[Web4lib] anti-spam email adress

Ross Singer ross.singer at library.gatech.edu
Fri Sep 15 09:50:40 EDT 2006


Fred, the onClick idea is a nice hack!  The cut and pasters could
probably be appeased if you changed it to onMouseOver rather than
onClick.

-Ross.

On 9/14/06, Fred Edwards <fred.edwards at smu.ca> wrote:
> of course, the only real solution is to not put an email address on
> your website... but that's not your goal.
>
> Casey Durfee's solution (munging the address) is something I've
> done... sometimes making it even more complex, like putting the whole
> address into a function and compartmentalizing the actual address into
> variables to be concatenated after an onclick event
>
> you could add to this by making the "human readable" address a
> graphic, though truly good spammers can use OCR hacks to get the
> address
>
> and this however is no good if you want to provide viewers the ability
> to cut and paste the email address
>
> you could also blend in characters before and after the address that
> are the colour of the background of the page... the characters will
> get caught up by the spambot but will of course be caught up in a cut
> and paste as well and will make for an invalid email address for valid
> users
>
> you could probably do something like this to help as much as possible:
>
> document.write("<a hre" + "f='mai" + "lto:casey.durfee" + "@" +
> "spl.or" + "g'>");
> document.write("<font color='#ffffff'>..**..</font><br />casey.durfee");
> document.write("@");
> document.write("spl.or"+"g");
> document.write("<br /><font color='#ffffff'>..**..</font></a>");
>
>
> the problem, of course, with anything like this solution, is that many
> spiders can scour the rendered page not just the source... which will
> make any pre-rendered solutions moot...
>
> I used to do something to prevent that and would look more like this:
>
> <a href="javascript:\\" onClick="processClick()">e-mail</a>
>
> which will put a nice little link on the page for the user to click
>
> inside the function processClick(), I would munge the address and then
> forward the concatenated version to the viewers email program
>
> function processClick() {
>
> var a1="casey.durfee";
> var a2="@";
> var a3="spl.";
> var a4="org"
>
> document.location=("mailto:" + a1 + a2 + a3 + a4);
>
> }
>
> using document.location like this will prevent any email address from
> being rendered and thus escaping more robust spambots.
>
> however, it's still not the solution for cut and paste users,
> especially not with the number of people that use web based email and
> need to be able to cut and paste, and on most public terminals
> web-based mail is the only option
>
> so, the most viable solution to prevent email addresses from being
> spam listed is certainly the server-side processed form... however
> it's important to remember that email forms, unless really well done,
> can open up all kinds of other security risks as well, but that's
> another topic
>
> you could add to a form solution by having the address the mail goes
> to be a service like Gmail or bigfoot which will allow you to forward
> the mail it receives to your actual email address, many web mail sites
> include antispam services... Gmail's anti-spam filtering is pretty
> good and you can also create a filter to only forward email from a
> recognized email address... which you can designate on your form as
> something completely unique and random... Gmail will then forward any
> "non-spam" to your actual address
>
> otherwise, captcha's then sort of become necessary or using a service
> somewhat like Akistmet ( http://akismet.com/)
>
> akismet is used to capture spam on comment forms on many blogs
> (particularly Wordpress),  I'm not sure if they do anything for form
> generated email...
>
> there's also "Bad Behavior" (
> http://www.homelandstupidity.us/software/bad-behavior/) which is a PHP
> script solution to prevent spambots from accessing your site
>
> I'm sure there are other solutions out there as well, but in the end a
> determined spammer is going to get through anyway so at my library
> we've pretty much opted from having email addresses listed on our
> website... we have one central email address which is displayed and
> that is managed by our reference staff and who accept the
> inevitability of spam and who the redirect queries if need be...
>
> Here's some relevant spam related reads:
>
> http://www.ftc.gov/bcp/conline/pubs/alerts/spamalrt.htm
> http://www.junkbusters.com/junkemail.html
> http://www.spamhelp.org/articles/
>
> hope this helps.
>
>
> --
>
> Fred Edwards
>
> Systems Technician
> Patrick Power Library
> Saint Mary's University
> Halifax, Nova Scotia    B3H 3C3
>
> Phone:     (902) 420-5096
> Fax:       (902) 420-5561
> E-mail:    Fred.Edwards at smu.ca
> Website:    http://www.smu.ca/library/
>
> --
>
>
>
> On 9/13/06, Casey Durfee <Casey.Durfee at spl.org> wrote:
> >  You can do it with javascript --
> >
> > document.write("<a hre" + "f='mai" + "lto:casey.durfee" + "@" +
> > "spl.or" + "g'>");
> >
> > That's not going to catch the attention of most bots because they're
> > looking for "mailto" or "___ at __.__" type strings on the page.
> >
> > You can also have the email address as an image generated dynamically
> > by the GD library or similar.
> >
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>
>


More information about the Web4lib mailing list