beating the spambots with javascript

L

luke

hi,

i'm wondering what strategies people use to try to beat the spambots,
but still have their email addresses printed as a clickable text link.
for one off email addresses i use the encrypter at
http://www.corbysimpson.com/encrypt.asp except for this case i'll be
reading email addresses from a database and printing them to the page,
so no luck running it through another page beforehand.

so i was wondering if the way of breaking up email addresses into 2
parts, and assigning them to variables in javascript, like a = name; b
= website.org.nz, and then going a + '@' + b to write it on the page
works. i'm never sure whether the spambots are so smart they can read
javascript and put the email addresses back together that way.

thanks
luke
 
A

Ash

Perhaps your best bet is simply to exclude email addresses from your site,
and instead use Forms that post to a script to then email the message?

Sometimes better incase the user hasn't an email client handy, i.e. if using
an Airport internet terminal or similar.

Cheers, Ash
 
D

Danny@Kendal

luke said:
hi,

i'm wondering what strategies people use to try to beat the spambots,
but still have their email addresses printed as a clickable text link.
for one off email addresses i use the encrypter at
http://www.corbysimpson.com/encrypt.asp except for this case i'll be
reading email addresses from a database and printing them to the page,
so no luck running it through another page beforehand.

Either use a server-side mailer or show your email address as an image
instead of a clickable link.

Other than that you could setup a separate email address which bounces
emails which don't have a certain text string in the subject line, the
subject line being provided automatically by the clickable link.
 
M

Michael Winter

luke wrote:

[snip]
i'm never sure whether the spambots are so smart they can read
javascript and put the email addresses back together that way.

Apparently, one tool used for address harvesting can, but I don't recall
its name. It shouldn't be that hard anyway. A bot could be built on top
of an existing rendering engine (such as Microsoft's WebBrowser
control), which would be able to transparently parse both character
entity references and any client-side script.

If you don't want your address exposed to bots, don't place it on the
Web. Use form mail instead. Alternatively, just live with it.

Mike
 
L

luke

[snip]
If you don't want your address exposed to bots, don't place it on the
Web. Use form mail instead. Alternatively, just live with it.

them's harsh but true words mike.

good advice from everybody.

normally i would follow one of those ideas - using a formmail script (or
writing one myself with nice html-formatted headers with php), or replacing
it with an image. except in this case these are other people's email
addresses, it's for a community of audio artists to contact each other, so
i'd prefer showing an email address and letting them use that with their own
email client, because they might want to add that person to their contacts
etc. .. and the problem with the image is accessability. again there's no
way of pasting to your own email client, or adding to your contacts, without
manual typing anyway.

so should i assume there's no safe way to show email as text links? i might
resort to printing them as name_AT_blabla.co.nz, or is this not particularly
deceptive these days and the spambots can read that as well?

many thanks
luke
 
G

Greg N.

luke said:
so i was wondering if the way of breaking up email addresses into 2
parts, and assigning them to variables in javascript, like a = name; b
= website.org.nz, and then going a + '@' + b to write it on the page
works. i'm never sure whether the spambots are so smart...

I'm convinced they are. I once did exactly what you're proposing here,
and a year later the mailbox was thoroughly spam infested.
 
G

Greg N.

luke said:
... in this case these are other people's email
addresses, it's for a community...

I'd be mighty pissed if somebody put my mail address on a web page, no
matter how thoroughly (he thinks) he has guarded it from bot access.
 
M

Michael Winter

luke wrote:

[snip]
i might resort to printing them as name_AT_blabla.co.nz, or is this
not particularly deceptive these days and the spambots can read that
as well?

Just conjecture...

I suppose it would depend on how predictable the format is. Something
that might be meaningful to screen readers and aural browsers would be

name(at)domain(dot)com

but that's relatively easy to find. A fairly unique alternative could be
impossible until it's been found by a bot author.

Of course, this would reduce ease of use somewhat. The format would have
to recognisable unless the context clearly indicated e-mail addresses,
and it would take editing to make the address usable. That said, there
would be no scripting dependency and it could be more successful than a
scripted solution.

Mike
 
M

Michael Winter

Greg said:
luke wrote:
[snip]
i'm never sure whether the spambots are so smart...

I'm convinced they are. I once did exactly what you're proposing here,
and a year later the mailbox was thoroughly spam infested.

An interesting experiment you might want to try is to search for your
e-mail address with a search engine. I once Googled for my address and
found that someone had used it to reply to a Russian forum, which
explains why I receive a surprising amount of spam from Russia.

It didn't help that I used to post with my address in plain text.

Mike
 
L

luke

Just conjecture...
I suppose it would depend on how predictable the format is. Something
that might be meaningful to screen readers and aural browsers would be

name(at)domain(dot)com

but that's relatively easy to find. A fairly unique alternative could be
impossible until it's been found by a bot author.

Of course, this would reduce ease of use somewhat. The format would have
to recognisable unless the context clearly indicated e-mail addresses,
and it would take editing to make the address usable. That said, there
would be no scripting dependency and it could be more successful than a
scripted solution.


thanks mike. the more i think about it, the more it seems that any spambot
written by someone with a few clues would also search for patterns that
could be email addresses obscured with other text, as well as being able to
read the returned html of javascript. pity we've got to make some things so
hard on ourselves to protect an email address!

luke
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top