beating the spambots with javascript

Discussion in 'Javascript' started by luke, Apr 25, 2005.

  1. luke

    luke Guest

    hi,

    i'm wondering what strategies people use to try to beat the spambots,
    but still have their email addresses printed as a clickable text link.
    for one off email addresses i use the encrypter at
    http://www.corbysimpson.com/encrypt.asp except for this case i'll be
    reading email addresses from a database and printing them to the page,
    so no luck running it through another page beforehand.

    so i was wondering if the way of breaking up email addresses into 2
    parts, and assigning them to variables in javascript, like a = name; b
    = website.org.nz, and then going a + '@' + b to write it on the page
    works. i'm never sure whether the spambots are so smart they can read
    javascript and put the email addresses back together that way.

    thanks
    luke
    luke, Apr 25, 2005
    #1
    1. Advertising

  2. luke

    Ash Guest

    Perhaps your best bet is simply to exclude email addresses from your site,
    and instead use Forms that post to a script to then email the message?

    Sometimes better incase the user hasn't an email client handy, i.e. if using
    an Airport internet terminal or similar.

    Cheers, Ash


    "luke" <> wrote in message
    news:...
    > hi,
    >
    > i'm wondering what strategies people use to try to beat the spambots,
    > but still have their email addresses printed as a clickable text link.
    > for one off email addresses i use the encrypter at
    > http://www.corbysimpson.com/encrypt.asp except for this case i'll be
    > reading email addresses from a database and printing them to the page,
    > so no luck running it through another page beforehand.
    >
    > so i was wondering if the way of breaking up email addresses into 2
    > parts, and assigning them to variables in javascript, like a = name; b
    > = website.org.nz, and then going a + '@' + b to write it on the page
    > works. i'm never sure whether the spambots are so smart they can read
    > javascript and put the email addresses back together that way.
    >
    > thanks
    > luke
    Ash, Apr 25, 2005
    #2
    1. Advertising

  3. luke

    Danny@Kendal Guest

    "luke" <> wrote in message
    news:...
    > hi,
    >
    > i'm wondering what strategies people use to try to beat the spambots,
    > but still have their email addresses printed as a clickable text link.
    > for one off email addresses i use the encrypter at
    > http://www.corbysimpson.com/encrypt.asp except for this case i'll be
    > reading email addresses from a database and printing them to the page,
    > so no luck running it through another page beforehand.


    Either use a server-side mailer or show your email address as an image
    instead of a clickable link.

    Other than that you could setup a separate email address which bounces
    emails which don't have a certain text string in the subject line, the
    subject line being provided automatically by the clickable link.
    Danny@Kendal, Apr 25, 2005
    #3
  4. luke wrote:

    [snip]

    > i'm never sure whether the spambots are so smart they can read
    > javascript and put the email addresses back together that way.


    Apparently, one tool used for address harvesting can, but I don't recall
    its name. It shouldn't be that hard anyway. A bot could be built on top
    of an existing rendering engine (such as Microsoft's WebBrowser
    control), which would be able to transparently parse both character
    entity references and any client-side script.

    If you don't want your address exposed to bots, don't place it on the
    Web. Use form mail instead. Alternatively, just live with it.

    Mike

    --
    Michael Winter
    Replace ".invalid" with ".uk" to reply by e-mail.
    Michael Winter, Apr 25, 2005
    #4
  5. luke

    luke Guest

    [snip]

    > If you don't want your address exposed to bots, don't place it on the
    > Web. Use form mail instead. Alternatively, just live with it.


    them's harsh but true words mike.

    good advice from everybody.

    normally i would follow one of those ideas - using a formmail script (or
    writing one myself with nice html-formatted headers with php), or replacing
    it with an image. except in this case these are other people's email
    addresses, it's for a community of audio artists to contact each other, so
    i'd prefer showing an email address and letting them use that with their own
    email client, because they might want to add that person to their contacts
    etc. .. and the problem with the image is accessability. again there's no
    way of pasting to your own email client, or adding to your contacts, without
    manual typing anyway.

    so should i assume there's no safe way to show email as text links? i might
    resort to printing them as name_AT_blabla.co.nz, or is this not particularly
    deceptive these days and the spambots can read that as well?

    many thanks
    luke
    luke, Apr 25, 2005
    #5
  6. luke

    Greg N. Guest

    luke wrote:

    > so i was wondering if the way of breaking up email addresses into 2
    > parts, and assigning them to variables in javascript, like a = name; b
    > = website.org.nz, and then going a + '@' + b to write it on the page
    > works. i'm never sure whether the spambots are so smart...


