What are some ways to protect emails on websites from spambots?

Question

I'm creating a public internet facing website which contains the email address of their salespeople.

What kind of programming options do I have to generate the "mailto" and display the email from that address but limit the spambots from picking up the address?

Answer 1

You can use something like email obfuscation

Answer 2

Check out the enkoder!

Answer 3

I know that Facebook does it by displaying an image instead of text. Sure, they could use OCR on the image, but why bother for just one email address?

If you really didn't want spam bots to get an email address, the best way is to never show it to anyone. Show a link to "Contact this person" which brings up a form. On the server side, send the contents of that form to the recipient, with a reply-to of the sender's email address. Include a little blurb at the bottom of their message that "if this email is spam, please 'click here' to block this user", which will then block the IP of the sender. I've used this method on a number of occasions and have never had a single complaint.

Answer 4

This is a difficult problem. If you post an e-mail such that it can be parsed by a web browser so that it's clickable, then it can be parsed by a spambot. If it's not clickable (e.g. if it's an image), it's more difficult for users. On one side is perfect, seamless experience for users and on the other side is perfect spam-blocking. A simple CSS or javascript to take in an email address as separate tokens is usually better than nothing, though.

Answer 5

You could only show a part of the e-mail address "[email protected]" as a link that redirects to a captcha, then display the full e-mail address like Google Groups does.

Answer 6

We used to do classic ASP string cat for email addresses, the grand idea being that spambots read source, but don't parse server-side code. I have NO idea if that actually works.

Answer 7

If this is not a static HTML page, but a ASP.NET, JSP, Coldfusion, or PHP page then you could have a drop down box with a list of all your sales people, a text box for comments, and a "Contact Us" (ie, Submit button). When the button is clicked, it will call a server-side code which creates the email and sends it to your local mail server for delivery. The outside world will never know the email address of your sales people, nor the email format (ie, [email protected]) of your company.

Answer 8

You can obfuscate it but IMHO whatever you do, one day spammers will get your email address. The future is in spam filters, not trying to keep email addresses secret.

Answer 9

I see the mailto: protocol almost dead anyway... It is convenient, but too easy to parse and gather.

Plus it has its downsides: if you are on a Web cafe, it won't work because it will call whatever default e-mail client it has (if it has any!) and it is not set up on your account. Same if you use exclusively online e-mail managers...

A possible workaround is to decorate e-mails, relying on users to type or correct them: foo (at) example.com or [email protected] are common schemes (hoping spammers doesn't try to decipher these common schemes!), graphical e-mail addresses are another way.

Or, as pointed out, if you can, the best option is to have a contact form, with some reasonable form of protection against robots, that would be usable from everywhere. Although people might be defiant on forms asking for e-mails (for response!), so a disclaimer might be useful too... :-)

Answer 10

What I have done in the past is use javascript to build the mailto: link. This is nice for the users because they can just click on the link and I don't know of any spambots that take the time to execute javascript yet.

I think I got the idea from Jakob Nielsen's useit.com website.

In the page header I have this piece of javascript:

<script name="mailto" language="JavaScript">
    //<![CDATA[

    function load()
    {
        c1 = "bcl"
        c2 = "brian"
        c3 = "lane"
        c4 = "com"
        // Fill in the addresses
        document.getElementById("contact1").innerHTML = "<a href=" + "mail" + "to:" + c1 + "@" + c2 + c3 + "." + c4 + ">" + c1 + "@" + c2 + c3 + "." + c4 + "</a>";
    }
    //]]>

</script>

Tell it to load it when the page loads:

<body onload="load()">

And then in the body of the page I put a link to a spamtrap:

<span id="contact1"><a href="mailto:[email protected]">[email protected]</a></span>

Answer 11

Recaptcha has an excellent capture based email protection. You can see it implemented at the bottom of any page in my website using the Site Feedback link.

Answer 12

Would something that I wrote work for you?

http://kevin-le.appspot.com/viewSource/sourceShare/asmRevealer.js

...and you could see the demo here:

http://kevin-le.appspot.com/extra/contact

It works with mailto, so it's convenient for users, but spambots won't be able to pick up which is your requirements. It'll be obvious once you spend 1 minute looking at the demo.

Answer 13

Have a look at PrivateDaddy - I think it does exactly what you're looking for: fully automatic, unobtrusive email cloaking that even works with browsers where JavaScript support is disabled. You can get it here (free of course)

HTH,

Dan

Answer 14

@Dan

I work on a community web site with many (10K+) email addrs in user generated content - was going to implement a server side parsing code + image generation to do the trick - ended up implementing it with Privatedaddy and left the data intact.

thanks,

pierre