email on website

Discussion in 'HTML' started by Jim Scott, Jun 7, 2005.

  1. Jim Scott

    Jim Scott Guest

    Is there a way to have a button or other link to email me from the website
    without the webcrawlers harvesting me for spam?
    Currently I use a .jpg to display my email address, but of course it does
    not serve as a direct link.
    --
    Jim on Tyneside UK
    Remove X to email me.
    http://freespace.virgin.net/mr.jimscott/
    Jim Scott, Jun 7, 2005
    #1
    1. Advertising

  2. Jim Scott

    Oli Filth Guest

    Jim Scott said the following on 07/06/2005 18:15:
    > Is there a way to have a button or other link to email me from the website
    > without the webcrawlers harvesting me for spam?
    > Currently I use a .jpg to display my email address, but of course it does
    > not serve as a direct link.


    Is your website driven by PHP or ASP or whatever? If so, the answer is
    yes. Have a "Submit e-mail" form. The script that collects it can then
    process it and e-mail it directly to you, so you'll never have to
    display the e-mail address to the outside world.

    Trying to obfuscate e-mail addresses (that can be clicked on as an <A
    href="mailto:..."> link) with Javascript, etc. is an exercise in
    futility. Eventually there'll be a spam-bot that is capable of
    deciphering whatever scheme you use, and then your address will be on
    their lists forever.

    --
    Oli
    Oli Filth, Jun 7, 2005
    #2
    1. Advertising

  3. Jim Scott

    Mitja Guest

    On Tue, 07 Jun 2005 19:15:40 +0200, Jim Scott <>
    wrote:

    > Is there a way to have a button or other link to email me from the
    > website without the webcrawlers harvesting me for spam?


    Nothing is plain enough to work as a direct link in all user agents and at
    the same time complicated enough to confuse the bots.
    Your options are roughly:
    a) an image of mail address - what you're currently using
    b) a direct link to a coded mail addres that is decoded on the fly, using
    javascript
    c) a form - google for sendmail.pl
    d) written instructions that people understand, but bots don't: "contact
    me at after removing y's from the address"

    To make a) and b) work for all people (even those with sreen readers etc),
    you must back it up with c) or d). Personally, I find mail forms
    repulsive, so I'd go for b) with d) in small print as a backup ("if the
    above link does not work for you,...").
    Mitja, Jun 7, 2005
    #3
  4. Jim Scott

    Mitja Guest

    On Tue, 07 Jun 2005 19:38:08 +0200, Oli Filth <> wrote:

    > Trying to obfuscate e-mail addresses (that can be clicked on as an <A
    > href="mailto:..."> link) with Javascript, etc. is an exercise in
    > futility. Eventually there'll be a spam-bot that is capable of
    > deciphering whatever scheme you use, and then your address will be on
    > their lists forever.


    _Eventually_ :)
    I haven't heard of bots executing javascript just yet. Heck, I think
    you're still safe even with things as primitive as
    name(dot)surname(at)example(dot)com...
    The reason is the bots lack horsepower - always will, due do the huge
    amount of information to be searched through for mail addresses. And from
    their viewpoint, I imagine - why bother deciphering, running JS or doing
    guesswork when there are stil tons of unprotected addresses lying around?
    Mitja, Jun 7, 2005
    #4
  5. Jim Scott

    Oli Filth Guest

    Mitja said the following on 07/06/2005 18:53:
    > On Tue, 07 Jun 2005 19:38:08 +0200, Oli Filth <> wrote:
    >
    >> Trying to obfuscate e-mail addresses (that can be clicked on as an <A
    >> href="mailto:..."> link) with Javascript, etc. is an exercise in
    >> futility. Eventually there'll be a spam-bot that is capable of
    >> deciphering whatever scheme you use, and then your address will be on
    >> their lists forever.

    >
    >
    > _Eventually_ :)
    > I haven't heard of bots executing javascript just yet.


    Even if they don't yet, how much of a technological hurdle would it be
    for them to do so? Virtually none. The spammers could implement it
    tomorrow if they wanted to.


    > Heck, I think you're still safe even with things as primitive as
    > name(dot)surname(at)example(dot)com...


    But that doesn't work as a clickable link (unless you expect the user to
    manually edit the address when in their e-mail program).

    > The reason is the bots lack horsepower - always will, due do the huge
    > amount of information to be searched through for mail addresses. And
    > from their viewpoint, I imagine - why bother deciphering, running JS or
    > doing guesswork when there are stil tons of unprotected addresses lying
    > around?


    This could well be true...

    --
    Oli
    Oli Filth, Jun 7, 2005
    #5
  6. Jim Scott

    Andy Dingley Guest

    On Tue, 07 Jun 2005 17:15:40 GMT, Jim Scott <>
    wrote:

    >Is there a way to have a button or other link to email me from the website
    >without the webcrawlers harvesting me for spam?


