Need to add this code to my website to hide my email from spam bots

Discussion in 'HTML' started by fb3003@gmail.com, Jun 24, 2006.

  1. Guest

    how can i add this code:

    <script language=javascript>
    <!--
    var username = "fb3003";
    var hostname = "gmail.com";
    var linktext = "Click Here To Send Me Email";
    document.write("<a href=" + "mail" + "to:" + username +
    "@" + hostname + ">" + linktext + "</a>")
    //-->
    </script>

    to replace in this line:


    <td width="100%" bgcolor="#FFFFFF"><font face="Arial"><small><p
    align="right"></small></font><a href="index.htm"
    onMouseOver="imgAct('img5')" onMouseOut="imgInact('img5')"><img
    name="img5" src="home.gif" alt="Click for - Home" border="0" width="31"
    height="30"></a><a onMouseOver="imgAct('img6')"
    onMouseOut="imgInact('img6')" href="mailto:"><img
    name="img6" src="mail.gif" alt="Click to - Send us an Email" border="0"
    width="40" height="30"></a><a href="http://www.yahoo.com"
    onMouseOver="imgAct('img7')" onMouseOut="imgInact('img7')"><img
    name="img7" src="search.gif" alt="Click to - Perform an Internet
    Search" border="0" width="31" height="30"></a></td>

    basically, I have an envelope picture and when the mouse goes over it,
    it change color and you can click on it, and send an email. I am
    getting tons of spam, so I got the javascript code from this website
    http://www.virtuallyignorant.com/fightspam.htm , hoping that I can
    use a version of it, so that I can still use the envelope and mouse
    over option.

    Any help is greatly appreciated.
    Thanks
     
    , Jun 24, 2006
    #1
    1. Advertising

  2. Danny Guest

    Instead of using ol' document.write(), try ->
    <script type="text/javascript">
    <!--
    function STUFF() {
    var username = "fb3003";
    var hostname = "gmail.com";
    var linktext = "Click Here To Send Me Email";
    return "\m\a\i\l" + "\t\o:" + username +"@" + hostname +
    ">"+linktext;
    }
    //-->
    </script>


    <a .... href="javascript:STUFF()">
     
    Danny, Jun 24, 2006
    #2
    1. Advertising

  3. jojo Guest

    Re: Need to add this code to my website to hide my email from spambots

    schrieb:
    > how can i add this code:
    >
    > <script language=javascript>
    > <!--
    > var username = "fb3003";
    > var hostname = "gmail.com";
    > var linktext = "Click Here To Send Me Email";
    > document.write("<a href=" + "mail" + "to:" + username +
    > "@" + hostname + ">" + linktext + "</a>")
    > //-->
    > </script>
    >
    > to replace in this line:
    >
    >
    > <td width="100%" bgcolor="#FFFFFF"><font face="Arial"><small><p
    > align="right"></small></font><a href="index.htm"
    > onMouseOver="imgAct('img5')" onMouseOut="imgInact('img5')"><img
    > name="img5" src="home.gif" alt="Click for - Home" border="0" width="31"
    > height="30"></a><a onMouseOver="imgAct('img6')"
    > onMouseOut="imgInact('img6')" href="mailto:"><img
    > name="img6" src="mail.gif" alt="Click to - Send us an Email" border="0"
    > width="40" height="30"></a><a href="http://www.yahoo.com"
    > onMouseOver="imgAct('img7')" onMouseOut="imgInact('img7')"><img
    > name="img7" src="search.gif" alt="Click to - Perform an Internet
    > Search" border="0" width="31" height="30"></a></td>
    >
    > basically, I have an envelope picture and when the mouse goes over it,
    > it change color and you can click on it, and send an email. I am
    > getting tons of spam, so I got the javascript code from this website
    > http://www.virtuallyignorant.com/fightspam.htm , hoping that I can
    > use a version of it, so that I can still use the envelope and mouse
    > over option.
    >
    > Any help is greatly appreciated.
    > Thanks
    >


    You can leave out the JavaScript and crypt your E-Mail...

    http://www.oraab.de/php4/crypt.php4
     
    jojo, Jun 27, 2006
    #3
  4. Jeremy Guest

    Re: Need to add this code to my website to hide my email from spambots

    wrote:
    > Any help is greatly appreciated.
    > Thanks
    >


    First, if you're already getting lots of spam, it's too late for you.
    You're on their lists. Removing the e-mail address now is not going to
    get you off the lists.

