email address on homepage

[pcchong]

what is the simplest way to put the email address on the homepage so that it
is not readable by email extractor or search engine? I remember someone
wrote a simple script to do that, but I can't find it now. Anyone know
about this? Thanks.


pcchong

 

[Randy Webb]

what is the simplest way to put the email address on the homepage so that it
is not readable by email extractor or search engine? I remember someone
wrote a simple script to do that, but I can't find it now. Anyone know
about this? Thanks.

<img src="emailAddress.jpg" ......>

where emailAddress.jpg is, you guessed it, an image of your email
address. The problem is two-fold though. Non-image browsers won't get
the image unless you place it in the alt attribute which would defeat
the purpose. Relying on JS to do it also has the same, non-JS, limitations.

The solution to people being able to email you without bots getting your
address? Simple. A form that submits the email data and then emails it
to you.

 

[Richard Cornford]

what is the simplest way to put the email address on
the homepage so that it is not readable by email
extractor or search engine?

'email address on ... page' and 'not readable by ...' cannot be done. If
the email address harvesting software is smart enough (and that don't
have to be that smart (particularly if you make it into a mailto: link))
it will get the address whatever you do.

Fortunately email harvesters are the preserve of spammers and spammers
are incredibly dim. Most current email harvesters can be thrown off by
substituting some characters (including the '@') with suitable HTML
entities. However, as people munge their email addresses spammers will
probably just move to more sophisticated email harvesting software (you
don't have to be smart to use other people's software).

So the best that can be achieved is partial protection at present, with
diminishing effectiveness over time.

I remember someone wrote a simple script
to do that, but I can't find it now.

<snip>

Do not use a (client-side) script for this. They can do no more than
would be achieved by substituting characters for entities in the HTML
and they introduce a needless dependency on client-side scripting.

Richard.

 

[Dr John Stockton]

JRS: In article <[email protected]>, dated Thu, 7 Apr
2005 09:37:38, seen in Randy Webb

The solution to people being able to email you without bots getting your
address? Simple. A form that submits the email data and then emails it
to you.

But be aware of consequences.

If I E-mail using someone's mailto:, or using an address obtained by any
other means, then my message is entered in my mail database for future
reference; moreover, I then compose using my mailer's editing features.

That will not happen with a form, unless I compose the message in my
mailer, copy it to the form, and then post the mail to a dummy address.

You might consider robotically mailing the question back ...

Better, IMHO, to use a mailto: or otherwise give the actual address, but
disguise it so that a bot will not bother to find it, or will be unable
to recognise it. But don't give anything that a bot is likely to
interpret as an address which is not yours.


Also : when providing such a form, be generous with the text composition
area (width and height), unless the application is so specific that the
message must be short - in which case a questionnaire-form might be
better.

 

[Randy Webb]

JRS: In article <[email protected]>, dated Thu, 7 Apr
2005 09:37:38, seen in Randy Webb



But be aware of consequences.

The only negative consequence I am aware of with a mailto: form is if
the visiting UA does not support forms.

If I E-mail using someone's mailto:, or using an address obtained by any
other means, then my message is entered in my mail database for future
reference; moreover, I then compose using my mailer's editing features.

That is a negative consequence to the user, not to the page author. And
if the intent is to stop spam-bots from collecting your email address
from a website, then it defeats the purpose of trying to do it if you
are going to put it on the page to allow people to simply click the link
that has the address in it.

You might consider robotically mailing the question back ...

Or, submit the form, and let the resulting page give the actual address.
With server side processing to ensure a robot can't retrieve the page
without submitting the form.

 

[Csaba Gabor]

pcchong wrote:

So the best that can be achieved is partial protection at present, with
diminishing effectiveness over time.



Do not use a (client-side) script for this. They can do no more than
would be achieved by substituting characters for entities in the HTML
and they introduce a needless dependency on client-side scripting.

Richard.

Wouldn't a reasonable solution be to have a (dithered) image of
the email displayed for non javascript browsers (saying this is my
email) to protect the email [or whatever your favorite scheme is
for email protection], and if javascript is enabled, generate a DOM
mailto: element to replace it, and assemble the address (so it
doesn't appear exactly in code), and plop it in.
Spam agents don't look at the DOM, do they? Actually, if I was
a spammer I suppose I would. But then I might also think about
diminishing returns. If someone has gone to the bother of hiding
hir email that well, what is the liklihood that they will respond
to a spam? Anyone know the state of the art on this?
Just on the chance that spammers have reached this useless
state of sophistication, you could refrain from displaying the
email unless a certain event (originating from the user - possibly
a mouse over event) has been interspersed.

Csaba Gabor from Vienna

 

[Dr John Stockton]

JRS: In article <[email protected]>, dated Thu, 7 Apr
2005 18:57:37, seen in Randy Webb

The only negative consequence I am aware of with a mailto: form is if
the visiting UA does not support forms.


That is a negative consequence to the user, not to the page author.

The purpose of the page author may be merely to obtain remuneration.
But the general intent of writing pages is to be of use, or apparent
use, to the reader. A negative consequence for the reader may cause
negative consequences to the page owner.

And
if the intent is to stop spam-bots from collecting your email address
from a website, then it defeats the purpose of trying to do it if you
are going to put it on the page to allow people to simply click the link
that has the address in it.

But I did not write that. I wrote, as you quoted, "If I E-mail using
someone's mailto:, or using an address obtained by any other means".
One can use a Web page to indicate an E-mail address to a human being
(especially if there is no wish to accommodate those of unusually low
IQ) without making it liable to robotic harvesting. Various ways are
used, and various ways are described, in my Web site.


I rather doubt whether any robot would harvest from
"I am at answer at merlyn demon then co uk if you want to reply."; but
it would be easy to select, copy, paste, and edit that to get a full
address - especially guided by it being on a web page with related URL.

Or, submit the form, and let the resulting page give the actual address.
With server side processing to ensure a robot can't retrieve the page
without submitting the form.

Another objection to forms, which that seems to double, is the relative
inconvenience for those without permanently-on Net connection.



Forms are, indeed, frequently a preferable solution, at least for the
page owner. Nevertheless, they do have disadvantages, and these should
be considered and as far as possible minimised.

 

[Richard Cornford]

Richard Cornford wrote:

Do not use a (client-side) script for this. They can do no
more than would be achieved by substituting characters for
entities in the HTML and they introduce a needless
dependency on client-side scripting.

Wouldn't a reasonable solution be to have a (dithered)
image of the email displayed for non javascript browsers
(saying this is my email) to protect the email [or whatever
your favorite scheme is for email protection],

Reasonable in the sense of being inaccessible (so illegal under some
jurisdictions) and invalid HTML without an ALT attribute. And the
provision of the attribute would likely put the mark-up back at square
one, containing the email address in text form.

I am not aware of any email address harvesting software that tries OCR
in images, but that is not out of the question.

and if javascript is enabled, generate a DOM mailto: element
to replace it, and assemble the address (so it doesn't appear
exactly in code), and plop it in.

At which point you email address has been laid bare to email harvesting
software based on a scripted IE browser component (probably the easiest
method of defeating script-protected email addresses, and the harvesters
that already do interpret javascript as part of their search.

Spam agents don't look at the DOM, do they?

At least some do.

Actually, if I was a spammer I suppose I would.

As would I. Indeed I sometimes think that posting a WSH/IE browser
component email-address harvester would be a good way of seeing an end
to the debate on the subject.

But then I might also think about diminishing returns.
If someone has gone to the bother of hiding hir email
that well, what is the liklihood that they will respond
to a spam? Anyone know the state of the art on this?

For the people who's business is selling email addresses the willingness
of the owner of the address to receive spam is not a consideration (they
already have their money by that point.

Just on the chance that spammers have reached this
useless state of sophistication, you could refrain from
displaying the email unless a certain event (originating
from the user - possibly a mouse over event) has been
interspersed.

That has been proposed before, though a mouse over would re-introduce
the inaccessibility that the use of an image would imply. But you would
be approaching the point where hiding the email address from spammers
would also be hiding it from the people you would otherwise want to find
it.

Richard.