    Simply: Use a mailto: link as usual, but replace the "@" character with
    the entity ref @ (HTML encoded version of the same character)
    This isn't perfectly reliable for the future, but it seems to be ignored
    by the spammers at present. You'll still get spam to "webmaster", but
    that's just from the scumbags reading the domain name reg database.

    For a robust solution, use a mailto script running on a server. This
    doesn't need to be the same server as the rest of the site, so you can
    borrow one, even if your current hosting doesn't support scripts.
    However many web hosts already offer a suitable mailto script, as part
    of a standard package.
    Andy Dingley, Jun 7, 2005
    #6
  7. Jim Scott

    dorayme Guest

    > From: Oli Filth <>

    > Jim Scott said the following on 07/06/2005 18:15:
    >> Is there a way to have a button or other link to email me from the website
    >> without the webcrawlers harvesting me for spam?
    >> Currently I use a .jpg to display my email address, but of course it does
    >> not serve as a direct link.

    >
    > Is your website driven by PHP or ASP or whatever? If so, the answer is
    > yes. Have a "Submit e-mail" form. The script that collects it can then
    > process it and e-mail it directly to you, so you'll never have to
    > display the e-mail address to the outside world.
    >
    > Trying to obfuscate e-mail addresses (that can be clicked on as an <A
    > href="mailto:..."> link) with Javascript, etc. is an exercise in
    > futility. Eventually there'll be a spam-bot that is capable of
    > deciphering whatever scheme you use, and then your address will be on
    > their lists forever.



    If I recall, Jim is not into ASP or PHP. Perhaps he should be?

    There are sites to assist you to hide the email address from robots. As Oli
    has implied, they will ultimately fail when the harvesters get smarter. A
    sort of arms race. I have used
    http://automaticlabs.com/products/enkoderform/ with some success judging by
    lack of spam (but this could be for other reasons, it is no solid evidence).
    Perhaps Oli's "futile" is a bit strong. That something is futile in the long
    run does not mean it is in the short term - this is the logic of an arms
    race. Perhaps it is better to use the latest of these encrypters than
    nothing at all and be on the lookout for updates. Google up, keep updating
    sites like the one I mention.

    The other thing you can do is have an email address that needs some
    modifying when the user hits the link. It comes up as
    steve(pleaseRemoveTheBracketsAndContent)@telecom.uk or some such. For your
    site which is not so stuffy or formal, this might be fine. I don't think
    robots would get so smart as to see thru this. Though I suppose they could!

    dorayme
    dorayme, Jun 8, 2005
    #7
  8. Jim Scott

    Oli Filth Guest

    dorayme said the following on 08/06/2005 01:00:
    >>From: Oli Filth <>

    >
    >>Trying to obfuscate e-mail addresses (that can be clicked on as an <A
    >>href="mailto:..."> link) with Javascript, etc. is an exercise in
    >>futility. Eventually there'll be a spam-bot that is capable of
    >>deciphering whatever scheme you use, and then your address will be on
    >>their lists forever.

    >
    > If I recall, Jim is not into ASP or PHP. Perhaps he should be?


    A server-side language is always worth learning. As soon as you do,
    you'll realise on all the possiblities that a dynamic site bring!

    > There are sites to assist you to hide the email address from robots. As Oli
    > has implied, they will ultimately fail when the harvesters get smarter. A
    > sort of arms race. I have used
    > http://automaticlabs.com/products/enkoderform/ with some success judging by
    > lack of spam (but this could be for other reasons, it is no solid evidence).
    > Perhaps Oli's "futile" is a bit strong.


    The reason I say "futile" is because you won't know that a bot has
    deciphered your e-mail address until it's too late and you start
    recieving spam. By that point, the game's up and you'll have to change
    address. So it's not an arms race in that respect - it's not like you
    can always keep one step ahead of the bots (not without constantly
    changing addresses). So in that sense (i.e. you e-mail address will
    inevitably end up on a list at some point), you may as well not bother!

    However, as Mitja pointed out earlier in the thread, perhaps I
    overestimate the persistence of spam bots.


    --
    Oli
    Oli Filth, Jun 8, 2005
    #8
  9. Jim Scott

    dorayme Guest

    > From: Oli Filth <>

    > dorayme said the following on 08/06/2005 01:00:
    >>> From: Oli Filth <>


    >> There are sites to assist you to hide the email address from robots. As Oli
    >> has implied, they will ultimately fail when the harvesters get smarter. A
    >> sort of arms race. I have used
    >> http://automaticlabs.com/products/enkoderform/ with some success judging by
    >> lack of spam (but this could be for other reasons, it is no solid evidence).
    >> Perhaps Oli's "futile" is a bit strong.