    Second, doing this with javascript is a pretty bad idea. You might try
    replacing some or all of the characters in the <mailto:> url with their
    URL-encoded escape codes - i.e. replacing @ with %40. Not sure if this
    will faze the bots, but it's worth a try.

    In any case, javascript is probably not the answer, and document.write
    *certainly* is not.

    Jeremy
     
    Jeremy, Jun 27, 2006
    #4
  5. Philip Guest

    In article <Hhhog.161031$>,
    Jeremy <> wrote:

    > wrote:
    > > Any help is greatly appreciated.
    > > Thanks
    > >

    >
    > First, if you're already getting lots of spam, it's too late for you.
    > You're on their lists. Removing the e-mail address now is not going to
    > get you off the lists.
    >
    > Second, doing this with javascript is a pretty bad idea. You might try
    > replacing some or all of the characters in the <mailto:> url with their
    > URL-encoded escape codes - i.e. replacing @ with %40. Not sure if this
    > will faze the bots, but it's worth a try.


    I've been testing this with some spamtrap email addresses, and it
    appears to work quite well (but not perfectly).

    > In any case, javascript is probably not the answer, and document.write
    > *certainly* is not.


    IMO Javascript *can* be an answer as long as you provide an alternate
    means of contact for non-JS browsers. I use it on my site (see my sig)
    and it degrades gracefully for non-JS browsers. Yes, I know, it is kinda
    stupid of me to go to the trouble of protecting my address that way and
    then posting the same address on Usenet, but that's another issue...

    --
    Philip
    http://NikitaTheSpider.com/
    Bulk HTML validation, link checking and more
     
    Philip, Jun 29, 2006
    #5
  6. Philip wrote:
    <snip>
    > I've been testing this with some spamtrap email addresses,
    > and it appears to work quite well (but not perfectly).

    <snip>

    So it doesn't occur to you that the software used by spammers will
    evolve to be the most effective for the task? As soon as you admit that
    what you are doing is not perfect you are admitting that their exist
    e-mail address gathering techniques that are significantly superior to
    those currently in common use. Give it time and those techniques will be
    the ones in common use so all you may be doing by taking an approach
    that 'mostly works' at present is guaranteeing yourself future
    maintenance work to mitigate for the changing nature of the e-mail
    address extracting software.

    Richard.
     
    Richard Cornford, Jun 29, 2006
    #6
  7. Philip Guest

    In article <e7vuim$2bj$1$>,
    "Richard Cornford" <> wrote:

    > Philip wrote:
    > <snip>
    > > I've been testing this with some spamtrap email addresses,
    > > and it appears to work quite well (but not perfectly).

    > <snip>
    >
    > So it doesn't occur to you that the software used by spammers will
    > evolve to be the most effective for the task? As soon as you admit that
    > what you are doing is not perfect you are admitting that their exist
    > e-mail address gathering techniques that are significantly superior to
    > those currently in common use. Give it time and those techniques will be
    > the ones in common use so all you may be doing by taking an approach
    > that 'mostly works' at present is guaranteeing yourself future
    > maintenance work to mitigate for the changing nature of the e-mail
    > address extracting software.


    Richard,
    I disagree. I think spammers are after the low-hanging fruit that is
    unobfuscated email addresses, and there doesn't seem to be a shortage of
    that now or in the foreseeable future. You're right that spam harvesting
    programs could conceivably evolve to handle obfuscated addresses, but I
    see very little pressure for them to do so.

