However the displayed name is so coloured that it does not suit my dark background. Could some show me the exact coding and where it should be in the coding generated so I can have a choice of colour. I know nothing about coding.
Copy & paste the code below to embed this comment.
Brett
I created a database with MySQL/PHP that stores the email addresses, which are never viewable(even through viewing the source) on the website. Am I still at risk?
I’m also in the process of configuring my email server to block everyone in the Open Relays database (http://ordb.org). Also, I’m using a tool called Mailscanner(mailscanner.info) which scans all of the emails for viruses and it has a SpamAssassin plugin.
Copy & paste the code below to embed this comment.
Sarah Knudsen
I agree that the reliance on client-side javascript is a problem; however, it’s possible to get around the problem using something like this after where you’ve embedded the [removed]
<noscript>
sk inthesoup. org
(How do I use this address?)
</noscript>
And just make How do I use this address? text a link to a page containing instructions (using a dummy email, of course!).
Copy & paste the code below to embed this comment.
thomas
I see all this 20+ lines of code just to hide email addresses from html…it´s so simple to just publish the damn thing in .swf format and stick it in your page
“The Way is shaped by use,
But then the shape is lost.
Do not hold fast to shapes
But let sensation flow into the world
As a river courses down to the sea.”
Tao Te Ching; 32 Shapes
I know how to do this in php but you could use anything that makes this possible.
When the client clicks on an email link, a box pops up asking them to enter their email address and then the site emails them the address so all they have to do is reply to that email.
Easy.
all data is stored in a MySQL database which is passworded so only the php on the server can access it.
It also cuts out any display on the web of either email address. Thus bypassing the spam issue.
Copy & paste the code below to embed this comment.
Wolverine
Another solution, used by BeSweet‘s author, is to simply replace an email link with a link to a forum page where one can leave a message on the system for the user. In my case I have forums on my site and private messages (phpnuke), so I can do that for myself too. I just did that today – what a coincidence.
Copy & paste the code below to embed this comment.
Denis in Seattle
Here’s the weakness, and a suggestion:
IT SEEMSTOOEASY to write a script that will harvest any consistently applied technique of obscuring mailto addresses. The trick is for us all to USESOMETHINGDIFFERENT. Use SSI to create throw-away e-mail addresses from some part of the user’s IP address, or use PHP to use the time of day. Mix this up with the break-apart technique, but don’t break the address at logical places. Throw in a little encoding, here and there. Keep the harvesters on their toes! Make it easier to get their addresses from other sites. The hard work they’ll go to, just for a handful of our obscured addresses, won’t be worth it.
In general I use and recommend the “caller ID” method, creating a custom e-mail address for myself each time I register for web sites, etc. I know from whom the mail came, by the address they sent it to, and can easily filter it out. Example: ebay.me@mydomain.com
I’m also using SpamAssassin, which is great by itself. I learned how to write a user_prefs file, and how to write simple procmail recipes. Together, it’s really, really effective. Because we can’t stop’em all from getting our e-mail addresses.
Blocking those nasty spambots is a real pain I agree. I have seen bots that go through the trouble of parsing email addresses after processing the web page through a browser. So how do we kill it in my shop and get even?
The Block: We have email sent to us through form submission. IP addresses are logged with the date to prevent abuse (only 3 messages an hour). This is a easy script to write. You do not have to show the address in a .cgi file
The Kill: Knowing what these bots look for, and how they operate is key. They spider hyperlinks over your entire site where there will be likely email address. We have a mailto:bsadress@bsdomain.com generator, which is hyperlinked and named directory.cgi to our contacts section.
Imagine if the spammer was caught in the mail out by getting tens of thousands of mailerdaemons. Their server admin would catch them before the complaints.
The link provided isn’t my site, just one that i found that had these scripts for free/practically nothing.
Granted This article was intended to have this be done in Javascript, and in that case consider calling the function as an external .js file to generate the email addresses and to display email links. BTW if you feel you have to display your email adress that they click on use an image that is linked the way Xavier Defrang mentioned above if you have no cgi access.
If you use cgi to provide web based email through forms, you do not have to display your email address. I do that in my shop and it works.
If you generate bogus random addresses like bs@bs.com you will tip them off to the sys admin when they begin a mailing getting thousands of “address unknowns”, or wasting their bandwidth if they are a service.
If you must display an email address, make an image that uses the method Xavier Defrang mentions above to link it, with the function as an external .js script.
