ffutures: (Default)
ffutures ([personal profile] ffutures) wrote2011-07-24 09:40 pm
  • Add Memory
  • Share This Entry

Publishing an email address - but not to spammers

Since my email address will be changing soon, I'm going to have to put the new contact details on my web site (which reminds me I need to change my address with the hosting company, nominet, nominet UK, etc.)

I want to make it as difficult as possible for spammers to use automated spiders to grab my email address from the site - I think last time I put in some tabs between letters and otherwise obfuscated things.

Any suggestions on ways of doing this?
Flat | Top-Level Comments Only

[identity profile] pauldrye.livejournal.com 2011-07-24 08:46 pm (UTC)(link)
This is how I do it:

http://www.albionresearch.com/misc/obfuscator.php

One requires JavaScript from your users, but it pretty secure. The other not, but less so.

[identity profile] ffutures.livejournal.com 2011-07-24 09:04 pm (UTC)(link)
OK, that looks OK - I think I'll try the javascript version, see if I get complaints.

[identity profile] dandello.livejournal.com 2011-07-24 11:11 pm (UTC)(link)
A javascript email protector is pretty easy to use and I use it to protect email addresses in my archives. So far no one has indicated having any problems.
Another way to do it on a website is to use a contact form with a Captcha type human detector. (Assuming you have access to either the cgi-bin or php.)
Supposedly what the spambots are looking for is the word 'mailto' and the symbol '@'
If either of those is obfuscated, the more naive spiders can't figure it out.
Of course, none of this works if one or more of the sites that has your address goes and hands it over to the bad guys.

[identity profile] draconin.livejournal.com 2011-07-24 11:38 pm (UTC)(link)
I just used a screen capture on a typed version of the address (same font and background as the website) and edited it down to be just a rectangular image the same dimensions as the line of type. I then inserted it as an image on the site. This can't be harvested by the bots as it's not text but it still appears to be so on the site.
The only disadvantage is that they can't cut and paste it, they have to read it and re-type. However, the solution to that is to include a hyperlink on the image with a "mailto:myaddress@whatever.com" as the link. That way if they click on the address it opens an email using their default browser.

[identity profile] ffutures.livejournal.com 2011-07-25 12:35 am (UTC)(link)
The trouble is that the robots generally look at the code (e.g. that Mailto: link) rather than the page.

[identity profile] uk-sef.livejournal.com 2011-07-26 07:28 am (UTC)(link)
That's why you need to use percent codes to disguise the link.

[identity profile] draconin.livejournal.com 2011-07-27 01:35 am (UTC)(link)
Actually, I just looked at it again (it was done years ago) and you're right: I didn't put the link, just the image of the email address.

Not that it really helped; posts that I made on various forums put my email address out there anyway.

[identity profile] heliograph.livejournal.com 2011-07-25 03:14 am (UTC)(link)
My suggestion would be to not bother. It makes it harder for real people to contact you, and the best way to avoid spam is good filters (or use Gmail). I work with many websites, have the address out in plain site, and spam very, very rarely gets through Gmail's filters (one or two every few months).

[identity profile] dandello.livejournal.com 2011-07-25 04:57 am (UTC)(link)
Seriously, the javascript solution really is a good one. I've have a lot of stuff get through filters.
And for more serious security, a contact form. The bot can't even get to your email address without first jumping through hoops.

[identity profile] keristor.livejournal.com 2011-07-25 05:51 am (UTC)(link)
A lot of 'bots can use contact forms (indeed any sort of HTML form is easy to program a 'bot' to hit send buttons). Of course, you can then load it using JS and have CAPTCHAs, but that then pisses off the users.

Like with a lot of other 'security' it doesn't stop the maldoers but does piss off the honest users. As far as I can see the best way is to let the text be visible but not machine-readable, but using either a picture (which is unfriendly to poor-sighted people) or to have things like keristor AT gmail DOT com.

Or not bother. The amount of spam which I can attribute to my website (which has the address in clear and links) is very small, almost all of it is based on usernames at my known domains (easy enough to get from DNS) which don't actually exist.

[identity profile] ffutures.livejournal.com 2011-07-25 06:28 am (UTC)(link)
I've gone with the javascript - it lets people see and copy the address, or click on it to open their email program, it just isn't readily readable if you look at the raw code.
Flat | Top-Level Comments Only