    If you disagree, that's your opinion and I'm not going to try to tell
    you it's wrong. But one thing is for sure: right now, obfuscating one's
    email address will foil more email harvesters than not obfuscating. I
    believe (and am trying to assemble real data to so I can rely on
    something besides intuition here) that using a Javascript-based method
    is more secure than simple obfuscation, even allowing for evolution of
    email harvesting programs. I think it is unlikely that email harvesters
    will ever develop the ability to interpret Javascript, not because it is
    too difficult to do but because it would be resource-intensive, a little
    dangerous, and would have a very low ROI.

    Nevertheless, obfuscation has an advantage in that it doesn't rely on
    Javascript or on the author having the ability to offer a contact form
    in the event that Javascript isn't available on the client.

    Cheers

    --
    Philip
    http://NikitaTheSpider.com/
    Bulk HTML validation, link checking and more
     
    Philip, Jun 29, 2006
    #7
  8. Philip wrote:
    > Richard Cornford wrote:


    >> Philip wrote:
    >> <snip>
    >>> I've been testing this with some spamtrap email addresses,
    >>> and it appears to work quite well (but not perfectly).

    >><snip>
    >>
    >> So it doesn't occur to you that the software used by spammers will
    >> evolve to be the most effective for the task? ...

    <snip>

    > I disagree. I think spammers are after the low-hanging
    > fruit that is unobfuscated email addresses, and there
    > doesn't seem to be a shortage of that now or in the
    > foreseeable future.


    You don't see this thread as being an indication in itself that your
    'low-hanging fruit' is already trying to move out of reach?

    > You're right that spam harvesting programs could
    > conceivably evolve to handle obfuscated addresses,
    > but I see very little pressure for them to do so.


    They already exist, they just are not yet in common use. Your own
    qualification of "but not perfectly" suggests that some are already
    defeating your e-mail address obfuscation. So the 'evolution' does not
    have to be in the software for the task, just in the choice of software
    that people use for the task.

    > If you disagree, that's your opinion and I'm not going
    > to try to tell you it's wrong. But one thing is for sure:
    > right now, obfuscating one's email address will foil more
    > email harvesters than not obfuscating.


    What I am saying is that what may be true "right now" may not be true
    next year. So if you can address the problems you may have next year
    with the same effort now as you are spending on implementing a technique
    that can be defeated it makes more sense to do that now.

    > I believe (and am trying to assemble real data to so I
    > can rely on something besides intuition here) that using a
    > Javascript-based method is more secure than simple
    > obfuscation, even allowing for evolution of email
    > harvesting programs. I think it is unlikely that email
    > harvesters will ever develop the ability to interpret
    > Javascript,


    The e-mail harvesters that are based upon automating the Microsoft web
    browser COM object (Internet Explorer) can already interpret and execute
    javascript (well, technically JScript).

    > not because it is too difficult to do but because it would
    > be resource-intensive, a little dangerous, and would
    > have a very low ROI.

    <snip>

    It has already been done, would not take more than a week's work to do
    again, and once written could be employed by thousands of individuals
    (if made available). That is not too much investment, so the return is
    proportional to the number of people trying to use javascript to obscure
    their e-mail addresses.

    Richard.
     
    Richard Cornford, Jun 30, 2006
    #8
  9. Philip Guest

    In article <e81ska$jgd$1$>,
    "Richard Cornford" <> wrote:
    > Philip wrote:
    > > Richard Cornford wrote:
    > >> Philip wrote:

    > > I disagree. I think spammers are after the low-hanging
    > > fruit that is unobfuscated email addresses, and there
    > > doesn't seem to be a shortage of that now or in the
    > > foreseeable future.

    >
    > You don't see this thread as being an indication in itself that your
    > 'low-hanging fruit' is already trying to move out of reach?


