SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    calif
    Posts
    743
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Any way to hide your email address in html?

    On an html page I currently have this for a web vistor to select to contact Support, for example:
    Code:
    <a href="mailto:support@website1.com">
    Is there a better way to have this on the page, where it won't get captured for spamming?

  2. #2
    Mazel tov! bronze trophy kohoutek's Avatar
    Join Date
    Aug 2004
    Location
    Hamburg, Germany
    Posts
    4,248
    Mentioned
    30 Post(s)
    Tagged
    0 Thread(s)
    There's virtually no way at all to protect yourself from spam when making a contact address publicly available.

    Alternatively to posting your email link, you could use a contact form. You'll still receive plenty of spam.

    You could also make it more difficult for spammers to take your email information by constructing something like this:

    my_email /remove this part and add the @ sign / my_email_provider /dot/com

    The disadvantage? You're making users work harder, so I don't recommend it.

    Another thing you could use is Hivelogic's Javascript encryption tool.

    That, however, won't help you prevent spam either.

    Then there are Captchas and their bazillion varieties. I recommend against them because they're a pain to decipher for people and won't prevent spam either. Reduce some, yes. Hinder, no.

    So, no matter what you do, nothing will be the perfect solution.

    In the end, the best solution - to me - seems to be the one that is most user-friendly. So, either a direct email link or a contact form. That's more work for you but much kinder on us, the users of your site.
    Maleika E. A. | Rockatee | Twitter | Dribbble



  3. #3
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,875
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The only way to hide an email address is to use a contact form so that the email address can be added after the form is submitted. At least then the spammer can't capture the email address and when you start getting too much spam you change the weay the form works.

    With an email address in HTML no matter how you try to hide it the spammers will eventually get it and once they have got it then the address will receive spam forever no matter what you do.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  4. #4
    SitePoint Wizard Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,287
    Mentioned
    51 Post(s)
    Tagged
    2 Thread(s)
    I like to use decimal character entities representing each letter. Like all the other options, you'll still get spam, but a lot of the simple bots can't convert the characters, while the browsers can and all your human visitors will see normal text. I do this for the href's url and the text inside the tag.

    I first saw it on Anne van Kesteren's Limpid contact page and thought it just looked cool and geeky : )

  5. #5
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,338
    Mentioned
    465 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by kohoutek View Post
    Another thing you could use is Hivelogic's Javascript encryption tool.

    That, however, won't help you prevent spam either.
    Do you think it reduces spam, though? I've been wondering how effective solutions like this are. Do some bots just figure the email address out anyhow, or does a spammer have to cut and paste the email address manually?

    I use a contact form whenever allowed to, but lately I've had people insisting on an email address, and for want of something better, I've been using either the Hivelogic method and Stomme poes' entity reference method, depending on the weather. The latter has the advantage of not depending on JavaScript.

  6. #6
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    calif
    Posts
    743
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for all of your replies.

    Doesn't a contact form also need a destination that can been seen via View Source?

  7. #7
    SitePoint Wizard Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,287
    Mentioned
    51 Post(s)
    Tagged
    2 Thread(s)
    A contact form can have as its action a script who goes and does the emailing for you. That same script should also do a redirect for the user with Post, Redirect, Get so the Back Button still works.

    <form action="mailscript.pl" method="POST">

    Use POST not GET, and don't directly stuff your email address anywhere. That script should be sitting on the server where nobody can see where it's emailing to.

  8. #8
    SitePoint Member
    Join Date
    Nov 2009
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you will be spammed by the way using forms can help you ...........

  9. #9
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    calif
    Posts
    743
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Would using Twitter to communicate with web visitors be a good substitute for web site emailing to customers?

  10. #10
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,875
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by ChrisjChrisj View Post
    Doesn't a contact form also need a destination that can been seen via View Source?
    No it doesn't. When you use a contact form the email address can be added to the email by the server side script that processes the form content after it is submitted. That wat the email address is only in a file on the server that no visitor has access to view rather than it being in a file downloaded to the browser where it can be viewed.

    Even where you want the person filling out the form to be able to select between multiple destinations you don't have to make those selections the actual email addresses, you can use anything there and do a conversion from those values to the appropriate email addresses on the server.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  11. #11
    Mazel tov! bronze trophy kohoutek's Avatar
    Join Date
    Aug 2004
    Location
    Hamburg, Germany
    Posts
    4,248
    Mentioned
    30 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    Do you think it reduces spam, though? I've been wondering how effective solutions like this are. Do some bots just figure the email address out anyhow, or does a spammer have to cut and paste the email address manually?

