email on website

J

Jim Scott

Is there a way to have a button or other link to email me from the website
without the webcrawlers harvesting me for spam?
Currently I use a .jpg to display my email address, but of course it does
not serve as a direct link.
 
O

Oli Filth

Jim Scott said the following on 07/06/2005 18:15:
Is there a way to have a button or other link to email me from the website
without the webcrawlers harvesting me for spam?
Currently I use a .jpg to display my email address, but of course it does
not serve as a direct link.

Is your website driven by PHP or ASP or whatever? If so, the answer is
yes. Have a "Submit e-mail" form. The script that collects it can then
process it and e-mail it directly to you, so you'll never have to
display the e-mail address to the outside world.

Trying to obfuscate e-mail addresses (that can be clicked on as an <A
href="mailto:..."> link) with Javascript, etc. is an exercise in
futility. Eventually there'll be a spam-bot that is capable of
deciphering whatever scheme you use, and then your address will be on
their lists forever.
 
M

Mitja

Is there a way to have a button or other link to email me from the
website without the webcrawlers harvesting me for spam?

Nothing is plain enough to work as a direct link in all user agents and at
the same time complicated enough to confuse the bots.
Your options are roughly:
a) an image of mail address - what you're currently using
b) a direct link to a coded mail addres that is decoded on the fly, using
javascript
c) a form - google for sendmail.pl
d) written instructions that people understand, but bots don't: "contact
me at (e-mail address removed) after removing y's from the address"

To make a) and b) work for all people (even those with sreen readers etc),
you must back it up with c) or d). Personally, I find mail forms
repulsive, so I'd go for b) with d) in small print as a backup ("if the
above link does not work for you,...").
 
M

Mitja

Trying to obfuscate e-mail addresses (that can be clicked on as an <A
href="mailto:..."> link) with Javascript, etc. is an exercise in
futility. Eventually there'll be a spam-bot that is capable of
deciphering whatever scheme you use, and then your address will be on
their lists forever.

_Eventually_ :)
I haven't heard of bots executing javascript just yet. Heck, I think
you're still safe even with things as primitive as
name(dot)surname(at)example(dot)com...
The reason is the bots lack horsepower - always will, due do the huge
amount of information to be searched through for mail addresses. And from
their viewpoint, I imagine - why bother deciphering, running JS or doing
guesswork when there are stil tons of unprotected addresses lying around?
 
O

Oli Filth

Mitja said the following on 07/06/2005 18:53:
_Eventually_ :)
I haven't heard of bots executing javascript just yet.

Even if they don't yet, how much of a technological hurdle would it be
for them to do so? Virtually none. The spammers could implement it
tomorrow if they wanted to.

Heck, I think you're still safe even with things as primitive as
name(dot)surname(at)example(dot)com...

But that doesn't work as a clickable link (unless you expect the user to
manually edit the address when in their e-mail program).
The reason is the bots lack horsepower - always will, due do the huge
amount of information to be searched through for mail addresses. And
from their viewpoint, I imagine - why bother deciphering, running JS or
doing guesswork when there are stil tons of unprotected addresses lying
around?

This could well be true...
 
A

Andy Dingley

Is there a way to have a button or other link to email me from the website
without the webcrawlers harvesting me for spam?

Simply: Use a mailto: link as usual, but replace the "@" character with
the entity ref @ (HTML encoded version of the same character)
This isn't perfectly reliable for the future, but it seems to be ignored
by the spammers at present. You'll still get spam to "webmaster", but
that's just from the scumbags reading the domain name reg database.

For a robust solution, use a mailto script running on a server. This
doesn't need to be the same server as the rest of the site, so you can
borrow one, even if your current hosting doesn't support scripts.
However many web hosts already offer a suitable mailto script, as part
of a standard package.
 
D

dorayme

From: Oli Filth said:
Jim Scott said the following on 07/06/2005 18:15:

Is your website driven by PHP or ASP or whatever? If so, the answer is
yes. Have a "Submit e-mail" form. The script that collects it can then
process it and e-mail it directly to you, so you'll never have to
display the e-mail address to the outside world.

Trying to obfuscate e-mail addresses (that can be clicked on as an <A
href="mailto:..."> link) with Javascript, etc. is an exercise in
futility. Eventually there'll be a spam-bot that is capable of
deciphering whatever scheme you use, and then your address will be on
their lists forever.


If I recall, Jim is not into ASP or PHP. Perhaps he should be?

There are sites to assist you to hide the email address from robots. As Oli
has implied, they will ultimately fail when the harvesters get smarter. A
sort of arms race. I have used
http://automaticlabs.com/products/enkoderform/ with some success judging by
lack of spam (but this could be for other reasons, it is no solid evidence).
Perhaps Oli's "futile" is a bit strong. That something is futile in the long
run does not mean it is in the short term - this is the logic of an arms
race. Perhaps it is better to use the latest of these encrypters than
nothing at all and be on the lookout for updates. Google up, keep updating
sites like the one I mention.

