SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Enthusiast nosnevel's Avatar
    Join Date
    Aug 2003
    Location
    US
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Hiding email in mailto links

    I've been reading about hiding email addresses in mailto links so that the nasty spammer-bots can't read it.

    My question is, if I pull the email address from a database and use syntax like:
    PHP Code:
    mailto:<?php echo $row['email']
    doesn't that effectively "hide" the email address? My thought is that the spam-bots don't actually call the database, do they?

    Or is it better to use a mailto class that encrypts the email address. If this is better, should I use javascript or hex encryption?

    Some many questions. . . so little (free) time!

    Thanks in advance for responses.
    Larry
    Larry Levenson
    Sigma Web Technologies - Prescott Valley, AZ, USA
    http://www.SigmaWebTechnologies.com

  2. #2
    SitePoint Enthusiast
    Join Date
    Feb 2004
    Location
    UK
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Larry,

    Your email address will still be shown, as the php will be outputted as html, even for a spam-bot.

    It might be worth having a look at something like the hiveware_enkoder, which is a javascript 'solution' to this problem (I'm not sure if it is 100% effective but does add a degree of encryption to your email address).

    Hope that helps

    Rob.

  3. #3
    SitePoint Member
    Join Date
    Jan 2003
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Server-side code feeds spambots too!

    I you use server-side code to serve up a mailto: link, the spambots will see only the resulting HTML.

    Quote Originally Posted by nosnevel
    I've been reading about hiding email addresses in mailto links so that the nasty spammer-bots can't read it.

    My question is, if I pull the email address from a database and use syntax like:
    PHP Code:
    mailto:<?php echo $row['email']
    doesn't that effectively "hide" the email address? My thought is that the spam-bots don't actually call the database, do they?

    Or is it better to use a mailto class that encrypts the email address. If this is better, should I use javascript or hex encryption?

    Some many questions. . . so little (free) time!

    Thanks in advance for responses.
    Larry
    Thus, if you serve up a well-formed mailto: link (using your favorite server-side code), it gives away the keys to your inboxes.

    I recommend using both server-side and client-side code to protect email addresses. Here's how the client-side JavaScript code looks...

    Code:
     document.write((_='richard(dot)renfrow(at)juno(dot)com'.split('(at)').join('@').split('(dot)').join('.')).link(_))
    And on the server-side... Select a well-formed email address from your contacts database; convert . to (dot) and @ to (at); and write it to the browser as a string literal, wrapped with the JavaScript code given above.
    :Richard Edwards

  4. #4
    SitePoint Enthusiast nosnevel's Avatar
    Join Date
    Aug 2003
    Location
    US
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ca_redwards

    I recommend using both server-side and client-side code to protect email addresses. Here's how the client-side JavaScript code looks...

    Code:
     document.write((_='richard(dot)renfrow(at)juno(dot)com'.split('(at)').join('@').split('(dot)').join('.')).link(_))
    This would work well for a technical aufdience. However, most of my websites are for general consumer audiences and the larry_at_sigmawebstudios_dot_com format hasn't caught on there yet. People would be confused by a mailto link that looked like that, altho' I can appreciate that spambots would have a tough time with it.

    When a spambot crawls a php page, does it call the database just like a real user would when requesting the page?

    Larry
    Larry Levenson
    Sigma Web Technologies - Prescott Valley, AZ, USA
    http://www.SigmaWebTechnologies.com

  5. #5
    Web Genius
    Join Date
    Nov 2001
    Location
    Canada
    Posts
    708
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Create a contact form on the page, which doesn't actually show your address. When the user sumbits the forum it will go to your address and you can have it setup so it sends an auto responder to the person that submits the form also releaving your address.....

  6. #6
    SitePoint Wizard bronze trophy JRMillion's Avatar
    Join Date
    Apr 2004
    Location
    Arlington VA
    Posts
    2,094
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    using server-side code to replace the characters in your email adress with their hex codes will fool some bots.

  7. #7
    SitePoint Enthusiast robsynnott's Avatar
    Join Date
    Mar 2004
    Location
    Ireland
    Posts
    54
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you're having problems with specific bots, you could find their hostnames in your logfiles and have a function which would check if the remote host is on your list of spambots, and if it is not show the email address at all.
    http://ads.synnottsoftware.com
    Free Banner Text and Popup Exchange
    http://www.synnottsoftware.com/adsenseanalysis
    AdSense CSV Report analysis tool

  8. #8
    SitePoint Member
    Join Date
    Jun 2004
    Location
    Ontario Canada
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    document.write((_='richard(dot)renfrow(at)juno(dot)com'.split('(at)').join('@').split('(dot)').join('.')).link(_))


    This would work well for a technical aufdience. However, most of my websites are for general consumer audiences and the larry_at_sigmawebstudios_dot_com format hasn't caught on there yet. People would be confused by a mailto link that looked like that, altho' I can appreciate that spambots would have a tough time with it.
    The above code is javascript and the person viewing your page wont see that.. they will actually get a link to your email address. It shoud hide the email address from most spambots but I think as they catch on many will be able to pick up on this code.

    I am looking for an effective way to do this myself. I started researching today. It looks like a mailto form that hides your email address should work. I am not sure of the details yet but I suspect that you will have to place your email address in a script server side. Anyone know how to do this exactly?

    Also, I am hoping to find a way to do this without using a form... is this possible?

    Thanks
    Eric B
    Attention Web Site Designers and SEOs close more sales, land
    more deals, make accurate estimates and be more profitable.
    This overview of the Website Proposal Software I use myself,
    will be some of the most important information you will ever read.