The link is not my site, just a place i found where you can get these simple scripts if you are too lazy to write them.
Just search for “Balu” to find my php-solution, that generates a uniq mailto: for each visitor – which looks like
web-32bitIP.timestamp@example.com
This way I can easily reject addresses that were found by bots and are used for SPAMming. I even know where the bot came from and when. I can even find them in the webserver-logfiles and analyze their activity.
There are many other ideas and hints on that page too…
Just use a contact form that then mails you the content of the form. The user doesn’t need to know your e-mail address at all.
I use one at my site and users find it easy to use.
Cheers
By far the most elegant approach AFAIK;
Catch the email harvester in a tar pit and destroy it’s database.
(including the email address just snatched from your HTML)
The easiest and as far as I know most fool-proof method is one that Xavier almost alluded to. It involves a simple Javascript function that assembles an email address when the user clicks a hyperlink.
function mail(user) {
locationstring = “mailto:” + user + “@” + “domain.com”;
[removed] = locationstring;
}
You can of course add more variables so that you may use multiple domains, ie:
function mail(user,dom,tld) {
locationstring = “mailto:” + user + “@” + dom + “.” + tld;
[removed] = locationstring;
}
In the hyperlink, just call the function:
[removed] mail(‘johndoe’,‘domain’,‘com’);
This method has proved exceptionally reliable. To test it, I put a page with a normal email link to spam@mydomain.com and one to my real address assembled through this Javascript function. Spam comes to the spam address, but not to my real address.
Copy & paste the code below to embed this comment.
LJ
In pure HTML you can extra tags that will not get in the way.
You can also use the character entities.
JavaScript would be needed to dynamically add this to the HREF of the mailto link.
You can even distribute the parts of you email address in invisible tags around the page, even put some bits in attributes, and use JavaScript to reconstruct it in.
Problem with non-javascript browsers though.
Maybe have <? include my_email.txt ?> in the mailto href and on the page for a server side solution. But don’t bots get to the page after sever-side processing?
78 Reader Comments
Back to the ArticleRobin
I am trying out the hivelogic method displayed.
However the displayed name is so coloured that it does not suit my dark background. Could some show me the exact coding and where it should be in the coding generated so I can have a choice of colour. I know nothing about coding.
Many thanks
Robin
Brett
I created a database with MySQL/PHP that stores the email addresses, which are never viewable(even through viewing the source) on the website. Am I still at risk?
I’m also in the process of configuring my email server to block everyone in the Open Relays database (http://ordb.org). Also, I’m using a tool called Mailscanner(mailscanner.info) which scans all of the emails for viruses and it has a SpamAssassin plugin.
As noted above any technique that uses client side javascript is useless, the end user can turn it off.
Thats why you use an .asp or another server side solution if you want to foil spambots.
Sarah Knudsen
I agree that the reliance on client-side javascript is a problem; however, it’s possible to get around the problem using something like this after where you’ve embedded the [removed]
<noscript>
sk inthesoup. org
(How do I use this address?)
</noscript>
And just make How do I use this address? text a link to a page containing instructions (using a dummy email, of course!).
thomas
I see all this 20+ lines of code just to hide email addresses from html…it´s so simple to just publish the damn thing in .swf format and stick it in your page
T-Dub
The Way
“The Way is shaped by use,
But then the shape is lost.
Do not hold fast to shapes
But let sensation flow into the world
As a river courses down to the sea.”
Tao Te Ching; 32 Shapes
I know how to do this in php but you could use anything that makes this possible.
When the client clicks on an email link, a box pops up asking them to enter their email address and then the site emails them the address so all they have to do is reply to that email.
Easy.
all data is stored in a MySQL database which is passworded so only the php on the server can access it.
It also cuts out any display on the web of either email address. Thus bypassing the spam issue.
Wolverine
Another solution, used by BeSweet‘s author, is to simply replace an email link with a link to a forum page where one can leave a message on the system for the user. In my case I have forums on my site and private messages (phpnuke), so I can do that for myself too. I just did that today – what a coincidence.
Lars at the beach
simplify the javascript code to:
email me
Denis in Seattle
Here’s the weakness, and a suggestion:
IT SEEMS TOO EASY to write a script that will harvest any consistently applied technique of obscuring mailto addresses. The trick is for us all to USE SOMETHING DIFFERENT. Use SSI to create throw-away e-mail addresses from some part of the user’s IP address, or use PHP to use the time of day. Mix this up with the break-apart technique, but don’t break the address at logical places. Throw in a little encoding, here and there. Keep the harvesters on their toes! Make it easier to get their addresses from other sites. The hard work they’ll go to, just for a handful of our obscured addresses, won’t be worth it.
