Tip: How to avoid email spam from your website

  • musik
  • Legend
  • Super Moderator
  • User avatar
  • Posts: 6893
  • Loc: up a tree

Post 3+ Months Ago

There are nasty little spider thingies which crawl the Internet looking for email addresses to add to spam lists.

To avoid this, this is one way:

Where you would normally write the address, in the HTML add this, just change where you see "name" and "domainname.com" to whatever your details are.

Code: [ Select ]
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
user = "name";
site = "domainname.com";

document.write('<a href=\"mailto:' + user + '@' + site + '\">');
document.write(user + '@' + site + '</a>');
// End -->
</SCRIPT>
  1. <SCRIPT LANGUAGE="JavaScript">
  2. <!-- Begin
  3. user = "name";
  4. site = "domainname.com";
  5. document.write('<a href=\"mailto:' + user + '@' + site + '\">');
  6. document.write(user + '@' + site + '</a>');
  7. // End -->
  8. </SCRIPT>
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • UNFLUX
  • Genius
  • Genius
  • User avatar
  • Posts: 6376
  • Loc: twitter.com/unflux

Post 3+ Months Ago

i can honeslty say that i did not know this! woswers thx! :shock: :D
  • lostinbeta
  • Guru
  • Guru
  • User avatar
  • Posts: 1402
  • Loc: Philadelphia, PA

Post 3+ Months Ago

Yes this is a method you can use, but some bots actually scan the text that gets outputted onto the page and not just the source code. This is because of the people who try and get around it.

However, not all of them do this, so this works too :)
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Yep - That works pretty well. Actually, that's the simplest version of it I've seen to date. Thanks musik.
  • CazpianXI
  • Proficient
  • Proficient
  • User avatar
  • Posts: 285

Post 3+ Months Ago

I've seen websites that say:

Quote:
email me at "me at mydomain dot com"


But that tends to look unprofessional. Great advice, musik.
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

What I usually do, as I often forget to place any kind of protection on my E-Mail address, is I setup a function in my site (which are always written in PHP these days), whereby it scans the output of the site before it sends it to the browser (similar in theory to the search-engine-friendly-URLs modifications made to many PHP based forum & CMS scripts)...

It replaces any occurance of...

Code: [ Select ]
"mailto:me@myaddress.com"

With...

Code: [ Select ]
"/contact.php"

All the anchor tags get the target replaced, and they are simply confronted with a form.

Now, this is great for the webmaster, but it obviously wouldn't work for just random people posting their E-Mail addresses on your site..

1. The replacement specifically looks for the E-Mail address YOU give it, so it wouldn't replace anybody else's E-Mails (assuming you have a dynamic site that allows users to interact & post).
2. Even if it did, it wouldn't be able to pass along those other peoples' E-Mail addresses to the form without being prone the very problem we're attempting to prevent.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

you could filter submissions creating substrings of the email address, then replacing it with somthing like
Code: [ Select ]
<a href="bouncer.asp?h93w=name&e84z=domain&k8o8=com">Contact name</a>


Directing ALL mailto links to somthing like this,
Code: [ Select ]
<%
Response.Redirect("mailto:" & Request.QueryString("h93w") & "@" & Request.QueryString("e94z") & "." & Request.QueryString("k8o8"))
%>
  1. <%
  2. Response.Redirect("mailto:" & Request.QueryString("h93w") & "@" & Request.QueryString("e94z") & "." & Request.QueryString("k8o8"))
  3. %>
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

Too much hassle, if my users want to post their E-Mail addresses in public, that's their fault :lol:
  • Scorpius
  • Proficient
  • Proficient
  • User avatar
  • Posts: 401
  • Loc: Scorpion Hole

