Re: obfuscate email link in mailto, protect from spammers, possible?

Discussion in 'HTML' started by Neal, Sep 17, 2004.

  1. Neal

    Neal Guest

    On Thu, 16 Sep 2004 22:09:06 -0700, mscir <> wrote:

    > I'm working on a page where the author insists on using mailto for now,
    > he will have me change it to a formmail later when he finds a permanent
    > home for the site.
    >
    > I'm using an email obfuscator so spammers (search engines/robots?) don't
    > find his email address in the page, and I'm wondering if this approach
    > is good enough. The address (shortened) looks like this:
    >
    > <a href="mailto:">
    > Click her</a>
    >
    > Can the spammers decode this? If so, any suggestons about how I can make
    > it more difficult for them?


    That won't work alone, I'm sure you know.

    I'm led to believe this is the best method:

    <a
    href="mailto:%75%73%65%72%40%65%78%61%6d%70%6c%65%2e%63%6f%6d"></a>

    See http://www.mways.co.uk/prog/hidemail.php
     
    Neal, Sep 17, 2004
    #1
    1. Advertising

  2. Neal

    mscir Guest

    mscir, Sep 17, 2004
    #2
    1. Advertising

  3. On Fri, 17 Sep 2004 01:29:51 -0400, Neal wrote:

    > I'm led to believe this is the best method:


    It looks like a good idea. Does it work?

    --
    Jeffrey Silverman

    ** Drop "PANTS" to reply by email
     
    Jeffrey Silverman, Sep 17, 2004
    #3
  4. Neal

    Neal Guest

    On Fri, 17 Sep 2004 12:00:18 -0400, Jeffrey Silverman
    <> wrote:

    > On Fri, 17 Sep 2004 01:29:51 -0400, Neal wrote:
    >
    >> I'm led to believe this is the best method:

    >
    > It looks like a good idea. Does it work?
    >


    I'm not a spambot author, but I'm led to believe by some with more
    expertise that they currently cannot decipher it, and due to the
    complexity of it are unlikely to in the near future. Unless everyone
    started doing it, in which case it might be worth the while to rewrite the
    spambots.

    The advantage is, clearly, that the user can copy and paste and read the
    text, but the source code is illegible.
     
    Neal, Sep 17, 2004
    #4
  5. Neal

    Karl Groves Guest

    "Neal" <> wrote in message
    news:eek:...
    > On Fri, 17 Sep 2004 12:00:18 -0400, Jeffrey Silverman
    > <> wrote:
    >
    >> On Fri, 17 Sep 2004 01:29:51 -0400, Neal wrote:
    >>
    >>> I'm led to believe this is the best method:

    >>
    >> It looks like a good idea. Does it work?
    >>

    >
    > I'm not a spambot author, but I'm led to believe by some with more
    > expertise that they currently cannot decipher it, and due to the
    > complexity of it are unlikely to in the near future. Unless everyone
    > started doing it, in which case it might be worth the while to rewrite the
    > spambots.
    >
    > The advantage is, clearly, that the user can copy and paste and read the
    > text, but the source code is illegible.


    I have tested the method in discussion with Guadasoft's "EFGrabber" and this
    method of obfuscation does not work.

    -Karl
     
    Karl Groves, Sep 17, 2004
    #5
  6. Neal

    Neal Guest

    On Fri, 17 Sep 2004 13:05:06 -0400, Karl Groves <>
    wrote:

    > I have tested the method in discussion with Guadasoft's "EFGrabber" and
    > this
    > method of obfuscation does not work.


    Interesting. Is there any method that does? Knowing full well that no
    method would be foolproof or future-proof, of course.
     
    Neal, Sep 17, 2004
    #6
  7. Neal

    Neal Guest

    On Fri, 17 Sep 2004 01:31:05 -0700, mscir <> wrote:

    > Neal wrote:
    >
    >> That won't work alone, I'm sure you know.
    >> I'm led to believe this is the best method:

    > <snip>
    >> See http://www.mways.co.uk/prog/hidemail.php

    >
    > Thanks Neal


    Don't thank me yet, read Karl's post..
     
