# Obscuring emails from spammers



## cpscdave (Feb 25, 2004)

Hi don't know if this is possible. But We need to put on a couple websites email addresses(preferably mailto links) for legit users to send emails. 

Is there a way that one can build the link such that the spam bots dont pick up on them?


----------



## cpscdave (Feb 25, 2004)

*update* I found this page http://www.web-designz.com/tools/email_encoder.shtml
Which has a tool to encode the address. Anyone know of a better solution?


----------



## thecoalman (Mar 6, 2006)

cpscdave said:


> *update* I found this page http://www.web-designz.com/tools/email_encoder.shtml
> Which has a tool to encode the address. Anyone know of a better solution?


Best way to hide it is not to put it in the html. Use a form to submit it to a script that sends it to you. It won't prevent you from getting spam sent via the form but it will prevent them from getting the e-mail address it's being sent too. There are ways to prevent the form from being spammed as well... captcha images being the most common.


----------



## covert215 (Apr 22, 2006)

if you just want to use text, you can do adress --- at --- domain


----------



## Aquarian (Apr 24, 2005)

So is using text rather than link the best or is the form better? And what are captcha images?


----------



## covert215 (Apr 22, 2006)

The form is best. A captcha image is one of those randomly generated pictures with letters and numbers in them

the user has to enter the correct numbers/letters to send the message


----------



## Sequal7 (Apr 15, 2001)

The webform is far superiour but there is an easy way using javascript like this:

This will output this: *textname textlastname* with an email link that bots cant get.

While it is effective its not a guarantee that a BOT or Crawler wont be smart enough to process it.


----------



## brendandonhu (Jul 8, 2002)

It's also going to stop anyone with Javascript disabled from using your link.


----------



## dr911 (Sep 21, 2005)

*Hey cpscdave & Ohter web-designers,

This web site : http://www.dynamicdrive.com/emailriddler/

Has a E-Mail Riddler......Description: Email Riddler is an online tool that encrypts and transform your email address into a series of numbers when displaying it, making it virtually impossible for spam harvesters to crawl and add your email to their list.

Plus they have all kinds of other "cool" scripts there too. The "E-Mail Riddler is "text/javascript" .* :up:


----------



## thecoalman (Mar 6, 2006)

Same problem as above, if the user has JS disabled it won't work for them either. I'd also suggest it's pointless to try and hide it with Javascript. I wouldn't doubt most can read it anyway.


----------



## brendandonhu (Jul 8, 2002)

It's not encrypting anything, it's just replacing the letters with ASCII codes.
http://www.lookuptables.com/


----------



## erick295 (Mar 27, 2005)

brendandonhu said:


> It's also going to stop anyone with Javascript disabled from using your link.


What you need to do to prevent this problem is create a contact page with a form, then create an anchor to that page with the text "Contact Me" or whatever. Use the rel attribute in the anchor element and give it a name, then use an external JavaScript to change the href attribute for all anchors with that rel value to the mailto: link. You can combine this with the "encryption" method and break up the string so that your email address is nowhere in any form in the HTML or even an external file. If someone with JavaScript clicks on your link, they won't know the difference. Someone without JavaScript will be taken to your form, and they likewise won't realize that anything is "wrong."

The key to using JavaScript effectively is to always provide a seamless alternative. People with JavaScript will get your full functionality, but the people without it won't realize they're missing anything.


----------



## erick295 (Mar 27, 2005)

thecoalman said:


> I wouldn't doubt most can read it anyway.


It would be very difficult to create an address fisher that understood JavaScript. With so many email addresses unprotected, it would be a futile effort anyway. It's kind of like living in a gated community. Sure, someone can get past the gate if they really wanted to, but why would they bother when there are so many easier targets?


----------



## brendandonhu (Jul 8, 2002)

erick295 said:


> What you need to do to prevent this problem is create a contact page with a form, then create an anchor to that page with the text "Contact Me" or whatever. Use the rel attribute in the anchor element and give it a name, then use an external JavaScript to change the href attribute for all anchors with that rel value to the mailto: link.


That pretty much defeats the purpose...if you have a form processor setup there is no need to use JavaScript or mailto: links in the first place. In that case, you may as well just link to the contact form and leave it at that.


----------



## erick295 (Mar 27, 2005)

brendandonhu said:


> That pretty much defeats the purpose.


Not if you want people to have more than one option for contacting you. Some people prefer to use forms, others prefer to use email... I know I personally hate contact forms because I'd rather just have someone's address and be able to email them. Other people like them.


----------



## thecoalman (Mar 6, 2006)

erick295 said:


> It's kind of like living in a gated community. Sure, someone can get past the gate if they really wanted to, but why would they bother when there are so many easier targets?


Because the targets behind the gate would possess more value.  If you're trying to hide it with javascript then it must be valid e-mail address.


----------



## erick295 (Mar 27, 2005)

thecoalman said:


> Because the targets behind the gate would possess more value.  If you're trying to hide it with javascript then it must be valid e-mail address.


Well, I guess you're right about that, but still, they don't read JavaScript... there are more than enough valid email addresses just floating around


----------



## haswalt (Nov 22, 2004)

try html encoding it. Most crawlers can't read the html encoded characters so what they see is a series of numbers and hashes. What any browser on the other hand will see is the final text output as we want to see it. This is handy for getting foreign characters into your page aswell providing your font supports it.

Another method of blocking spam bots is to use spam poison, simply add the link to your page, probably the top is best. When they find it they get pulled into a site that floods their server with fake address, therefore rendering their database useless and in some cases held up by too much traffic.

Spam poinson info can be found here:

http://www.spampoison.com/

damn useful and appears to work. i have used it on my site for about 2 years now and only get spam off the sites i have without it on.

Thanks,

Harry


----------



## Aquarian (Apr 24, 2005)

Wow, Harry. This is the same address I've been asking about. I was wondering if anyone had used it or had an opinion on it. Thanks. I was concerned that it might keep the good guys from finding the site of confusing them.


----------



## haswalt (Nov 22, 2004)

well a couple of thing to bear in mind when using this.

Potentially it can mess up your google rank if you have it on every page becuse google can inadvertantly follow the link aswell. You need to do some fancy linking and stuff to be able to use it to it's full without hindering google. If your users click the link, they will only be taken to the spam assasin website and not to the ot breaker stuff since this is only done when the grabbing normally done by the bots is detected.

Im not really sure of any other adversse effects but it might be worth doing some investigation on it.

There is a thread somewhere else a page or so back that has some info on it.


Thanks,

Harry


----------

