Defeating Spam With Javascript

[Michael Hill]

I am planning to post my e-mail address on a few of my websites so
that people can contact me; however, I would like to prevent my
address from being harvested by robots.

At this time, I am considering two options:

(i) create a graphic image of my e-mail address (for example, a gif or
jpg), which would require human visitors to read the graphic and then
manually type in my e-mail address, or

(ii) use Javascript to display my address on the page, but obfuscate
it against detection by address-harvesting robots.

Please let me know which way is better. Or is there yet another way
(which I don't know about) which is considered best practice?

If Javascript is, indeed, the way to go, please direct me some sample
code.

Comments, suggestions, advice, etc. are much appreciated.


Michael

 

[kaeli]

I am planning to post my e-mail address on a few of my websites so
that people can contact me; however, I would like to prevent my
address from being harvested by robots.

Honestly, I just put my spam-catcher mail addresses on my sites (usually
(e-mail address removed)) and explicitly state that any mail that doesn't contain
certain key words in the subject line gets deleted. Which it does, since I
have forwarders set up to my REAL address that only forward that mail and
send the rest to /dev/null.
I get VERY little spam. I get more spam at my work account than my home
account. Which amuses me. *heh*

I also provide a mail form for people who don't want (or can't use) the
mailto links. That form is directly mailed to my real address with PHP
"mail" command. 'bots can't see that code.

--
--
~kaeli~
Any sufficiently advanced technology is indistinguishable
from magic.
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

 

[juglesh]

I am planning to post my e-mail address on a few of my websites so
that people can contact me; however, I would like to prevent my
address from being harvested by robots.

At this time, I am considering two options:

(i) create a graphic image of my e-mail address (for example, a gif or
jpg), which would require human visitors to read the graphic and then
manually type in my e-mail address, or

that works, its just not convieneint for users.

(ii) use Javascript to display my address on the page, but obfuscate
it against detection by address-harvesting robots.

somehow i've never trusted this (although i've never tried to test it). It
seems that if a bot can read your html/js, it could run the js, and then
reparse the output, looking for your address. Just guessing here.

Please let me know which way is better. Or is there yet another way
(which I don't know about) which is considered best practice?

You could use php to administer a little test, like "please type the answer
to: (four plus four) in this box, to get my email address" Then, when
submitted, the page would refresh, displaying the address link (provided the
user was sufficiently skilled in math<G>) PHP also can generate those 'type
the code you see in this box' images that you've probably seen.

further more, you can use php to email from a form, the user would never
need your email to contact you (and the user or bots never see your email
address).

I'm not sure, but you might be able to use flash to hide your address also.
make a small flash file that displays your email address (in graphic form),
and make it a button that has the mailto action attached to it. Well, I
know that would work, i just dont know if bots can read into flash like
that.

 

[Lasse Reichstein Nielsen]

(e-mail address removed) (Michael Hill) writes:

[prevent harvesting of e-mail address]

At this time, I am considering two options:

(i) create a graphic image of my e-mail address (for example, a gif or
jpg), which would require human visitors to read the graphic and then
manually type in my e-mail address, or

(ii) use Javascript to display my address on the page, but obfuscate
it against detection by address-harvesting robots.

Why not combine the two?

One thing I tried at one page was to replace the "@" with an image,
and then, if javascript is enabled and supports the features I need,
replace the image with a "@" again when the page has loaded.
You might even turn it into a mailto: link if you want to.

Hmm, example code:
-------------
<script type="text/javascript">
function restoreAt(id) {
var img = document.images[id];
var parent = img.parentNode;
parent.replaceChild(document.createTextNode("@"), img);
parent.normalize();
// stop here or turn into link (assumes parent node contains only addr)
var text = parent.firstChild.nodeValue;
var link = document.createElement("a");
link.href = "mailto:" + text;
var gramps = parent.parentNode;
gramps.replaceChild(link, parent);
link.appendChild(parent.firstChild);
}
</script>
<body onload="restoreAt('myAt');">
.... <span>myname<img src="atsign.png" id="myAt">exampel.com</span> ...
-------------

Does it stop harvesting? Who knows
Maybe harvesters will begin understanding Javascript, but I doubt
it's worth the effort for them.

Please let me know which way is better. Or is there yet another way
(which I don't know about) which is considered best practice?

Understand your requirements!
Must it work without Javascript? Must there be a mailto link in
that cast?

/L

 

[Michael Winter]

Lasse Reichstein Nielsen wrote:

[snip]

Maybe harvesters will begin understanding Javascript, but I doubt
it's worth the effort for them.

Apparently, they already do. It's been mentioned on alt.html (I think)
that a particular piece of software that's used for e-mail gathering
(but wasn't intended for that job) can obtain script "protected"
e-mail addresses. I don't know what it was capable of as I couldn't
find a copy, but if it piggy-backed on IE's code, for example, then
the answer would be pretty much anything.

[snip]

Are you sticking around, Lasse? It seems that all of the "original"
regulars (from my perspective) are back now.

Mike

 

[phil_gg04]

I am planning to post my e-mail address on a few of my websites

[using] Javascript to display my address on the page, but obfuscate
it against detection by address-harvesting robots

Here's what I do. I put my address on the page in a plain-text
obfuscated form like this: me (at) example (dot) com - or similar. I
put all of that in a <span> with a particular class. Then I have a
lump of javascript that runs when the page loads that finds all of the
spans with that class, de-obfuscates the address, and replaces it with
the appropriate mailto: link.

I'm not going to post the code that I'm actually using because I think
that we should all be writing our own: if we all used the same code the
robots could quickly learn to spot it, whereas all using somethng
subtly different means that they really need to execute the javascript.

I've been doing this sort of thing, and variants, for several years and
I'm fairly certain that the addresses have not yet been harvested. But
it is possible that some bots might be able to execute javascript now
or in the future. In this case, I'd suggest adding a level of
interaction: "click here for email address" goes to a JS function that
replaces those works with a mailto: link. I think that bots are
unlikely to beat that for a while.

--Phil.