[thelist] Re: Email Obfuscation may be beaten?

Hassan Schroeder hassan at webtuitive.com
Mon Feb 2 11:54:45 CST 2004

John.Brooking at sappi.com wrote:

> Neighborhood Harvester Author could instruct the software that there is a
> function in use out there, it could be called anything, but it can be
> recognized because the code contains the characters
>     document.write(rhs + "?subject=" + subject + "\">" + lhs + "@" + rhs +
> "<\/A>");
> So if you, harvester software, see that line, back up to the word after
> "function", and that's the function's name! Voila, now it can do the same
> thing as before.

I would recommend the contact form approach, definitely, but for the
sake of discussion --

If you use modern DOM methods instead of `document.write`, you can
put your encoding function in a separate JS file. Nothing visible
in the main HTML page would indicate that you're dynamically adding
content. And I'd be pretty skeptical that spambots follow JS script
src pointers; that's an opinion *not* based on log file analysis,
though -- anyone looked into that?

Hassan Schroeder ----------------------------- hassan at webtuitive.com
Webtuitive Design ===  (+1) 408-938-0567   === http://webtuitive.com

                           dream.  code.

More information about the thelist mailing list