Disguising email addresses in webpages

[Paul]

Hi,

This is probably out of the realms of "straight" html, but here goes.

Does anyone know of a browser safe method to prevent spam harvesters
from chomping through a website to obtain email addresses?

I can do it in JavaScript, but I'm trying to ditch the JS I have from
the website.

As I see it, the problem is that if the harvester chomps page by page
looking for <a href="mailto:...">...</a> then it doesn't matter if the
solution is PHP/MySQL generated or inserted via some cgi script via a
server side include (or similar), the address will still be there.

I don't want to resort to anything too evil...

TTFN

Paul

 

[Greg N.]

As I see it, the problem is that if the harvester chomps page by page
looking for <a href="mailto:...

1. Don't use email links like that. In the days of webmail, it does not
make sense for many if not most of your visitors.

2. You may use plain text, slightly obfuscated, like so:
<p>You may reach me at <em>johndoe</em> at <em>hotmail</em> dot <em>com</em>

3. You may hide the email address in a small JPG or GIF image:
<p>You may reach me at <img src=myaddr.jpg alt="my addr.">

The latter is the most effective solution, but frowned upon by
accessability advocates.

 

[Brian Cryer]

Hi,

This is probably out of the realms of "straight" html, but here goes.

Does anyone know of a browser safe method to prevent spam harvesters
from chomping through a website to obtain email addresses?

I can do it in JavaScript, but I'm trying to ditch the JS I have from
the website.

As I see it, the problem is that if the harvester chomps page by page
looking for <a href="mailto:...">...</a> then it doesn't matter if the
solution is PHP/MySQL generated or inserted via some cgi script via a
server side include (or similar), the address will still be there.

I don't want to resort to anything too evil...

TTFN

Paul

I don't know of any "perfect" way. The options I'm aware of:

1. Don't put your email address on any webpages. Advantage: Fool-proof.
Disadvantage: no-one can contact you.

2. Use a mail form rather than an email address. Disadvantage: Limited
really to only one contact and doesn't stop spam!!

3. Use JavaScript (which you already know of). Disadvantage: Doesn't work on
browsers that don't have JavaScript enabled, and very easy to work round.

4. Use an image of your email (and don't include the href bit). Advantage:
Difficult to harvest, but its only time before harvesters can recognise it.
Disadvantage: user has to copy your email address and this is likely to put
people off.

5. For your own email use webmaster@..., doesn't stop spam, but for my
website I get very little spam on my webmaster account.

There must be other ideas out there, but those are all the ones I can think
of. As you can see, none are perfect.

I use a spam filter for my email, but the trouble with having contact email
addresses on a website is that you can get legitimate emails from anyone in
virtually any format and I find my spam filter catches some legit emails and
tags them as spam.

If you find a perfect solution please let the rest of us into the secret.

 

[David Dorward]

1. Don't use email links like that. In the days of webmail, it does not
make sense for many if not most of your visitors.

Those users can still copy and paste the address into their webbased email
client (and I would be surprised if you couldn't get a browser plugin that
can take a mailto: and turn it into something that works with the user's
webmail).

2. You may use plain text, slightly obfuscated, like so:
<p>You may reach me at <em>johndoe</em> at <em>hotmail</em> dot
<em>com</em>

Which means users have to edit the address in their email client. Too much
work for some.

3. You may hide the email address in a small JPG or GIF image:
<p>You may reach me at <img src=myaddr.jpg alt="my addr.">

Either the alt text will be useless, or the use of the image will be
pointless.

Transcribing an email address from an image is time consuming (so many
user's won't bother) and error prone (so email can get misdirected).

 

[Jonathan N. Little]

Brian Cryer wrote:

5. For your own email use webmaster@..., doesn't stop spam, but for my
website I get very little spam on my webmaster account.

There must be other ideas out there, but those are all the ones I can think
of. As you can see, none are perfect.

I use a spam filter for my email, but the trouble with having contact email
addresses on a website is that you can get legitimate emails from anyone in
virtually any format and I find my spam filter catches some legit emails and
tags them as spam.

If you find a perfect solution please let the rest of us into the secret.

My Mozilla mail the spam filter is 'trained' by you and I have found it
very effect, better than Norton's (which I disabled) and the ones use by
my ISP and hosting company...I rarely ever get a false positive (two or
three messages over the years) and more than say 80% gets flagged and
moved to junk.

Face it, if you want folks that you do not already know to contact you,
your going to get spam. I get junk mail in my mail box (snail mail), if
I take it down or hide the box it *will* prevent the junk mail but I
wont get my mail either! It's life!

 

[Greg N.]

My Mozilla mail the spam filter is 'trained' by you and I have found it
very effect, better than Norton's (which I disabled) and the ones use by
my ISP and hosting company...I rarely ever get a false positive (two or
three messages over the years) and more than say 80% gets flagged and
moved to junk.

How can you possibly know? Are you saying you check all your spam for
false positives? If you have time to do that, you don't really have a
spam problem.

In real life, there is no practical way to check the spam for false
positives. In effect, the more agressive you set your spam filters, the
more often you'll be losing good mail. And you have no way of telling.

Face it, if you want folks that you do not already know to contact you,
your going to get spam. I get junk mail in my mail box (snail mail), if
I take it down or hide the box it *will* prevent the junk mail but I
wont get my mail either! It's life!

