a working link to:
email:[email protected]

Anyone interested can try it out at:
http://www.seowebsitepromotion.com/obfuscate_email.asp
There are examples of some other things you can do as well. BUT, please bear in mind this is not a panacea. The spambot kids are clever(ish) and will work it out - eventually.
As Roy points out if your address isn't harvested by spambots, people will get it by other means Wink

rck
Offline
Enthusiast
Last seen: 15 years 49 weeks ago
Joined: 2004-09-26
Posts: 75
Points: 0

spam via email addy on contact pages

The Encoded email address harvester might only be a design-study. Still, it should be able to deobfuscate that email-address...

Lorraine
Lorraine's picture
Offline
Elder
UK
Last seen: 16 years 23 weeks ago
UK
Timezone: GMT+1
Joined: 2005-01-04
Posts: 1001
Points: 0

spam via email addy on contact pages

rck wrote:
Still, it should be able to deobfuscate that email-address...

I tried two sites (independent of mine) that have fully encoded addresses. It did not pick them up, but that is not to say a similar widget never will. The coder of this one accepts it is not foolproof.

The "safest" way has to be that used by roytheboy - if only we all had access to similar resources such as own server and the knowledge required to set it up against spambots.

roytheboy
roytheboy's picture
Offline
Guru
North Wales, UK
Last seen: 9 years 27 weeks ago
North Wales, UK
Timezone: GMT+1
Joined: 2004-09-18
Posts: 2233
Points: 41

spam via email addy on contact pages

I would imagine that it would only take me a few hours to script an effective deobfuscating filter, so the professional harvesting outfits will have absolutely no problem getting round most obfuscation techniques.

If I didn't have my own internet services (which is what my business provides to it's clients) then I guess I'd opt for the 'contact form' method (which all my sites offer anyway) combined with a graphic of the email address ...harvest that then you [email protected] Wink

Life's a b*tch and then you die!

rmfred
rmfred's picture
Offline
Elder
Rock Springs, WY
Last seen: 4 years 16 weeks ago
Rock Springs, WY
Timezone: GMT-6
Joined: 2004-01-31
Posts: 1073
Points: 31

spam via email addy on contact pages

What are everyones thoughts on using a form and a database to hold the email address?

For example, hovering over an email link will display the following in the status bar..
http://www.mysite.org/includes/testform.asp?MailToId=2

Clicking on the link displays a JS popup form, testform.asp... which could be changed from a popup to just a regular page with the form to help with accessibilty.

Just accessing testform.asp and viewing source does not show any email addresses.

Accessing testform.asp and filling out the form and attempting to submit the form returns a Syntax error (missing operator) in query expression 'MailToID ='.

I don't see how any "bot" could harvest an address in this scenario.

The above seems to be pretty secure.. although I am not naive enough to believe it can't be fooled. I would imagine something could be written to have a browser go to http://www.mysite.org/includes/testform.asp?MailToId=2, complete the form and click submit?

Worse yet, if you have JS disabled you can go to http://www.mysite.org/includes/testform.asp?MailToId=2 and click submit without any form validation happening...

SO WHAT'S A PERSON TO DO?
TIA for any ideas

artcoder
artcoder's picture
Offline
Enthusiast
Last seen: 9 years 4 days ago
Timezone: GMT-8
Joined: 2005-07-27
Posts: 69
Points: 0

spam via email addy on contact pages

Just my two cents... But of all the techniques, I like the dynamic Javascript construction of the email address the best because it is the most flexible.

See this tutorial on how to implement it:
http://webmarksonline.com/content/dynamicemaillink.htm

HellsBells
HellsBells's picture
Offline
Leader
Bedford, UK
Last seen: 14 years 39 weeks ago
Bedford, UK
Joined: 2004-04-07
Posts: 851
Points: 0

spam via email addy on contact pages

What happens with JS switched off - does it display at all?

My strategy is so simple an idiot could have devised it!

"Also, your CSS (no offence) makes me want to gouge my eyes out with a rusty spoon" - TPH

briski
briski's picture
Offline
Elder
London
Last seen: 10 years 33 weeks ago
London
Timezone: GMT+1
Joined: 2004-02-16
Posts: 1066
Points: 0

spam via email addy on contact pages

Nope, you would need to have the normal link in noscript tags to get that to wo..... Hang on a moment that would be pointless Wink

In response to rmfred you can do that indeed and have the email address stuck at the back, but there are auto form filling doofers out there that can still annoy. But it cuts down a lot of thje problems.

As to what a person is supposed to do - well get used to spam to some extent alas. Sad

Lorraine
Lorraine's picture
Offline
Elder
UK
Last seen: 16 years 23 weeks ago
UK
Timezone: GMT+1
Joined: 2005-01-04
Posts: 1001
Points: 0

spam via email addy on contact pages

briski wrote:
well get used to spam to some extent alas

I would get withdrawal symptons without regular giggle sessions brought on by the entreaties of a family member of a murdered African senior government official who has oodles of cash to give me, provided I send them my bank details :roll:

artcoder
artcoder's picture
Offline
Enthusiast
Last seen: 9 years 4 days ago
Timezone: GMT-8
Joined: 2005-07-27
Posts: 69
Points: 0

spam via email addy on contact pages

The dynamic javascript method mentioned here requires that Javascript be turned on otherwise the address will not display.

Oh well, each method has it own drawbacks. Thanks for pointing it out.