    I'm convinced they are. I once did exactly what you're proposing here,
    and a year later the mailbox was thoroughly spam infested.
    Greg N., Apr 25, 2005
    #6
  7. luke

    Greg N. Guest

    luke wrote:

    > ... in this case these are other people's email
    > addresses, it's for a community...


    I'd be mighty pissed if somebody put my mail address on a web page, no
    matter how thoroughly (he thinks) he has guarded it from bot access.
    Greg N., Apr 25, 2005
    #7
  8. luke wrote:

    [snip]

    > i might resort to printing them as name_AT_blabla.co.nz, or is this
    > not particularly deceptive these days and the spambots can read that
    > as well?


    Just conjecture...

    I suppose it would depend on how predictable the format is. Something
    that might be meaningful to screen readers and aural browsers would be

    name(at)domain(dot)com

    but that's relatively easy to find. A fairly unique alternative could be
    impossible until it's been found by a bot author.

    Of course, this would reduce ease of use somewhat. The format would have
    to recognisable unless the context clearly indicated e-mail addresses,
    and it would take editing to make the address usable. That said, there
    would be no scripting dependency and it could be more successful than a
    scripted solution.

    Mike

    --
    Michael Winter
    Replace ".invalid" with ".uk" to reply by e-mail.
    Michael Winter, Apr 25, 2005
    #8
  9. [OT] Finding oneself spammed (was: Re: beating the spambots withjavascript)

    Greg N. wrote:

    > luke wrote:


    [snip]

    >> i'm never sure whether the spambots are so smart...

    >
    > I'm convinced they are. I once did exactly what you're proposing here,
    > and a year later the mailbox was thoroughly spam infested.


    An interesting experiment you might want to try is to search for your
    e-mail address with a search engine. I once Googled for my address and
    found that someone had used it to reply to a Russian forum, which
    explains why I receive a surprising amount of spam from Russia.

    It didn't help that I used to post with my address in plain text.

    Mike

    --
    Michael Winter
    Replace ".invalid" with ".uk" to reply by e-mail.
    Michael Winter, Apr 25, 2005
    #9
  10. luke

    luke Guest

    they've put their own email addresses on the website.



    "Greg N." <> wrote in message
    news:d4ik1j$unn$...
    > luke wrote:
    >
    > > ... in this case these are other people's email
    > > addresses, it's for a community...

    >
    > I'd be mighty pissed if somebody put my mail address on a web page, no
    > matter how thoroughly (he thinks) he has guarded it from bot access.
    luke, Apr 26, 2005
    #10
  11. luke

    luke Guest

    > Just conjecture...
    >
    > I suppose it would depend on how predictable the format is. Something
    > that might be meaningful to screen readers and aural browsers would be
    >
    > name(at)domain(dot)com
    >
    > but that's relatively easy to find. A fairly unique alternative could be
    > impossible until it's been found by a bot author.
    >
    > Of course, this would reduce ease of use somewhat. The format would have
    > to recognisable unless the context clearly indicated e-mail addresses,
    > and it would take editing to make the address usable. That said, there
    > would be no scripting dependency and it could be more successful than a
    > scripted solution.



    thanks mike. the more i think about it, the more it seems that any spambot
    written by someone with a few clues would also search for patterns that
    could be email addresses obscured with other text, as well as being able to
    read the returned html of javascript. pity we've got to make some things so
    hard on ourselves to protect an email address!

    luke
    luke, Apr 26, 2005
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hegemony Cricket

    Re: Beating my head -- JSPs and encoding

    Hegemony Cricket, Jul 31, 2003, in forum: Java
    Replies:
    1
    Views:
    1,547
  2. Brian Andrus

    Learning and beating my head

    Brian Andrus, May 4, 2004, in forum: Java
    Replies:
    2
    Views:
    346
    Erwin Moller
    May 4, 2004
  3. Jonathan Smith
    Replies:
    0
    Views:
    250
    Jonathan Smith
    Jun 6, 2006
  4. Replies:
    1
    Views:
    319
    Gianni Mariani
    Feb 11, 2006
  5. Millie
    Replies:
    2
    Views:
    125
    Thomas 'PointedEars' Lahn
    Nov 18, 2003
Loading...

Share This Page