In general I use and recommend the “caller ID” method, creating a custom e-mail address for myself each time I register for web sites, etc. I know from whom the mail came, by the address they sent it to, and can easily filter it out. Example: ebay.me@mydomain.com
I’m also using SpamAssassin, which is great by itself. I learned how to write a user_prefs file, and how to write simple procmail recipes. Together, it’s really, really effective. Because we can’t stop’em all from getting our e-mail addresses.
David Smith
Blocking those nasty spambots is a real pain I agree. I have seen bots that go through the trouble of parsing email addresses after processing the web page through a browser. So how do we kill it in my shop and get even?
The Block: We have email sent to us through form submission. IP addresses are logged with the date to prevent abuse (only 3 messages an hour). This is a easy script to write. You do not have to show the address in a .cgi file
The Kill: Knowing what these bots look for, and how they operate is key. They spider hyperlinks over your entire site where there will be likely email address. We have a mailto:bsadress@bsdomain.com generator, which is hyperlinked and named directory.cgi to our contacts section.
Imagine if the spammer was caught in the mail out by getting tens of thousands of mailerdaemons. Their server admin would catch them before the complaints.
The link provided isn’t my site, just one that i found that had these scripts for free/practically nothing.
Granted This article was intended to have this be done in Javascript, and in that case consider calling the function as an external .js file to generate the email addresses and to display email links. BTW if you feel you have to display your email adress that they click on use an image that is linked the way Xavier Defrang mentioned above if you have no cgi access.
Whew I think I have said Enough,
David Smith
Avitar
If you use cgi to provide web based email through forms, you do not have to display your email address. I do that in my shop and it works.
If you generate bogus random addresses like bs@bs.com you will tip them off to the sys admin when they begin a mailing getting thousands of “address unknowns”, or wasting their bandwidth if they are a service.
If you must display an email address, make an image that uses the method Xavier Defrang mentions above to link it, with the function as an external .js script.
The link is not my site, just a place i found where you can get these simple scripts if you are too lazy to write them.
Avitar
דגכעדשגכשדגכדגכדגכ
Tim the Logokleptomaniac
Check out spamgourmet.com
It works the same as sneakEmail.com
Balu
http://www.neilgunton.com/spambot_trap/
Just search for “Balu” to find my php-solution, that generates a uniq mailto: for each visitor – which looks like
web-32bitIP.timestamp@example.com
This way I can easily reject addresses that were found by bots and are used for SPAMming. I even know where the bot came from and when. I can even find them in the webserver-logfiles and analyze their activity.
There are many other ideas and hints on that page too…
BaluAlex
Just use a contact form that then mails you the content of the form. The user doesn’t need to know your e-mail address at all.
I use one at my site and users find it easy to use.
Cheers
Marek Moehling
By far the most elegant approach AFAIK;
Catch the email harvester in a tar pit and destroy it’s database.
(including the email address just snatched from your HTML)
All mail links can remain unmodified.
http://www.monkeys.com/wpoison/
lithis
The easiest and as far as I know most fool-proof method is one that Xavier almost alluded to. It involves a simple Javascript function that assembles an email address when the user clicks a hyperlink.
function mail(user) {
locationstring = “mailto:” + user + “@” + “domain.com”;
[removed] = locationstring;
}
You can of course add more variables so that you may use multiple domains, ie:
function mail(user,dom,tld) {
locationstring = “mailto:” + user + “@” + dom + “.” + tld;
[removed] = locationstring;
}
In the hyperlink, just call the function:
[removed] mail(‘johndoe’,‘domain’,‘com’);
This method has proved exceptionally reliable. To test it, I put a page with a normal email link to spam@mydomain.com and one to my real address assembled through this Javascript function. Spam comes to the spam address, but not to my real address.
Hopefully this helps someone!
LJ
In pure HTML you can extra tags that will not get in the way.
You can also use the character entities.
JavaScript would be needed to dynamically add this to the HREF of the mailto link.
You can even distribute the parts of you email address in invisible tags around the page, even put some bits in attributes, and use JavaScript to reconstruct it in.
Problem with non-javascript browsers though.
Maybe have <? include my_email.txt ?> in the mailto href and on the page for a server side solution. But don’t bots get to the page after sever-side processing?