    >
    > The reason I say "futile" is because you won't know that a bot has
    > deciphered your e-mail address until it's too late and you start
    > recieving spam. By that point, the game's up and you'll have to change
    > address. So it's not an arms race in that respect - it's not like you
    > can always keep one step ahead of the bots (not without constantly
    > changing addresses). So in that sense (i.e. you e-mail address will
    > inevitably end up on a list at some point), you may as well not bother!
    >

    Well, it *is* an arms race in every respect. You can play it well or you can
    play it badly. You keep ahead of the bots presumably by getting hold of the
    latest encrypters if they are available (or making them). The game has been
    up for many a thing in arms races over the last billion years. That's not a
    good reason not to keep playing.

    dorayme

    (BTW, this is not to say your server side advice was not excellent)
    dorayme, Jun 8, 2005
    #9
  10. Jim Scott

    data64 Guest

    Mitja <> wrote in news:eek:p.sr0gtz1tdob4us@ibis:

    > c) a form - google for sendmail.pl


    If you are going to use a perl based form for mailing, please please use the
    one from NMS archive and not from some random site.
    http://nms-cgi.sourceforge.net/about.html

    The NMS ones have several security features that are missing from a lot of
    perl based forms out on the net. The point is to avoid having your form be
    used as a mechanism for sending spam.

    data64
    data64, Jun 8, 2005
    #10
  11. Jim Scott

    Guest

    Jim Scott said the following on 07/06/2005 18:15:

    > Is there a way to have a button or other link to email me from the website
    > without the webcrawlers harvesting me for spam?
    > Currently I use a .jpg to display my email address, but of course it does
    > not serve as a direct link.


    I am on a good commercial host, although I have a private site. Many
    services are built into the control panel, and it just takes a few key
    clicks to set up many things that are built in. I set up cgi form mail
    that is built in. When you select form mail at the control panel, the
    required cgi code is written into your cgi bin, and you are given text
    instructions, including examples. You just have to modify one of their
    standard html pages for the form. You select any pop mail address at
    your domain that you wish. When you need a mail link on a page, you
    just link to the form page you modified. The domain allows many pop
    mail accounts. When the one used for the form mail attracts too much
    spam, you just delete it and create a new one that you use on the form
    mail page. This only takes about 2 minutes. Server side is the way to
    go, if you can. I would discourage most people from writing their own
    server side mail script. Even if you can write good code, you will have
    to avoid many things that hackers take advantage of. If they can get
    in, hackers love Javascript, they like ActiveX even more, and server
    side scripts are the best of all. Some of them love to deface pages
    with crude images and such. Some have been able to bring a whole server
    down - mainly servers of small hosts. Although I will never use the
    shopping carts and secure pages offered by my host, it is nice to have
    a huge selection of features built in, most at no extra cost. And a
    good commercial host often is no more expensive than a small mom and
    pop host with very limited features on their server.
    , Jun 8, 2005
    #11
  12. Jim Scott

    Gazza Guest

    Jim Scott mumbled the following on 07/06/2005 18:15:
    > Is there a way to have a button or other link to email me from the website
    > without the webcrawlers harvesting me for spam?


    Despite the server-side options (which I would recommend), there is
    another simple tip that I discovered by accident.

    Bots seem to strip the @ sign and everything surrounding it upto the
    HTML tags surrounding it. If these happen to be the expected <a ...> and
    </a> then the bot obviously has your whole address. However, if you're
    not 100% fussed about semantic markup, you could use:
    <a ...><span>W</span></a>
    ....and then delete everything sent to "" - the
    on-screen display still reads as "Webmaster@...".

    Combine this with swapping the @ sign for @, and it should provide
    an almost unharvestable address, at least until you get the server-side
    script up and running...

    --
    Gazza
    Mobile Number Network Checker - http://mnnc.net/
    Creative writing & Poems - http://garyjones.co.uk/
    Leovanna Leonbergers - http://leovanna.co.uk/
    Gazza, Jun 8, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Flip
    Replies:
    1
    Views:
    426
    Karl Seguin
    Nov 22, 2005
  2. Shawn

    Website on a website.

    Shawn, Jan 15, 2006, in forum: ASP .Net
    Replies:
    3
    Views:
    475
    Shawn
    Jan 15, 2006
  3. sck10
    Replies:
    1
    Views:
    409
    Michael Kolias
    Apr 13, 2006
  4. Adrian Wood

    Update website via website?

    Adrian Wood, Feb 22, 2004, in forum: HTML
    Replies:
    13
    Views:
    684
    Adrian Wood
    Feb 25, 2004
  5. A Leon
    Replies:
    4
    Views:
    463
    A Leon
    Mar 4, 2004
Loading...

Share This Page