The other thing you can do is have an email address that needs some
modifying when the user hits the link. It comes up as
steve(pleaseRemoveTheBracketsAndContent)@telecom.uk or some such. For your
site which is not so stuffy or formal, this might be fine. I don't think
robots would get so smart as to see thru this. Though I suppose they could!

dorayme
 
O

Oli Filth

dorayme said the following on 08/06/2005 01:00:
If I recall, Jim is not into ASP or PHP. Perhaps he should be?

A server-side language is always worth learning. As soon as you do,
you'll realise on all the possiblities that a dynamic site bring!
There are sites to assist you to hide the email address from robots. As Oli
has implied, they will ultimately fail when the harvesters get smarter. A
sort of arms race. I have used
http://automaticlabs.com/products/enkoderform/ with some success judging by
lack of spam (but this could be for other reasons, it is no solid evidence).
Perhaps Oli's "futile" is a bit strong.

The reason I say "futile" is because you won't know that a bot has
deciphered your e-mail address until it's too late and you start
recieving spam. By that point, the game's up and you'll have to change
address. So it's not an arms race in that respect - it's not like you
can always keep one step ahead of the bots (not without constantly
changing addresses). So in that sense (i.e. you e-mail address will
inevitably end up on a list at some point), you may as well not bother!

However, as Mitja pointed out earlier in the thread, perhaps I
overestimate the persistence of spam bots.
 
D

dorayme

From: Oli Filth said:
dorayme said the following on 08/06/2005 01:00:

The reason I say "futile" is because you won't know that a bot has
deciphered your e-mail address until it's too late and you start
recieving spam. By that point, the game's up and you'll have to change
address. So it's not an arms race in that respect - it's not like you
can always keep one step ahead of the bots (not without constantly
changing addresses). So in that sense (i.e. you e-mail address will
inevitably end up on a list at some point), you may as well not bother!
Well, it *is* an arms race in every respect. You can play it well or you can
play it badly. You keep ahead of the bots presumably by getting hold of the
latest encrypters if they are available (or making them). The game has been
up for many a thing in arms races over the last billion years. That's not a
good reason not to keep playing.

dorayme

(BTW, this is not to say your server side advice was not excellent)
 
D

data64

Mitja said:
c) a form - google for sendmail.pl

If you are going to use a perl based form for mailing, please please use the
one from NMS archive and not from some random site.
http://nms-cgi.sourceforge.net/about.html

The NMS ones have several security features that are missing from a lot of
perl based forms out on the net. The point is to avoid having your form be
used as a mechanism for sending spam.

data64
 
C

cwdjrxyz

Jim Scott said the following on 07/06/2005 18:15:
Is there a way to have a button or other link to email me from the website
without the webcrawlers harvesting me for spam?
Currently I use a .jpg to display my email address, but of course it does
not serve as a direct link.

I am on a good commercial host, although I have a private site. Many
services are built into the control panel, and it just takes a few key
clicks to set up many things that are built in. I set up cgi form mail
that is built in. When you select form mail at the control panel, the
required cgi code is written into your cgi bin, and you are given text
instructions, including examples. You just have to modify one of their
standard html pages for the form. You select any pop mail address at
your domain that you wish. When you need a mail link on a page, you
just link to the form page you modified. The domain allows many pop
mail accounts. When the one used for the form mail attracts too much
spam, you just delete it and create a new one that you use on the form
mail page. This only takes about 2 minutes. Server side is the way to
go, if you can. I would discourage most people from writing their own
server side mail script. Even if you can write good code, you will have
to avoid many things that hackers take advantage of. If they can get
in, hackers love Javascript, they like ActiveX even more, and server
side scripts are the best of all. Some of them love to deface pages
with crude images and such. Some have been able to bring a whole server
down - mainly servers of small hosts. Although I will never use the
shopping carts and secure pages offered by my host, it is nice to have
a huge selection of features built in, most at no extra cost. And a
good commercial host often is no more expensive than a small mom and
pop host with very limited features on their server.
 
G

Gazza

Jim Scott mumbled the following on 07/06/2005 18:15:
Is there a way to have a button or other link to email me from the website
without the webcrawlers harvesting me for spam?

Despite the server-side options (which I would recommend), there is
another simple tip that I discovered by accident.

Bots seem to strip the @ sign and everything surrounding it upto the
HTML tags surrounding it. If these happen to be the expected <a ...> and
</a> then the bot obviously has your whole address. However, if you're
not 100% fussed about semantic markup, you could use:
<a ...><span>W</span>[email protected]</a>
....and then delete everything sent to "(e-mail address removed)" - the
on-screen display still reads as "Webmaster@...".

Combine this with swapping the @ sign for @, and it should provide
an almost unharvestable address, at least until you get the server-side
script up and running...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top