  9. #9
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    ExtraB,

    A few days ago, someone had a brilliant PHP script to use a link to a page which would create the mailto: link for the browser's e-mail client. I copied that info as :

    HTML Code:
    Be sure to write to us at <? writeMailtoLink('info@example.com'); ?>
    Additionally, you may include the text of the link, as well as additional attributes for the <a> tag, as the second and third arguments to the function call:

    PHP Code:
    <? 
    writeMailtoLink
    ('info@example.com''Request information'
                    
    'class="mailto" title="Open default mail program"'); 
    ?>
    The function was written to provide XHTML compliant markup.


    PHP Code:
    function writeMailtoLink($address=''$linkText=''$attrs='')
    // Print a valid XHTML email link with obscurred text to 
    // help prevent spambots from identifying the link as an 
    // email address.
    // PARAMETERS:
    //   $address    -- Email address
    //   $linkText   -- Text of the link.  If omitted, the email address
    //               -- will be used as the text of the link.
    //   $attrs      -- Supplemental attributes to be included within 
    //               -- the <a> tag (must be properly escaped for 
    //               -- PHP code.) May be omitted.
    // USAGE SAMPLES:
    //   writeMailtoLink('info@example.com', 'Write to us!', 
    //                  'class="email-link" title="Send email."');
    //   writeMailtoLink('info@example.com');
    //   writeMailtoLink('info@example.com', 'Request information');
    //
    // AUTHOR: 
    //   Mike Brittain, EmbiMEDIA
    //   [url]http://www.embimedia.com/[/url]
    {
        
    // Make replacements for @ and . in address string.
        
    $address str_replace('@''@'$address);
        
    $address str_replace('.''.'$address);
        
        
    // Print the email address.
        
    echo '<a href="mailto' ':' $address '"';
        if (!empty(
    $attrs)) {
            echo 
    ' ' $attrs;
        }
        echo 
    '>';
        echo (!empty(
    $linkText) ? $linkText $address);
        echo 
    '</a>';

    Absolutely brilliant -- kudos to Mike Brittain who was identified as the author!

    Regards,

    DK[HTML]
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  10. #10
    SitePoint Enthusiast
    Join Date
    Feb 2004
    Location
    UK
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I might be completely missing something here, but doesn't the above PHP script still output the email address as HTML on the page (and therefore is still visible by spambots)?

    Perhaps I have not fully understood the way to implement this though...

  11. #11
    SitePoint Wizard stereofrog's Avatar
    Join Date
    Apr 2004
    Location
    germany
    Posts
    4,324
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The problem with forum software...

    In orginal code '@' and '.' are replaced with xml numeric entities.

    http://embimedia.com/resources/labs/...l-encoder.html

    Although I dont understand too how this can hinder an intelligent spam bot.

  12. #12
    does not play well with others frezno's Avatar
    Join Date
    Jan 2003
    Location
    Munich, Germany
    Posts
    1,391
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    take a look at this thread
    We are the Borg. Resistance is futile. Prepare to be assimilated.
    I'm Pentium of Borg.Division is futile.Prepare to be approximated.

  13. #13
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by roblewis100
    I might be completely missing something here, but doesn't the above PHP script still output the email address as HTML on the page (and therefore is still visible by spambots)?

    Perhaps I have not fully understood the way to implement this though...
    Indeed! Not only that but I'd expounded on that in another thread. Yes, my suggestion and kudos for Mike Brittain was badly misplaced.

    The code I'd actually been looking for is very simple in concept:

    PHP Code:
    <?php
    if (isset($_GET['email']))
    {
        
    $email str_replace(':''@'$_GET['email']);
        
    header("Location: mailto:$email");
        exit();
    }
    ?>

    <html>
    <head>
    <title>Anti Spam</title>
    </head>
    <body>
    <h1>Anti Spam - Email Protection</h1>
    <a href="<?php echo $_SERVER['PHP_SELF']; ?>?email=info:mydomain.com">Mail me !</a>
    <br />
    </body>
    </html>
    This would have to be changed to include the link within a normal page and I'd do a better job of separating the username and domain but you get the idea. If this link is clicked on, it will call itself and access the $_GET array for the mailto information THEN call the registered e-mail client.

    MY APOLOGIES TO EVERYONE FOR MY GROSS LAPSE THE OTHER NIGHT.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  14. #14
    SitePoint Enthusiast
    Join Date
    Feb 2004
    Location
    UK
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    DK,

    That's more like the sort of solution I've been looking for - the fact that it doesn't rely on javascript to work is a bonus. I would agree about doing a better job of separating the domain from the username.

    Just one reservation I have is that do we know what a spambot would get if it tried to follow the link?

    Rob

  15. #15
    SitePoint Zealot wineo's Avatar
    Join Date
    Nov 2003
    Location
    Perth, Western Australia
    Posts
    157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am sure that I mentioned this somewhere...

    If you use header() then the mailto: will be visible in the header response values and I would say the the clever harvesters would definitely pick your email address up from that!

  16. #16
    SitePoint Wizard Nikolas's Avatar
    Join Date
    Feb 2005
    Location
    Greece
    Posts
    1,222
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    <?
    $mail="mail@mail.com";

    $code="<script>var mail=String.fromCharCode(";
    for($i=0; $i<strlen($mail); $i++) $code.=ord($mail[$i]).",";
    $code=substr($code,0,-1).");document.write('<a href=\"mailto:'+mail+'\">'+mail+'</a>');</script>";

    print($code);
    ?>


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •