Hiding email address from spam bots

Discussion in 'HTML' started by patrick j, Mar 4, 2007.

  1. patrick j

    patrick j Guest

    Hi

    I'm just putting together a web-page onwhich I am going to include an email
    address in a "mailto" link.

    To hide it from the spam bots I'm going to use ASCII codes for each
    character of the email address.

    What I'm wondering is: will this work if I actually display the email
    address in the web-page as well as put it in the href for the "mailto"
    link?

    The reason I ask is that a human being will be able to see and even copy
    and paste the email address from the web-page. Will a spam bot be able to
    "see" it as well?

    TIA


    --
    Patrick
    Brighton, UK
    If you wish you can email me from web-site.
    <http://www.patrickjames.me.uk>
     
    patrick j, Mar 4, 2007
    #1
    1. Advertising

  2. Gazing into my crystal ball I observed patrick j
    <> writing in
    news::

    > Hi
    >
    > I'm just putting together a web-page onwhich I am going to include an
    > email address in a "mailto" link.
    >
    > To hide it from the spam bots I'm going to use ASCII codes for each
    > character of the email address.
    >
    > What I'm wondering is: will this work if I actually display the email
    > address in the web-page as well as put it in the href for the "mailto"
    > link?
    >
    > The reason I ask is that a human being will be able to see and even
    > copy and paste the email address from the web-page. Will a spam bot be
    > able to "see" it as well?
    >
    > TIA
    >
    >


    There is almost no way to keep an email address from spam-bots. I would
    say the best thing to do would be to use a "throw away" address, and set
    it for very aggressive filtering.

    --
    Adrienne Boswell at Home
    Arbpen Web Site Design Services
    http://www.cavalcade-of-coding.info
    Please respond to the group so others can share
     
    Adrienne Boswell, Mar 4, 2007
    #2
    1. Advertising

  3. patrick j

    J.O. Aho Guest

    patrick j wrote:

    > I'm just putting together a web-page onwhich I am going to include an email
    > address in a "mailto" link.
    >
    > To hide it from the spam bots I'm going to use ASCII codes for each
    > character of the email address.


    I think the spambots do handle that quite well, as javascripts hiding and so on.

    > The reason I ask is that a human being will be able to see and even copy
    > and paste the email address from the web-page. Will a spam bot be able to
    > "see" it as well?


    You could make a small "feedback" form, where your e-mail address is hidden in
    the server side script, just be careful with header injections and keep a
    bit of spam control in the script that send you the mail, that way you could
    limit the spam, at least your e-mail address wouldn't end in spammers databases.

    But Adriennes suggestion is the best one, as soon as you get your first spam
    to that address, switch to a new one.

    --

    //Aho
     
    J.O. Aho, Mar 4, 2007
    #3
  4. patrick j

    dorayme Guest

    In article <Xns98E98B70041DAarbpenyahoocom@69.28.186.121>,
    Adrienne Boswell <> wrote:

    > Gazing into my crystal ball I observed patrick j
    > <> writing in
    > news::
    >
    > > Hi
    > >
    > > I'm just putting together a web-page onwhich I am going to include an
    > > email address in a "mailto" link.
    > >
    > > To hide it from the spam bots I'm going to use ASCII codes for each
    > > character of the email address.
    > >
    > > What I'm wondering is: will this work if I actually display the email
    > > address in the web-page as well as put it in the href for the "mailto"
    > > link?
    > >
    > > The reason I ask is that a human being will be able to see and even
    > > copy and paste the email address from the web-page. Will a spam bot be
    > > able to "see" it as well?
    > >
    > > TIA
    > >
    > >

    >
    > There is almost no way to keep an email address from spam-bots. I would
    > say the best thing to do would be to use a "throw away" address, and set
    > it for very aggressive filtering.


    We had a thread a while back in which Spider Monkey gave some
    impressive results of personal trials using encoding etc and no
    one really challenged the fact that various masking techniques
    were quite effective in practice. So I am not sure that what you
    are saying is correct from a practical point of view.

    I believe now in encoding email addresses and my view is that
    spam bots will go for the low lying fruit and that it is worth it
    to put email addresses onto higher branches.

    Some purists think it is not our business and that clients should
    go find email spam experts to cope with the consequences of
    simple email mailto:s but I believe this is too severe and
    really, just wrong.

