E-mail in the source : a no-go ?

Question

Hello guys,

I have a contact form where the email is actually accessible in the source, because I'm using a cgi file to process it. My concern are the mail crawlers, and I was wondering if this is a no-go and I should switch to another more secure form. Or, if there was some tricks to 'confuse' the crawlers ? Thanks for your ideas.

Answer 1

If by source you mean the HTML source, then absolutely that's a problem. Can you edit the cgi file to hardcode it there?

Answer 2

Yes, you should avoid that to minimize spamming.

An easy way would be to just obfuscate the e-mail, replacing . with -dot- and @ with -at- etc.

• If a human needs the address, he knows what that he has to perform
• If your CGI script takes this address as input, it has to de-obfuscate first, reverting all obfuscations.

Answer 3

If you're putting the destination address of the email in the HTML form, then not only is it a problem for mail crawlers, but spammers will use your contact form for spamming other people. All they would have to do is submit the same form with a different address in that field, and your mail server will happily send their message to a third party. You do not want to do this, as your server will quickly become blacklisted for sending spam.

Answer 4

I always convert the characters of email addresses (including the mailto statement if applicable) into character entities. This seems to work nicely, I have yet to receive automated spam on certain email addresses which are available in this manner on different websites. This converter illustrates what I mean.