    Yes, and kudos to the OP for doing so. But there's always a fresh crop
    of low-hanging fruit coming onto the Internet. I think that there will
    always be some percentage of savvy Webmasters who will adapt the latest
    techniques (whatever they may be) to protect their email addresses. I
    also think that this percentage will be dwarfed by those who don't
    protect their email addresses, hence the fresh crop. In a few years
    time, maybe the situation will be the same or maybe it will be different
    or maybe we won't even be using email anymore. But I think most people
    would be happy with a method that would protect their email addresses
    from harvesters for several years, and I think that simply not being
    low-hanging fruit will do the job.


    > > You're right that spam harvesting programs could
    > > conceivably evolve to handle obfuscated addresses,
    > > but I see very little pressure for them to do so.

    >
    > They already exist, they just are not yet in common use. Your own
    > qualification of "but not perfectly" suggests that some are already
    > defeating your e-mail address obfuscation. So the 'evolution' does not
    > have to be in the software for the task, just in the choice of software
    > that people use for the task.


    That's true. But I still see very little pressure pushing programmers to
    add this feature to harvesters and equally little pressure pushing
    spammers to seek out software that reads obfuscated addresses. I just
    don't think they care that much.

    > > If you disagree, that's your opinion and I'm not going
    > > to try to tell you it's wrong. But one thing is for sure:
    > > right now, obfuscating one's email address will foil more
    > > email harvesters than not obfuscating.

    >
    > What I am saying is that what may be true "right now" may not be true
    > next year. So if you can address the problems you may have next year
    > with the same effort now as you are spending on implementing a technique
    > that can be defeated it makes more sense to do that now.


    Of course.

    > > I believe (and am trying to assemble real data to so I
    > > can rely on something besides intuition here) that using a
    > > Javascript-based method is more secure than simple
    > > obfuscation, even allowing for evolution of email
    > > harvesting programs. I think it is unlikely that email
    > > harvesters will ever develop the ability to interpret
    > > Javascript,

    >
    > The e-mail harvesters that are based upon automating the Microsoft web
    > browser COM object (Internet Explorer) can already interpret and execute
    > javascript (well, technically JScript).
    >
    > > not because it is too difficult to do but because it would
    > > be resource-intensive, a little dangerous, and would
    > > have a very low ROI.

    > <snip>
    >
    > It has already been done, would not take more than a week's work to do
    > again, and once written could be employed by thousands of individuals
    > (if made available). That is not too much investment, so the return is
    > proportional to the number of people trying to use javascript to obscure
    > their e-mail addresses.


    The investment in programming time is a one-time cost and is thus less
    significant in the long run relative to the other costs that I cited:
    resource usage and risk. A Javascript interpreter will consume resources
    on the spam harvester's machine. I would guess that they're running
    their harvesting operations at full speed (why wouldn't they?) and a
    Javascript interpreter would eat CPU and memory that could be spent
    parsing HTML. In addition, there's risk to running a Javascript
    interpreter. The interpreter has to be correctly sandboxed (maybe the IE
    COM object does this already, I am unfamiliar with it) and even if it
    is, there are bugs in the interpreter that can expose the harvester to
    virus payloads, etc. Carefully written Javascript could even harvest
    from the harvesters.

    So my argument, as I said before, is that the cost of adding a
    Javascript interpreter to a harvester has little to do with difficulty
    but much more to do with the long-term costs in resources and risk, and
    that these costs promise little return because (IMO) very few sites
    obscure their email addresses with Javascript.

    Regards

    --
    Philip
    http://NikitaTheSpider.com/
    Bulk HTML validation, link checking and more
     
    Philip, Jun 30, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rene Pijlman
    Replies:
    22
    Views:
    733
    Fredrik Lundh
    Dec 10, 2003
  2. Replies:
    6
    Views:
    497
  3. patrick j
    Replies:
    38
    Views:
    1,375
    John Hosking
    Mar 11, 2007
  4. Klaus Caprani

    Banning the spam-bots

    Klaus Caprani, Jul 6, 2003, in forum: Javascript
    Replies:
    1
    Views:
    78
    Evertjan.
    Jul 6, 2003
  5. Replies:
    7
    Views:
    181
    Richard Cornford
    Jun 30, 2006
Loading...

Share This Page