    --
    dorayme
     
    dorayme, Mar 4, 2007
    #4
  5. patrick j

    Sefani Guest

    re - hiding email from spam robots

    there's a lot of good javascript snippets on the web that dis-assemble and
    re-assemble email addresses with DOCUMENT.WRITE statements. Some are more
    convoluted than others.

    I've used one basic one for years - with excellent results.

    Here's the code:

    =======================

    <HEAD>

    <SCRIPT LANGUAGE="JavaScript">

    <!-- Begin

    var user;
    var domain;
    var suffix;
    var subject;

    function ivisimail(user, domain, suffix, subject)
    {
    document.write('<a href="' + 'mailto:' + user + '@' + domain +
    '.' + suffix + subject + '" class="your_link_class">' + user + '@' + domain
    + '.' + suffix + '</a>');
    }
    // End -->
    </script>

    </HEAD>



    <BODY>

    <SCRIPT LANGUAGE="JavaScript">
    <!-- Begin
    invisimail("myname", "mydomain", "com",
    "?subject=Type%20Your%20Subject%20Here")

    // End -->

    </script>

    ==============================================

    you can change the name "invisimail" to suit yourself; don't start it with a
    number, keep it simple; change the name like wise in the <body> script.
     
    Sefani, Mar 4, 2007
    #5
  6. patrick j wrote:

    > Hi
    >
    > I'm just putting together a web-page onwhich I am going to include an
    > email address in a "mailto" link.
    >
    > To hide it from the spam bots I'm going to use ASCII codes for each
    > character of the email address.
    >
    > What I'm wondering is: will this work if I actually display the email
    > address in the web-page as well as put it in the href for the "mailto"
    > link?
    >
    > The reason I ask is that a human being will be able to see and even copy
    > and paste the email address from the web-page. Will a spam bot be able to
    > "see" it as well?


    In theory, if a browser can display it as an email address, then someone can
    write a spam bot to 'read' it too. If you throw something extra into the
    email address, then it takes some level of intelligence to delete 'DELETE
    THIS' from the . The problem is if you expect
    non-computer literate people to browse the site - they might not clue in to
    what needs to be done and get really frustrated when they try to email you.

    There are also java scripts that can display the email address but hide it
    from bots - however some of us have java script disabled, so we won't se
    anything.

    Have you thought about a link to a php form that has the server send you the
    email? No ability to harvest the email address, since there is no
    published email address.

    Carolyn
    --
    Carolyn Marenger
     
    Carolyn Marenger, Mar 5, 2007
    #6
  7. patrick j

    patrick j Guest

    On Mar 5, 2007 Carolyn Marenger wrote:

    > Have you thought about a link to a php form that has the server send you the
    > email? No ability to harvest the email address, since there is no
    > published email address.


    I think this is the way to do it. I have this on my own web-site.

    It is probably best that I talk to the person for whom I am creating the
    web-site and suggest this option.

    It is fairly easy to implement.

    --
    Patrick
    Brighton, UK
    If you wish you can email me from web-site.
    <http://www.patrickjames.me.uk>
     
    patrick j, Mar 5, 2007
    #7
  8. patrick j

    patrick j Guest

    On Mar 4, 2007 Sefani wrote:


    > you can change the name "invisimail" to suit yourself; don't start it with a
    > number, keep it simple; change the name like wise in the <body> script.


    Thank you. This is a very nice neat javascript. I see that there is one
    typo which is that you have "ivisimail" in the script when you intended
    "invisimail" which is used where you want to invoke it. Once that is sorted
    it works a treat. Of course as you say "invisimail" can be changed to
    anything.


    --
    Patrick
    Brighton, UK
    If you wish you can email me from web-site.
    <http://www.patrickjames.me.uk>
     
    patrick j, Mar 5, 2007
    #8
  9. patrick j

    patrick j Guest

    On Mar 4, 2007 Sefani wrote:

    > there's a lot of good javascript snippets on the web that dis-assemble and
    > re-assemble email addresses with DOCUMENT.WRITE statements. Some are more
    > convoluted than others.


    Hi

    I have a question about the javascript, which is in fact the same question
    I asked originally but now in a new form :)

    With this very neat script the email address does appear on the web-page in
    a constructed form by the script.

    As I could, for example, copy that address and paste it from that web-page
    does this mean that spam bots will be able to see it?



    --
    Patrick
    Brighton, UK
    If you wish you can email me from web-site.
    <http://www.patrickjames.me.uk>
     
    patrick j, Mar 5, 2007
    #9
  10. patrick j

    Rik Guest

    patrick j <> wrote:

    > On Mar 4, 2007 Sefani wrote:
    >
    >> there's a lot of good javascript snippets on the web that dis-assemble
    >> and
    >> re-assemble email addresses with DOCUMENT.WRITE statements. Some are
    >> more
    >> convoluted than others.

    >
    > Hi
    >
    > I have a question about the javascript, which is in fact the same
    > question
    > I asked originally but now in a new form :)
    >
    > With this very neat script the email address does appear on the web-page
    > in
    > a constructed form by the script.
    >
    > As I could, for example, copy that address and paste it from that
    > web-page
    > does this mean that spam bots will be able to see it?


    Most spam bots (email scrapers) don't run javascript.
    --
    Rik Wasmus
     
    Rik, Mar 5, 2007
    #10
  11. patrick j

    patrick j Guest

    On Mar 5, 2007 Rik wrote:

    > Most spam bots (email scrapers) don't run javascript.


    This I sort of thought after I sent in the post. I think I'm going to go
    with this javascript option for this web-page.

    Thank you to all for the various thoughts and suggestions.

    --
    Patrick
    Brighton, UK
    If you wish you can email me from web-site.
    <http://www.patrickjames.me.uk>
     
    patrick j, Mar 5, 2007
    #11
  12. patrick j

    patrick j Guest

    On Mar 4, 2007 dorayme wrote:

    > We had a thread a while back in which Spider Monkey gave some
    > impressive results of personal trials using encoding etc and no
    > one really challenged the fact that various masking techniques
    > were quite effective in practice.


    Yes, I recall that thread. Was it Spider Monkey however who did the tests?

    > I believe now in encoding email addresses and my view is that
    > spam bots will go for the low lying fruit and that it is worth it
    > to put email addresses onto higher branches.


    I've gone through the various suggestions and now I think I'll use the
    suggested javascript.

    Although it's true it doesn't work if javascript is off, I think for this
    web-page 99% of users will have javascript on.

    The web form I think is the most secure way to prevent the email address
    being harvested however the neatness of just the email address on the
    web-page is nice in this application.

    For some reason I think the javascript might be more secure than using
    ASCII number alternative to the actual letters but I don't know why I think
    that. Indeed the personal testing out of this reported some time ago in
    this newsgroup would shed light on this.

    Thanks to all for your suggestions :)



    --
    Patrick
    Brighton, UK
    If you wish you can email me from web-site.
    <http://www.patrickjames.me.uk>
     
    patrick j, Mar 5, 2007
    #12
  13. patrick j

    Rik Guest

    patrick j <> wrote:
    > On Mar 4, 2007 dorayme wrote:
    >
    >> We had a thread a while back in which Spider Monkey gave some
    >> impressive results of personal trials using encoding etc and no
    >> one really challenged the fact that various masking techniques
    >> were quite effective in practice.

    >
    > Yes, I recall that thread. Was it Spider Monkey however who did the
    > tests?
    >
    >> I believe now in encoding email addresses and my view is that
    >> spam bots will go for the low lying fruit and that it is worth it
    >> to put email addresses onto higher branches.

    >
    > I've gone through the various suggestions and now I think I'll use the
    > suggested javascript.
    >
    > Although it's true it doesn't work if javascript is off, I think for this
    > web-page 99% of users will have javascript on.
    >
    > The web form I think is the most secure way to prevent the email address
    > being harvested however the neatness of just the email address on the
    > web-page is nice in this application.
    >
    > For some reason I think the javascript might be more secure than using
    > ASCII number alternative to the actual letters but I don't know why I
    > think
    > that.


    Well, reverting ascii values and/or htmlentities back to their characters
    is very easy to do in almost every language I know.
    --
    Rik Wasmus
     
    Rik, Mar 5, 2007
    #13
  14. In article <>,
    patrick j <> wrote:

    > On Mar 4, 2007 dorayme wrote:
    >
    > > We had a thread a while back in which Spider Monkey gave some
    > > impressive results of personal trials using encoding etc and no
    > > one really challenged the fact that various masking techniques
    > > were quite effective in practice.