    I use a contact form whenever allowed to, but lately I've had people insisting on an email address, and for want of something better, I've been using either the Hivelogic method and Stomme poes' entity reference method, depending on the weather. The latter has the advantage of not depending on JavaScript.
    Yeah, it does reduce spam, but not considerably. At least that is the experience I've made. So far, nothing has really worked too well. Captchas and their kin is a virtual suicide of a website...or homicide, depending on perspective, so these are not options for me.
    Maleika E. A. | Rockatee | Twitter | Dribbble



  12. #12
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,338
    Mentioned
    465 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by ChrisjChrisj View Post
    Would using Twitter to communicate with web visitors be a good substitute for web site emailing to customers?
    Twitter certainly can be a useful way to communicate with visitors/customers, but I wouldn't rely on it for serious communications, though. Apart from the word limit, it can be an unreliable service. And you certainly wouldn't want to send messages to customers via Twitter instead of email, as those messages can easily be missed.

    Regarding forms, the only downside I see is that people can mis-type their email address, meaning that you can't respond to their message. You can, of course, require them to type the email address twice, but that's a hassle. And a problem I've been seeing lately is that quite a few people don't actually know their email address. I had one chap who kept sending me messages with an email that contained his middle initial, when it turned out that his middle initial was not a part of his email address.

  13. #13
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,875
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by kohoutek View Post
    Yeah, it does reduce spam, but not considerably. At least that is the experience I've made. So far, nothing has really worked too well. Captchas and their kin is a virtual suicide of a website...or homicide, depending on perspective, so these are not options for me.
    The advantage that a form has over an email link is that while a form can be used to send spam you can change the form whenever you want to try to reduce the spam - if captchas stop working you try using invisible input foelds for the spam to fill out but for your real visitors to ignore or you test the time the form is displayed for between the page being requested and submitted and reject any submissions that are too fast - and when they don't work you move on to something else. No matter how much spam gets through the form the spammer still doesn't have your address and so can only spam you through the form.

    Once a spammer gets your email address from an email link on the page to send spam there is nothing you can do apart from delete the email address completely as they now have the address and nothing you can change stops them from having it.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  14. #14
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    calif
    Posts
    743
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for all of your replies. I guess we can all agree that you can only hope to reduce spam not eliminate it.

    When we talk about spammers getting the email address, are we talking about individuals? Or some type of bot?

    It seems it's a balancing act between making it convenient for the user/customer and making it inconvenient for the spammer.

    Can you provide an opinion of this?:

    A Contact Page, for example, from a ficticious website named web1.com:
    -------
    Please contact our support department by selecting the link below.

    IN BOLD:
    To help us keep spammers away,
    please type (or copy/paste):

    .web1.com

    into our email address:
    Code:
    <a href="mailto:support@">Email Address</a>
    Or simply use our Contact Form below.
    --------
    If the spammer is an individual he can spam you, but if it's some type of bot, will they get the email address in this example?

    It's convenient for the user, and you don't have to worry about the user mis-typing his email address, you're giving his a choice between inconvenient and less inconvenient. It's fast and simple to select the link which will have support@ in the TO: line, and you can always/regularly change the link to support1@ or support2@, etc.., right?

    Besides, isn't an individual spammer going to get your email address anyway if he waits for a reply from the Contact Form?

    I look forward to your opinions. Thanks

  15. #15
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,875
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    If a person can get an email address then a bot can get it. If a bot can get it then a person can too. There is no difference between them as to being able to get the address in order to send spam.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  16. #16
    SitePoint Wizard Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,287
    Mentioned
    51 Post(s)
    Tagged
    2 Thread(s)
    When we talk about spammers getting the email address, are we talking about individuals? Or some type of bot?
    Both. Individuals (and groups of individuals) run bot networks and keep databases of email addresses they believe to be valid or living.

    Also you have another issue (if you're a popular site): Mechanical Turks. I have no idea where the term comes from, but basically you get a network of people who solve captchas and other things bots have trouble with. Amazon has a Mechanical Turk service you can rent. Other times it's porn sites who ask visitors to answer some simple question to get to the porn. Since there are always people looking for porn, this way at least in the recent past was pretty effective: the people didn't know or care why they were answering silly questions, and with millions or billions of people answering them, it can match a spammer's number of active bots who are coming across the questions they can't answer.

    Other Mech Turk networks are people actually filling in answers for a wage.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •