Hiding email address from spam bots

[patrick j]

Hi

I'm just putting together a web-page onwhich I am going to include an email
address in a "mailto" link.

To hide it from the spam bots I'm going to use ASCII codes for each
character of the email address.

What I'm wondering is: will this work if I actually display the email
address in the web-page as well as put it in the href for the "mailto"
link?

The reason I ask is that a human being will be able to see and even copy
and paste the email address from the web-page. Will a spam bot be able to
"see" it as well?

TIA

 

[Adrienne Boswell]

Gazing into my crystal ball I observed patrick j

Hi

I'm just putting together a web-page onwhich I am going to include an
email address in a "mailto" link.

To hide it from the spam bots I'm going to use ASCII codes for each
character of the email address.

What I'm wondering is: will this work if I actually display the email
address in the web-page as well as put it in the href for the "mailto"
link?

The reason I ask is that a human being will be able to see and even
copy and paste the email address from the web-page. Will a spam bot be
able to "see" it as well?

TIA

There is almost no way to keep an email address from spam-bots. I would
say the best thing to do would be to use a "throw away" address, and set
it for very aggressive filtering.

 

[J.O. Aho]

I'm just putting together a web-page onwhich I am going to include an email
address in a "mailto" link.
>
To hide it from the spam bots I'm going to use ASCII codes for each
character of the email address.

I think the spambots do handle that quite well, as javascripts hiding and so on.

The reason I ask is that a human being will be able to see and even copy
and paste the email address from the web-page. Will a spam bot be able to
"see" it as well?

You could make a small "feedback" form, where your e-mail address is hidden in
the server side script, just be careful with header injections and keep a
bit of spam control in the script that send you the mail, that way you could
limit the spam, at least your e-mail address wouldn't end in spammers databases.

But Adriennes suggestion is the best one, as soon as you get your first spam
to that address, switch to a new one.

 

[dorayme]

Gazing into my crystal ball I observed patrick j


There is almost no way to keep an email address from spam-bots. I would
say the best thing to do would be to use a "throw away" address, and set
it for very aggressive filtering.

We had a thread a while back in which Spider Monkey gave some
impressive results of personal trials using encoding etc and no
one really challenged the fact that various masking techniques
were quite effective in practice. So I am not sure that what you
are saying is correct from a practical point of view.

I believe now in encoding email addresses and my view is that
spam bots will go for the low lying fruit and that it is worth it
to put email addresses onto higher branches.

Some purists think it is not our business and that clients should
go find email spam experts to cope with the consequences of
simple email mailto:s but I believe this is too severe and
really, just wrong.

 

[Sefani]

re - hiding email from spam robots

there's a lot of good javascript snippets on the web that dis-assemble and
re-assemble email addresses with DOCUMENT.WRITE statements. Some are more
convoluted than others.

I've used one basic one for years - with excellent results.

Here's the code:

=======================

<HEAD>

<SCRIPT LANGUAGE="JavaScript">

<!-- Begin

var user;
var domain;
var suffix;
var subject;

function ivisimail(user, domain, suffix, subject)
{
document.write('<a href="' + 'mailto:' + user + '@' + domain +
'.' + suffix + subject + '" class="your_link_class">' + user + '@' + domain
+ '.' + suffix + '</a>');
}
// End -->
</script>

</HEAD>



<BODY>

<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
invisimail("myname", "mydomain", "com",
"?subject=Type%20Your%20Subject%20Here")

// End -->

</script>

==============================================

you can change the name "invisimail" to suit yourself; don't start it with a
number, keep it simple; change the name like wise in the <body> script.

 

[Carolyn Marenger]

Hi

I'm just putting together a web-page onwhich I am going to include an
email address in a "mailto" link.

To hide it from the spam bots I'm going to use ASCII codes for each
character of the email address.

What I'm wondering is: will this work if I actually display the email
address in the web-page as well as put it in the href for the "mailto"
link?

The reason I ask is that a human being will be able to see and even copy
and paste the email address from the web-page. Will a spam bot be able to
"see" it as well?

In theory, if a browser can display it as an email address, then someone can
write a spam bot to 'read' it too. If you throw something extra into the
email address, then it takes some level of intelligence to delete 'DELETE
THIS' from the (e-mail address removed). The problem is if you expect
non-computer literate people to browse the site - they might not clue in to
what needs to be done and get really frustrated when they try to email you.

There are also java scripts that can display the email address but hide it
from bots - however some of us have java script disabled, so we won't se
anything.

Have you thought about a link to a php form that has the server send you the
email? No ability to harvest the email address, since there is no
published email address.

Carolyn

 

[patrick j]

Have you thought about a link to a php form that has the server send you the
email? No ability to harvest the email address, since there is no
published email address.

I think this is the way to do it. I have this on my own web-site.

It is probably best that I talk to the person for whom I am creating the
web-site and suggest this option.

It is fairly easy to implement.

 

[patrick j]

you can change the name "invisimail" to suit yourself; don't start it with a
number, keep it simple; change the name like wise in the <body> script.

Thank you. This is a very nice neat javascript. I see that there is one
typo which is that you have "ivisimail" in the script when you intended
"invisimail" which is used where you want to invoke it. Once that is sorted
it works a treat. Of course as you say "invisimail" can be changed to
anything.

 

[patrick j]

there's a lot of good javascript snippets on the web that dis-assemble and
re-assemble email addresses with DOCUMENT.WRITE statements. Some are more
convoluted than others.

Hi

I have a question about the javascript, which is in fact the same question
I asked originally but now in a new form

With this very neat script the email address does appear on the web-page in
a constructed form by the script.

As I could, for example, copy that address and paste it from that web-page
does this mean that spam bots will be able to see it?

 

[Rik]

Hi

I have a question about the javascript, which is in fact the same
question
I asked originally but now in a new form

With this very neat script the email address does appear on the web-page
in
a constructed form by the script.

As I could, for example, copy that address and paste it from that
web-page
does this mean that spam bots will be able to see it?

Most spam bots (email scrapers) don't run javascript.

 

[patrick j]

Most spam bots (email scrapers) don't run javascript.

This I sort of thought after I sent in the post. I think I'm going to go
with this javascript option for this web-page.

Thank you to all for the various thoughts and suggestions.

 

[patrick j]

We had a thread a while back in which Spider Monkey gave some
impressive results of personal trials using encoding etc and no
one really challenged the fact that various masking techniques
were quite effective in practice.

Yes, I recall that thread. Was it Spider Monkey however who did the tests?

I believe now in encoding email addresses and my view is that
spam bots will go for the low lying fruit and that it is worth it
to put email addresses onto higher branches.

I've gone through the various suggestions and now I think I'll use the
suggested javascript.

Although it's true it doesn't work if javascript is off, I think for this
web-page 99% of users will have javascript on.

The web form I think is the most secure way to prevent the email address
being harvested however the neatness of just the email address on the
web-page is nice in this application.

For some reason I think the javascript might be more secure than using
ASCII number alternative to the actual letters but I don't know why I think
that. Indeed the personal testing out of this reported some time ago in
this newsgroup would shed light on this.

Thanks to all for your suggestions

 

[Rik]

Yes, I recall that thread. Was it Spider Monkey however who did the
tests?


I've gone through the various suggestions and now I think I'll use the
suggested javascript.

Although it's true it doesn't work if javascript is off, I think for this
web-page 99% of users will have javascript on.

The web form I think is the most secure way to prevent the email address
being harvested however the neatness of just the email address on the
web-page is nice in this application.

For some reason I think the javascript might be more secure than using
ASCII number alternative to the actual letters but I don't know why I
think
that.

Well, reverting ascii values and/or htmlentities back to their characters
is very easy to do in almost every language I know.

 

[Nikita the Spider]

Yes, I recall that thread. Was it Spider Monkey however who did the tests?

Ahem, it was Nikita the Spider. =)

http://NikitaTheSpider.com/articles/IngenReklamTack.html

Unfortunately I have been too lazy to amend that article to include a
link to this one which you might also find interesting:
http://www.cdt.org/speech/spam/030319spamreport.shtml

 

[liamo]

what about email addresses in flash?
they are not detected by spam bots - right?

in the action script...

 

[John Hosking]

Ahem, it was Nikita the Spider. =)

LOL

Nikita the Spider, Ivana the Monkey, Svetlana the Hairy-nosed Wombat.
What's the big difference? Don't be so picky. ;-)

 

[Nikita the Spider]

what about email addresses in flash?
they are not detected by spam bots - right?

in the action script...

Yes, that will work, but once you stop using ordinary HTML, you begin to
decrease the number of people (i.e. real people who want to contact you,
not spam bots) who will be able to use the address. For instance, on my
main browser, Flash is deliberately disabled, as is Javascript (for most
sites), so I'd never see a Flash-based email address. That's not a
problem as long as you provide a form-based method of contact as an
alternative to the Flash, but doing so is more work than just using a
plain HTML address. And as long as you're willing to put yourself to the
trouble of providing a contact form, you might as well just write the
address using Javascript since that's a lot simpler than using Flash.

 

[liamo]

ok good advice so you reckon just do the whole break the email address
apart using javascript?

cheers liam

http://www.ebesign.co.nz

 

[patrick j]

Ahem, it was Nikita the Spider. =)

http://NikitaTheSpider.com/articles/IngenReklamTack.html

Unfortunately I have been too lazy to amend that article to include a
link to this one which you might also find interesting:
http://www.cdt.org/speech/spam/030319spamreport.shtml

Yes, it was a different Spider

That is a most interesting article.

 

[dorayme]

Thank you. This is a very nice neat javascript. I see that there is one
typo which is that you have "ivisimail" in the script when you intended
"invisimail" which is used where you want to invoke it. Once that is sorted
it works a treat. Of course as you say "invisimail" can be changed to
anything.

You might look at

http://www.addressmunger.com/

The non js method is preferable for oft cited reasons re js on
web pages