SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Zealot
    Join Date
    Jun 2005
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Adding an Obfuscated Email Address to Contact Page, Or Just Have A Form?

    Hi There

    I appreciate that somebody may have asked this question already, but an advanced search didn't turn up any answers.

    I did read http://www.sitepoint.com/forums/show...security-risk& and have now worked through the suggested script.

    However, I'm still left with a fundamental question. For a user, is it best to offer a mailto link as well as a contact form? Are they more likely to contact if they have both options? If so, is it worth the security risk? I appreciate that using an Obfuscated allows a human spammer to ascertain the email address.

    Thank you greatly for any assistance

    didcot84

  2. #2
    Mouse catcher silver trophy Stevie D's Avatar
    Join Date
    Mar 2006
    Location
    Yorkshire, UK
    Posts
    5,888
    Mentioned
    122 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by didcot84 View Post
    However, I'm still left with a fundamental question. For a user, is it best to offer a mailto link as well as a contact form? Are they more likely to contact if they have both options? If so, is it worth the security risk? I appreciate that using an Obfuscated allows a human spammer to ascertain the email address.
    What you want (usually!) is for your customers to be able to contact you as easily as possible. The two main ways of doing this are (i) by clicking on a mailto: link and (ii) by submitting a contact form. Anything else they need to do makes it less likely that they will succeed or even bother. Don't make it difficult for them.

    There are good reasons for using mailto links and there are good reasons for using contact forms.

    With a mailto link, the message comes from the customer's email application/service, which guarantees that the email address given is correct (a small but significant proportion of the contact form submissions I receive have incorrect email addresses, and there are potentially others that I don't find out about some of these are recoverable but not all). It also means that people can save the message and come back to it, it may allow them to use HTML formatting, they can keep a copy in their sent items folder, and so on.

    On the other hand, the downside of a mailto link can also be the fact that it goes through the email application/service, because if you are using someone else's computer or a public terminal, you won't have your email account set up, which may make it difficult ... or even if you are using a work computer but want contact through your personal email address a contact form gets round that problem, and means that customers can specify whatever email address they want contact from you on. Contact forms can also be easier to protect against spam and harvesting.

    One method of protecting email addresses that I have found to be largely successful is to simply replace the @ with @ in the HTML (both in the mailto link and, if applicable, in the displayed text). It has exactly the same outcome, but doesn't seem to be picked up by spam harvesters except in a small minority of cases. If you don't mind the potential risk of losing some legitimate contacts, you can also use a dedicated email address for website contacts and put a required keyword in the subject line, like this:
    Code:
    <a href="mailto:website@example.com?subject=Website contact">Email me</a>
    You can then filter emails sent to that address and any that don't have the required words in the subject line can be junked. Of course, if you're doing that, it's a good idea to make sure you tell people not to change the subject line!

    Anything else where customers have to assemble the email address themselves, copy and paste it from plain text, remove certain letters or symbols from it, or whatever other manual method you choose or any automatic method that relies on Javascript is likely to see large numbers of people either try and fail, or just not bother even trying. The best thing you can do is to try to get a decent anti-spam filter on your email, and then you have far less to fear.

  3. #3
    SitePoint Zealot
    Join Date
    Jun 2005
    Posts
    102
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you very much for that comprehensive response, that has been extremely helpful, and I'll keep the post for reference.

    Based upon your words, my contact page seems to fit your criteria?

    http://tinyurl.com/csv363s

    Thank again, everything you said made perfect sense and helped me pull everything together.

  4. #4
    SitePoint Mentor silver trophybronze trophy
    Mikl's Avatar
    Join Date
    Dec 2011
    Location
    Edinburgh, Scotland
    Posts
    1,571
    Mentioned
    63 Post(s)
    Tagged
    0 Thread(s)
    Didcot,

    Your approach is exactly how I would do it, that is, give them a contact form, but let them click on an obfuscated mailto: link as an alternative.

    Just one point to add to Stevie's good advice: Another reason for not relying exlusively on the mailto: link is that the person might prefer to use a web-based mail address, such as Hotmail or Gmail, which doesn't work with mailto: links (I know it's possible to work around that, but the average person won't know how).

    One final suggestion: In the contact form, I would add a note near the email address field to say something like "We will only use your email address for dealing with your enquiry. We won't use it to send unsolicited emails, nor we will pass it on ...." (you know the rest).

    Mike

  5. #5
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,658
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    My preferred way is to use JS to mask it and give a plain text fallback that does not need to be reconstructed by the user at any point. All three in that tut are actually really good. The php one is easy all around too.

  6. #6
    SitePoint Wizard Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,280
    Mentioned
    51 Post(s)
    Tagged
    2 Thread(s)
    I like obfuscating more than just the @ symbol-- I'll obfu the words "email" and everything but the domain.com too.

    Then at the very least a honeypot on the contact form to keep out the majority of the dumbest spambots, to save sanity.

  7. #7
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,215
    Mentioned
    457 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by didcot84 View Post
    Based upon your words, my contact page seems to fit your criteria?
    One thing I'd say is that, if the user has JS off, they see this:

    ME@DOMAIN.COM

    Please click the link above should you prefer to email rather than use our contact form.
    It would be better, if using this method, just to hide all that if JS is off, rather than display something that doesn't work. Let the user just use the form without getting confused.

  8. #8
    SitePoint Wizard bronze trophy PicnicTutorials's Avatar
    Join Date
    Dec 2007
    Location
    Carlsbad, California, United States
    Posts
    3,658
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    One thing I'd say is that, if the user has JS off, they see this:



    It would be better, if using this method, just to hide all that if JS is off, rather than display something that doesn't work. Let the user just use the form without getting confused.
    I the link shown above I showed a easy way to do it with JS off

  9. #9
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi,

    One way I've done it is when users have JS enabled I have a hashed email address string that on click call the de-hashing function and substitutes the mail-to has with the unhashed email address. I then also have the choice of a contact form. If the user has JS off then the mail-to link is not shown just the contact form is displayed. I also use a honey-pot.
    ictus==""


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •