Using ISO-8859-1 encoding as the safemail.org sites generates is a
sham. The site should be taken down as it is probably a phishing hole
used to collect legitimate addresses from those who don't know
any better.
How do I know this? I've developed encoding schemes myself (years ago)
using Cold Fusion and ASP. I discovered that none of the browsers
I tested with can parse the mailto: protocol handler if it was encoded.
Thus, even scripts used by amateurs can find the mailto: and grab
any characters that follow and simply decode them. Its a piece of cake.
Using JavaScript to build the address dynamically is also a sham that to
my surprise is still being touted by developers that are supposed to know
better. Let me make it clear:
TEXT EMBEDDED IN THE BODY OF A WEB PAGE IS INSECURE
The JavaScript method is easily foiled by anybody that has 'screen scraping'
and 'regular expressions' scripts. Cheap Linux hack box harvesting farms
can be built from old machines for what? Under $100 a box if that?
At the moment, the only way to display an e-mail address in a web page
'securely' is to use an imaging methodology that requires a human operator
to read something and/or interact with a form.
Still, that is not really 'secure' but is 'presumed' to be an effective defense
as actually harvesting the address would require a human operator to see
and manually record the addresses one at a time. So, this method is
only as secure as the hassle factor allows.
--
<%= Clinton Gallagher
A/E/C Consulting, Web Design, e-Commerce Software Development
Wauwatosa, Milwaukee County, Wisconsin USA
NET csgallagher@ REMOVETHISTEXT metromilwaukee.com
URL
http://www.metromilwaukee.com/clintongallagher/
Here is one option
http://www.safeemail.org/
though I believe as spambots get smarter, they'll eventually catch on.
You could also look at javascript email cloakers, there are many out there.
Also you could always just use an image to display your email, but I'd follow
this articles advice.
http://www.15seconds.com/issue/040202.htm