views:

580

answers:

7

Duplicate:


What is the best way to prevent spammers from getting the email address from your mailto links? I'm under the impression that javascript could be a solution. I don't know if my current solution is fool proof, so that's why I'm asking.

Here's what I'm currently doing:

<script language="JavaScript"><!--
var name = "emailusername";
var domain = "yahoo.com";
var text = "[email protected]";
document.write('<a href=\"mailto:' + name + '@' + domain + '\">');
document.write(text + '</a>');
// --></script>

Is there is a better way? I don't like having to have this chunk of code everywhere I want to put a mailto link.

+1  A: 

Javascript helps, but this won't help much. The email address is still visible in the html source using this type of script.

The "best" options use client-side javascript to "build" the email address out of parts, so the entire email address is never visible in the HTML source in one piece. The browser puts it together for you on the client.

Reed Copsey
A: 

That's not even remotely a good way. Spammers will grab the whole thing and match addresses with a regex. They won't bother looking for mailto:. Also, any scheme you can think of with Javascript has already been tought of and countered by the spammer. In fact, they'll probably just be able to run the javascript and get the adress.

You can

A) Filter spam
B) Use a form to submit mail (Which the spammers will still probably use.)

jfclavette
A: 

You're on the right track, but having emailusername in there sort of defeats the purpose (most spider bots don't bother to make the distinction between HTML and script code, and just look for anything that appears email-like on the page).

I have heard of evidence that some spider bots have the capability to run Javascript now, and will resolve this sort of obfuscation all by themselves.

Greg Hewgill
A: 

A simple fix:

<script language="JavaScript"><!--
var name = "emailusername";
var domain = "yahoo.com";
document.write('<a href=\"mailto:' + name + '@' + domain + '\">');
document.write(name + '@' + domain + '</a>');
// --></script>

Which basically is the same as Reed suggests but with you existing code.

veggerby
A: 

There's no 110% surefire way of preventing that, apart from dumb tricks that just hinder the use of email, like putting all email addresses as images etc.

At least personally I've accepted that the addresses will get harvested at least to some degree. I use this little php-function to html-encode all email addresses. That way they'll be perfectly usable by all real browsers, but fool the dumbest of harvesters. Like I said, it's not 110%, but I'm happy with it.

function turboencode($s){
    $tempstr = "";
    for($i = 0; $i < strlen($s); $i++){
        $c = substr($s, $i, 1);
        $tempstr .= "&#" . ord($c) . ";";
    }
    return $tempstr;
}
Tommi Forsström
A: 

The best way to prevent harvesting is to simply not have the mailto: link at all.

Short of that, there aren't many counters. Things like CSS content and images have been tried and circumvented, and JavaScript is a half-way non-solution (which is to say it doesn't work.)

One possible counter is obfuscation: Add nonsense to your address like this:

mailNO`at`SPAMyahoo`dot`com

And most automated harvesters will (initially) have some trouble detecting it. Alternatively, things like comments could be used to confuse most harvesters. (RFC822 describes the full syntax of email addresses, which includes comments as a part of the address-specification.)

Another counter is to use a form with a CAPTCHA of some sort.

None of them are fully effective.

greyfade