If you mean by that, give up on spam prevention, rely solely on spam
filtering, I couldn't disagree more.

 

[Ken Sims]

Hi Paul -

As I see it, the problem is that if the harvester chomps page by page
looking for <a href="mailto:...">...</a> then it doesn't matter if the
solution is PHP/MySQL generated or inserted via some cgi script via a
server side include (or similar), the address will still be there.

I don't use a mailto link (if the user isn't smart enough to copy it
into their email program, I don't want to hear from them). I use
numeric entity coding. I use a custom address, not "webmaster" or
"info" or anything standard like that.

I've found those three things to be sufficient protection. YMMV.

 

[Jonathan N. Little]

How can you possibly know? Are you saying you check all your spam for
false positives? If you have time to do that, you don't really have a
spam problem.

Yep, I try to do it fairly regularly, every other day, On my personal
account which is oldest a couple of hundred a day.


I sort by subject and then by sender and it is easy to block delete
obvious spam. Same subject from different senders and vice versa.

Sort by subject and anything with words like "pen1s" or "Rolex watches"
(at least for me) can be dump without further thought. What is left just
takes a quick scan...

In real life, there is no practical way to check the spam for false
positives. In effect, the more agressive you set your spam filters, the
more often you'll be losing good mail. And you have no way of telling.

The training feature works pretty good with my experience, my subscribed
lists do not get mark as spam but most of the new spam adverts do...

If you mean by that, give up on spam prevention, rely solely on spam
filtering, I couldn't disagree more.

Well, what do you suggest? Your email will be out there if you use it
and if any else uses it! You can do all you want to conceal your email,
but once someelse sends you something via your email it is on more than
just your computer, computers that you have *no* control over. My spam
prevention is I that don't do the poker and porn sites, don't use
spyware "free" utilities and toolbars and MSIE that allows drive-by
installs. But I have had websites for years been in usenet and forums
for longer. That is my real name and personal email there that I have
had since the mid 90's (the email not the name I have had that longer!)
once in a while someone will reply to me instead of the group, but hey!

 

[Stan McCann]

Well, what do you suggest? Your email will be out there if you use
it and if any else uses it! You can do all you want to conceal your
email, but once someelse sends you something via your email it is on
more than just your computer, computers that you have *no* control
over. My spam prevention is I that don't do the poker and porn
sites, don't use spyware "free" utilities and toolbars and MSIE that
allows drive-by installs. But I have had websites for years been in
usenet and forums for longer. That is my real name and personal
email there that I have had since the mid 90's (the email not the
name I have had that longer!) once in a while someone will reply to
me instead of the group, but hey!

Ditto. (e-mail address removed) is my very oldest email address. It dates
from the early 90's when I first got a server hooked to the Internet.
Before the Internet went commercial. Before what we now know as the
Internet. Try telnetting to a remote Unix system so you can use a news
reader (I can't remember what I used way back then) all in text mode.
There were few graphic modes back then. Some graphical computers were
out like the Amiga, Commodore, Apple and some workstations running Unix
and X-Windows.

Or worse. I know there are still folks around that were into this
stuff a lot longer than me. I never had to experience it but I've
heard the stories of dropping your box of punched cards. Owww.

Internet advertising (UCE, SPAM) was a foregone conclusion the day the
Internet was made available to commercial enterprise. I've been at
computing, networking, server administration, and now into web
development for over 20 years now. Being in the midst of the
technology as it moves so fast is a blast. You take the bad with the
good.

 

[Jonathan N. Little]

Stan McCann wrote:

Ditto. (e-mail address removed) is my very oldest email address. It dates
from the early 90's when I first got a server hooked to the Internet.
Before the Internet went commercial. Before what we now know as the
Internet. Try telnetting to a remote Unix system so you can use a news
reader (I can't remember what I used way back then) all in text mode.
There were few graphic modes back then. Some graphical computers were
out like the Amiga, Commodore, Apple and some workstations running Unix
and X-Windows.

Well there was BBS's my bother-in-law use to frequent, but all were long
distant numbers and I was too cheap! Got a blazing USR 14400 but all I
could use it for was faxes until 95 when AT&T Worldnet cam available,
but was long distance so religated to brief blitzes lat a night!

Or worse. I know there are still folks around that were into this
stuff a lot longer than me. I never had to experience it but I've
heard the stories of dropping your box of punched cards. Owww.

In 70's worked with main frames where old punch cards were mostly phased
out (still in backup storage) replace by paper tape! Wow! Then mag tape!

Internet advertising (UCE, SPAM) was a foregone conclusion the day the
Internet was made available to commercial enterprise. I've been at
computing, networking, server administration, and now into web
development for over 20 years now. Being in the midst of the
technology as it moves so fast is a blast. You take the bad with the
good.

I'll second that!

 

[Joe]

Hi Paul -



I don't use a mailto link (if the user isn't smart enough to copy it
into their email program, I don't want to hear from them). I use
numeric entity coding. I use a custom address, not "webmaster" or
"info" or anything standard like that.

I've found those three things to be sufficient protection. YMMV.

I use mailto with "&hash" entities ( like @ = &#064 ; )
No way of knowing, I guess, except I never seem to get any spam
I use the form <a href="mailto:...>Mail to ...</a> with random letters
&#'ed, so the user can read the email addy and write it down if they
don't have email access when they see the page. (like in a library)