views:

554

answers:

6

I think its fairly common practice these days not to include a mailto: tag in your webpage. I also realize that a better solution is to have a contact us form.

Recently I've seen some mailto tags that include and html encoded email address. Is this an affective way to stop spammers from attacking an email address?

example:

<a href="mailto:&#110;&#101;&#119;&#098;&#105;...">email me</a>

Also, are there any other techniques that I've left out? Which is the best method?

+1  A: 

From what I've heard, it will help reduce the influx of spam but will not stop it entirely. A minority (for now) of email-address-harvesting bots are smart enough to apply the decoding.

David Zaslavsky
Added a second part to my question. What's ideal? any thoughts?
bendewey
+1  A: 

Another technique is to use some Javascript to dynamically generate the mailto tag at page load time. In order for spammers to scrape such addresses, they would need to have a full Javascript processor in their web spider.

Some spammers may already do this.

Greg Hewgill
A: 

For my personal home page, I give the email address in a graphic. Then I apologize for not making it a link.

Mark Ransom
+1  A: 

I typically use the Hivelogic Enkoder. It is helpful for encoding an entire link element, not just the mailto.

One lesson learned the annoying way, however, is to comment your code with what the original element looked like before encoding. I've accidentally left off classes on the <a> tag a few times.

Mark Hurd
A: 

I have been using simple Javascript string concatenation and substring operations to obfuscate the email address for years on several websites. This seems to have worked well, since I got minimal spam on these addresses. This cannot mean that it will still work in the future.

cdonner
+1  A: 

Without making it hard for some of your users, you're only ever going to be able to stop lazy spammers — because you don't know ahead of time which you're looking at. So if you deliver something easily accessible to a legitimate user, you're delivering something easily accessible to a spammer.

My best advice is just to get a very good spam filter if you're going to put your address on the Web. No amount of href obfuscation will do as much good.

Chuck