    >
    > Yes, I recall that thread. Was it Spider Monkey however who did the tests?


    Ahem, it was Nikita the Spider. =)

    http://NikitaTheSpider.com/articles/IngenReklamTack.html

    Unfortunately I have been too lazy to amend that article to include a
    link to this one which you might also find interesting:
    http://www.cdt.org/speech/spam/030319spamreport.shtml

    --
    Philip
    http://NikitaTheSpider.com/
    Whole-site HTML validation, link checking and more
     
    Nikita the Spider, Mar 5, 2007
    #14
  15. patrick j

    liamo Guest

    what about email addresses in flash?
    they are not detected by spam bots - right?

    in the action script...
     
    liamo, Mar 5, 2007
    #15
  16. patrick j

    John Hosking Guest

    Nikita the Spider wrote:
    > In article <>,
    > patrick j <> wrote:
    >
    >>On Mar 4, 2007 dorayme wrote:
    >>
    >>>We had a thread a while back in which Spider Monkey gave some
    >>>impressive results of personal trials using encoding etc and no
    >>>one really challenged the fact that various masking techniques
    >>>were quite effective in practice.

    >>
    >>Yes, I recall that thread. Was it Spider Monkey however who did the tests?

    >
    > Ahem, it was Nikita the Spider. =)


    :) LOL :)

    Nikita the Spider, Ivana the Monkey, Svetlana the Hairy-nosed Wombat.
    What's the big difference? Don't be so picky. ;-)

    --
    John
     
    John Hosking, Mar 5, 2007
    #16
  17. In article <>,
    "liamo" <> wrote:

    > what about email addresses in flash?
    > they are not detected by spam bots - right?
    >
    > in the action script...


    Yes, that will work, but once you stop using ordinary HTML, you begin to
    decrease the number of people (i.e. real people who want to contact you,
    not spam bots) who will be able to use the address. For instance, on my
    main browser, Flash is deliberately disabled, as is Javascript (for most
    sites), so I'd never see a Flash-based email address. That's not a
    problem as long as you provide a form-based method of contact as an
    alternative to the Flash, but doing so is more work than just using a
    plain HTML address. And as long as you're willing to put yourself to the
    trouble of providing a contact form, you might as well just write the
    address using Javascript since that's a lot simpler than using Flash.

    --
    Philip
    http://NikitaTheSpider.com/
    Whole-site HTML validation, link checking and more
     
    Nikita the Spider, Mar 5, 2007
    #17
  18. patrick j

    liamo Guest

    ok good advice so you reckon just do the whole break the email address
    apart using javascript?

    cheers liam

    http://www.ebesign.co.nz
     
    liamo, Mar 5, 2007
    #18
  19. patrick j

    patrick j Guest

    patrick j, Mar 5, 2007
    #19
  20. patrick j

    dorayme Guest

    In article
    <>,
    patrick j <> wrote:

    > On Mar 4, 2007 Sefani wrote:
    >
    >
    > > you can change the name "invisimail" to suit yourself; don't start it with
    > > a
    > > number, keep it simple; change the name like wise in the <body> script.

    >
    > Thank you. This is a very nice neat javascript. I see that there is one
    > typo which is that you have "ivisimail" in the script when you intended
    > "invisimail" which is used where you want to invoke it. Once that is sorted
    > it works a treat. Of course as you say "invisimail" can be changed to
    > anything.


    You might look at

    http://www.addressmunger.com/

    The non js method is preferable for oft cited reasons re js on
    web pages

    --
    dorayme
     
    dorayme, Mar 5, 2007
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brian W
    Replies:
    1
    Views:
    408
    Tian Min Huang
    Jul 18, 2003
  2. me

    Hiding Email address

    me, Apr 4, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    506
    =?Utf-8?B?U2NvdHQgU2ltb25z?=
    Apr 4, 2005
  3. Replies:
    8
    Views:
    480
    Philip
    Jun 30, 2006
  4. Klaus Caprani

    Banning the spam-bots

    Klaus Caprani, Jul 6, 2003, in forum: Javascript
    Replies:
    1
    Views:
    79
    Evertjan.
    Jul 6, 2003
  5. Replies:
    7
    Views:
    181
    Richard Cornford
    Jun 30, 2006
Loading...

Share This Page