Post 3+ Months Ago

Also, you could have a file called mail.php and the emails stored in a mysql db or another type of db, with the fields name and email or something like that, and do something like this:
Code: [ Select ]
// mail.php
if ($action == 'mail') {
$getuser = mysql_query("SELECT * FROM `table_namer` WHERE name='$name'");
$getinfo = mysql_fetch_array($getUser);
$email = $getinfo['email'];
header(Location: mailto:$email);
} else {
echo "You cannot directly access this page.";
}
  1. // mail.php
  2. if ($action == 'mail') {
  3. $getuser = mysql_query("SELECT * FROM `table_namer` WHERE name='$name'");
  4. $getinfo = mysql_fetch_array($getUser);
  5. $email = $getinfo['email'];
  6. header(Location: mailto:$email);
  7. } else {
  8. echo "You cannot directly access this page.";
  9. }

Then for the link you could use something like this:
Code: [ Select ]
<a href="mail.php?action=mail&name=Scorpius">Scorpius</a>

And then that would get the user Scorpius out of the db and have his link. And unless some very smart spiders start to come this should be good.
This would mainly be used if someone was to make a nice news script or something that would require lots of registrations.
  • mallorymaloney
  • Newbie
  • Newbie
  • mallorymaloney
  • Posts: 10

Post 3+ Months Ago

Yeah, and another little tip that probably everyone knows already anyway:

If you put:

yourusername@REMOVEdomain.com,

yourusername((AT))domain((DOT))com,

Etc.,

It doesn't trick the crawlers; they know to remove the REMOVE and change the ((AT)) to @. Don't ask me how, they just do ...
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

Axe wrote:
Too much hassle, if my users want to post their E-Mail addresses in public, that's their fault :lol:


Good point :lol:
  • stickfigure
  • Beginner
  • Beginner
  • stickfigure
  • Posts: 49

Post 3+ Months Ago

i've found the best method is to use formmail that locks your email address INSIDE the script..

using ascii characters is also very successful as well. both are great especially if your target trafic tends to have javascript shut off.

youremail & # 64 yourdomain.com (minus the spaces)
i havent tried to ascii the rest of the text yet to see how successful this is..

but this is obviously only helpful if you're using a formmail that must put your email in the source code, if you print your email address on your page viewabel to the public, a lot of crawlers can read images and ascii links in this fashion.
  • conorific
  • Proficient
  • Proficient
  • User avatar
  • Posts: 350
  • Loc: NY

Post 3+ Months Ago

Wow, I didn't know that...looky at all this! I have to go play with it all now, figure out which one works best.
  • Managedlinks
  • Proficient
  • Proficient
  • Managedlinks
  • Posts: 294

Post 3+ Months Ago

The trouble with formail is many people won't use forms

Personally given a choice I ALWAYS use the email address, that way I get to keep a record of the conversation

a good obfuscator is here
http://www.rebel.com.au/hiddenemail.htm

there are not many javascript savvy bots out there
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

Personally, given a choice, I'd rather use an E-Mail too, like you said you get to keep a record of what you've said.

What I usually do, is just E-Mail myself a copy of things I submit to people via forms - and many forms (eBay for example) have a "CC a copy to myself" checkbox below the form. In those instances, I have no problems using a form to contact somebody.

The simple fact that there's a "cc me" checkbox means the site understands this particular problem and has taken that into consideration solely for our benefit.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

Managedlinks wrote:
there are not many javascript savvy bots out there


I've yet to hear of even one that can figure out a server-side mail to redirect. :D
  • Axe
  • Genius
  • Genius
  • User avatar
  • Posts: 5739
  • Loc: Sub-level 28

Post 3+ Months Ago

lol
  • Managedlinks
  • Proficient
  • Proficient
  • Managedlinks
  • Posts: 294

Post 3+ Months Ago

joebert you may or may not be right. but in all seriousness how long would it take to hack a bot to make it work ? 5 maybe 10 minutes.

adding javascript to a bot is a bit harder (actually its easy) but the bot will take a lot longer to run, slowing down the harvesting process

In truth the only way to stop harvesting bots is use forms with server side email lookups.

but we've down down that path....

Post Information

  • Total Posts in this topic: 18 posts
  • Users browsing this forum: No registered users and 110 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.