[thelist] JS hiding email address

Aleem Bawany aleem.bawany at utoronto.ca
Thu Feb 27 16:31:01 CST 2003


>  > If this is only a temporary thing will turning the @
> into ascii  > not suffice?  >  > eg; test at domain.com =
> test@domain.com
>
> I've also been looking for options for "hiding" email
> addresses on my site, and this sounds like a promising
> idea (and it doesn't use JavaScript, which is good). Does
> anyone know if it would be successful at hiding the email
> address from bots?

Not really, spammers/spam bots are smarter than you and I would
like to think. Whatever encoding you try, you can test it out
here:
http://willmaster.com/possibilities/demo/RetrieveEmails.cgi

This will attempt to retrieve any emails from your site and
help you test if you have encoded it securely.

There is some interesting stuff here (if you scroll down):
http://www.healyourchurchwebsite.com/archives/cat_proverbs_1925.shtml

There is also the low-jack approach, to protect from spambots, probably
the safest bet:
name (at) domain dot com

Then there is the Javascript approach, which if advanced spambots wish,
they can still obtain by getting innerHTML or the parsed HTML instead
of the source.

There is the css approach, something based on the idea:
name<div style="display: none">bogusword</div>@domain.com

although it's not clickable.

Here's some more encodings:
%40		Hex encoded, non-parsible @ (can only be used inside
href)
&#64;		ASCII encoded @
&#037;40	this creates an ASCII % (037) followed by 40 = %40 = @

Another interesting tehcnique to catch spammers (slighly off topic
since it's got nothing to do with hiding emails) is to put a hidden
address on your site (hidden meaning, present in source, but not
visible to end-users) which is not listed anywhere else but in the
source. If someone mails you on that address, then you know a spam-bot
was behind it. You can then block all those emails from your real
address by monitoring the spam-catching address.

In my opinion the lowjack approach is the safest bet. Human readable
but it cannot match any regex. Along with this, if you wish for
visitors to be able to email you (as opposed to just noting down
your email addy), use an email form which is passed to the server,
which can in turn email it to you.


aleem

[ http://aleembawany.com/ ]




More information about the thelist mailing list