    Neal, Sep 17, 2004
    #7
  8. On Fri, 17 Sep 2004 13:06:45 -0400, Neal wrote:

    > On Fri, 17 Sep 2004 13:05:06 -0400, Karl Groves <>
    > wrote:
    >
    >> I have tested the method in discussion with Guadasoft's "EFGrabber" and
    >> this
    >> method of obfuscation does not work.

    >
    > Interesting. Is there any method that does? Knowing full well that no
    > method would be foolproof or future-proof, of course.


    The only thing I do is to not use mailto: links at all anymore. I also put
    spaces arounf the @ and dot "." in the HTML source:

    Old way:
    <a href="mailto:">Email Booger</a>

    New way:
    Email Booger: booger @ booger . com

    It probably does not work that well, and it removes the nice click-to-mail
    feature of mailto: links. But it is a little obfuscating.

    --
    Jeffrey Silverman

    ** Drop "PANTS" to reply by email
     
    Jeffrey Silverman, Sep 17, 2004
    #8
  9. Neal

    Dave Patton Guest

    Neal <> wrote in
    news:eek::

    > On Fri, 17 Sep 2004 13:05:06 -0400, Karl Groves
    > <> wrote:
    >
    >> I have tested the method in discussion with Guadasoft's "EFGrabber"
    >> and this
    >> method of obfuscation does not work.

    >
    > Interesting. Is there any method that does? Knowing full well that no
    > method would be foolproof or future-proof, of course.


    I was going to suggest a method that combines presenting
    the address as an image, coupled with changing that to
    a mailto link if javascript is enabled, but I just tried
    EFGrabber on that, and it harvests the email address :-(

    In other words, because EFGrabber is used the IE rendering
    engine, any page that IE can process, and which contains
    a 'recognizable' email address in the result(not in the
    page source), can be harvested, so javascript-based
    obfuscation methods will not work.

    --
    Dave Patton
    Canadian Coordinator, Degree Confluence Project
    http://www.confluence.org/
    My website: http://members.shaw.ca/davepatton/
     
    Dave Patton, Sep 17, 2004
    #9
  10. Neal

    Big Bill Guest

    On Fri, 17 Sep 2004 13:06:45 -0400, Neal <> wrote:

    >On Fri, 17 Sep 2004 13:05:06 -0400, Karl Groves <>
    >wrote:
    >
    >> I have tested the method in discussion with Guadasoft's "EFGrabber" and
    >> this
    >> method of obfuscation does not work.

    >
    >Interesting. Is there any method that does? Knowing full well that no
    >method would be foolproof or future-proof, of course.


    Can spambots follow javascript links? I'm a beginner to this field as
    you may gather. I was thinking of putting a graphic link in, the link
    being javascripted, which would lead to an itty-bitty page with just
    the email link on it.

    BB
     
    Big Bill, Sep 17, 2004
    #10
  11. On Fri, 17 Sep 2004 22:40:39 GMT, Big Bill <> wrote:

    [snip]

    > Can spambots follow javascript links?


    Maybe not at the moment[1], but neither can all genuine users. Besides, it
    doesn't require a full ECMAScript implementation in order to execute the
    ways in which a script can be used to obfuscate an address. You can
    guarantee that if a spammer thinks it's worth it, someone will do whatever
    it takes to spam you. It makes you wonder what these people do with their
    lives...

    [snip]

    Considering that form mail providers are free (in case a host doesn't
    provide them), I personally don't see the point in all the effort.
    Allowing a visitor to use their own e-mail client is a nice enough
    intention, but if you're just looking for some feedback, it really isn't
    necessary.

    Mike


    [1] I can't say I keep up with the current state, myself.

    --
    Michael Winter
    Replace ".invalid" with ".uk" to reply by e-mail.
     
    Michael Winter, Sep 18, 2004
    #11
  12. Neal

    Dave Patton Guest

    Big Bill <> wrote in
    news:eek::

    > On Fri, 17 Sep 2004 13:06:45 -0400, Neal <> wrote:
    >
    >>On Fri, 17 Sep 2004 13:05:06 -0400, Karl Groves
    >><> wrote:
    >>
    >>> I have tested the method in discussion with Guadasoft's "EFGrabber"
    >>> and this
    >>> method of obfuscation does not work.

    >>
    >>Interesting. Is there any method that does? Knowing full well that no
    >>method would be foolproof or future-proof, of course.

    >
    > Can spambots follow javascript links?


    Yes. see my reply in this thread.

    --
    Dave Patton
    Canadian Coordinator, Degree Confluence Project
    http://www.confluence.org/
    My website: http://members.shaw.ca/davepatton/
     
    Dave Patton, Sep 18, 2004
    #12
  13. Neal

    SpaceGirl Guest

    Neal wrote:

    > On Fri, 17 Sep 2004 13:05:06 -0400, Karl Groves
    > <> wrote:
    >
    >> I have tested the method in discussion with Guadasoft's "EFGrabber"
    >> and this
    >> method of obfuscation does not work.

    >
    >
    > Interesting. Is there any method that does? Knowing full well that no
    > method would be foolproof or future-proof, of course.


    Obviously, use a form. Dont post your email address anywhere online.
    That is the ONLY way to stop spam.

    --


    x theSpaceGirl (miranda)

    # lead designer @ http://www.dhnewmedia.com #
    # remove NO SPAM to email, or use form on website #
     
    SpaceGirl, Sep 18, 2004
    #13
  14. Neal

    Big Bill Guest

    On Fri, 17 Sep 2004 23:58:16 GMT, "Michael Winter"
    <> wrote:

    >On Fri, 17 Sep 2004 22:40:39 GMT, Big Bill <> wrote:
    >
    >[snip]
    >
    >> Can spambots follow javascript links?

    >
    >Maybe not at the moment[1], but neither can all genuine users. Besides, it
    >doesn't require a full ECMAScript implementation in order to execute the
    >ways in which a script can be used to obfuscate an address. You can
    >guarantee that if a spammer thinks it's worth it, someone will do whatever
    >it takes to spam you. It makes you wonder what these people do with their
    >lives...
    >
    >[snip]


    They make money, one imagines, from selling on the harvested details.

    BB


    >
    >Considering that form mail providers are free (in case a host doesn't
    >provide them), I personally don't see the point in all the effort.
    >Allowing a visitor to use their own e-mail client is a nice enough
    >intention, but if you're just looking for some feedback, it really isn't
    >necessary.
    >
    >Mike
    >
    >
    >[1] I can't say I keep up with the current state, myself.
     
    Big Bill, Sep 18, 2004
    #14
  15. Neal

    Jim Higson Guest


    > They make money, one imagines, from selling on the harvested details.
    >
    > BB


    Lots of money
    http://www.sosdg.org/egg/gallery/

    On the subject of obfusication, let them have my address - in the last few
    years I've had ONE spam get through spamassassin's filters!
     
    Jim Higson, Sep 18, 2004
    #15
  16. On Sat, 18 Sep 2004 07:42:32 GMT, Big Bill <> wrote:

    > On Fri, 17 Sep 2004 23:58:16 GMT, "Michael Winter"
    > <> wrote:


    [snip]

    >> It makes you wonder what these people do with their lives...

    >
    > They make money, one imagines, from selling on the harvested details.


    I was referring to spammers. You know, the kind that send empty e-mails,
    messages with random words, and other such completely pointless content.

    Why?

    Mike

    --
    Michael Winter
    Replace ".invalid" with ".uk" to reply by e-mail.
     
    Michael Winter, Sep 18, 2004
    #16
  17. Dave Patton wrote:
    > Neal <> wrote in
    > news:eek::
    >
    >
    >>On Fri, 17 Sep 2004 13:05:06 -0400, Karl Groves
    >><> wrote:
    >>
    >>

    > I was going to suggest a method that combines presenting
    > the address as an image, coupled with changing that to
    > a mailto link if javascript is enabled, but I just tried
    > EFGrabber on that, and it harvests the email address :-(
    >
    > In other words, because EFGrabber is used the IE rendering
    > engine, any page that IE can process, and which contains
    > a 'recognizable' email address in the result(not in the
    > page source), can be harvested, so javascript-based
    > obfuscation methods will not work.
    >


    So using something like Hiveware Encoder wouldn't work?
    Here's the link in case you aren't familiar with it...

    http://automaticlabs.com/products/enkoderform/

    ~Senti
     
    Sentient Fluid, Sep 19, 2004
    #17
  18. Neal

    Jules Guest

    On Fri, 17 Sep 2004 12:00:18 -0400, Jeffrey Silverman wrote:

    > On Fri, 17 Sep 2004 01:29:51 -0400, Neal wrote:
    >
    >> I'm led to believe this is the best method:

    >
    > It looks like a good idea. Does it work?



    My 2p / cents / whatever...

    People don't always want to send an email immediately, or may run their
    email on a different machine to the one where they are browsing the web.

    For that reason it's at least nice to list the email address (whether
    obfuscated or not, your choice) in plain-text rather than solely having a
    mailto link. Makes it easy to cut and paste it, scribble it down on paper,
    print the page, whatever (particularly true on sites that may have other
    contact details too - phone, fax, mailing address etc.)

    cheers

    Jules
     
    Jules, Sep 19, 2004
    #18
  19. Neal

    Karl Groves Guest

    "Jules" <> wrote in message
    news:p...
    > On Fri, 17 Sep 2004 12:00:18 -0400, Jeffrey Silverman wrote:
    >
    >> On Fri, 17 Sep 2004 01:29:51 -0400, Neal wrote:
    >>
    >>> I'm led to believe this is the best method:

    >>
    >> It looks like a good idea. Does it work?

    >
    >
    > My 2p / cents / whatever...
    >
    > People don't always want to send an email immediately, or may run their
    > email on a different machine to the one where they are browsing the web.
    >
    > For that reason it's at least nice to list the email address (whether
    > obfuscated or not, your choice) in plain-text rather than solely having a
    > mailto link. Makes it easy to cut and paste it, scribble it down on paper,
    > print the page, whatever (particularly true on sites that may have other
    > contact details too - phone, fax, mailing address etc.)
    >


    Listing an email address and not making it a mailto link is a mistake. It
    will frustrate users who expect to be able to click on the address.

    -Karl
     
    Karl Groves, Sep 19, 2004
    #19
  20. Neal

    Jules Guest

    On Sun, 19 Sep 2004 10:27:04 -0400, Karl Groves wrote:

    >
    > "Jules" <> wrote in message
    > news:p...
    >> On Fri, 17 Sep 2004 12:00:18 -0400, Jeffrey Silverman wrote:
    >>
    >>> On Fri, 17 Sep 2004 01:29:51 -0400, Neal wrote:
    >>>
    >>>> I'm led to believe this is the best method:
    >>>
    >>> It looks like a good idea. Does it work?

    >>
    >>
    >> My 2p / cents / whatever...
    >>
    >> People don't always want to send an email immediately, or may run their
    >> email on a different machine to the one where they are browsing the web.
    >>
    >> For that reason it's at least nice to list the email address (whether
    >> obfuscated or not, your choice) in plain-text rather than solely having a
    >> mailto link. Makes it easy to cut and paste it, scribble it down on paper,
    >> print the page, whatever (particularly true on sites that may have other
    >> contact details too - phone, fax, mailing address etc.)
    >>

    >
    > Listing an email address and not making it a mailto link is a mistake. It
    > will frustrate users who expect to be able to click on the address.
    >
    > -Karl


    Oh, I agree - hence listing the address (along with any other contact
    details) as plain text, but making the email address a mailto link seems
    the most sensible policy (whether the site maintainer chooses to
    obfuscate it or not). I'm just saying that there are occasions when having
    the address 'buried' within a mailto link and not listed as text can be
    somewhat annoying.

    Maximum usuabiliy possible for the 'customer' (whether you're a retail
    site or not) is always the key...

    As someone else pointed out, I'd rather put up with spam if it gives a
    more flexibile way for people to contact me - spam filters are good at
    what they do, and you never know, one day it might be made illegal to send
    unsolicited crap to people :)

    cheers,

    Jules
     
    Jules, Sep 19, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mscir
    Replies:
    0
    Views:
    659
    mscir
    Apr 26, 2006
  2. Philip Ronan
    Replies:
    4
    Views:
    895
    Michael Winter
    Oct 3, 2004
  3. opeirwp
    Replies:
    4
    Views:
    431
    Jonathan N. Little
    May 15, 2008
  4. mehere

    protect perl script from spammers

    mehere, Dec 23, 2005, in forum: Perl Misc
    Replies:
    5
    Views:
    193
    mehere
    Jan 28, 2006
  5. Thomas Gagne
    Replies:
    2
    Views:
    325
    Robert Klemme
    Mar 15, 2013
Loading...

Share This Page