SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    SitePoint Guru
    Join Date
    Jun 2009
    Posts
    813
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    using JavaScript to hide mailto links from spammers

    hi,

    I'm working on a site for a client, basically am recoding entire site in plain HTML b/c they don't want to go thru a CMS anymore... (plus the CMS was generating atrocious markup...)

    one thing they have on the site is they use JavaScript to hide email addresses from spammers (I guess this was a CMS option/feature..) I had never seen this done before, and in principle it seems like an ingenious approach, except for the obvious issues (can't see address if JS is disabled, and the accessibility issues...)

    so how could I go about this? can't do with forms, there a many different addresses on the site (lists of names with email addresses next to them..)

    now I found this thread:
    http://www.sitepoint.com/forums/show...ghlight=mailto

    response #2 offers a back-end solution.. does this solution seem plausible?

    how exactly would it work? if we just print address for duration of the session, would spam-bots still find it?

    what other solution is there here? (maybe do one form for all addresses, passing the address in a query string when you link to the form? would that expose the address to spam-bots?)

    thank you..

  2. #2
    SitePoint Guru
    Join Date
    Jun 2009
    Posts
    813
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    oh brother, that last one was a stupid suggestion.. since email address would be in markup..

    maybe link could be generated from back-end with address somehow obfuscated and then parsing when reach the form? or something like that??)

    thank you...

  3. #3
    Robert Wellock silver trophybronze trophy xhtmlcoder's Avatar
    Join Date
    Apr 2002
    Location
    A Maze of Twisty Little Passages
    Posts
    6,316
    Mentioned
    60 Post(s)
    Tagged
    0 Thread(s)
    That wasn't the best thread to study regarding the issue of JavaScript obscuring of e-mails... I was answering a weird AAA question regarding; NOT supplying an alternative to a JavaScript written e-mail address via NOSCRIPT when the "only e-mail link option" provided was via JavaScript.

    Yes, of course it could work to a degree creating a server-side button to click before it actually revealed the e-mail link. Just like logging to this site needs you to click a button first before you can see additional content but I meant click a button and then it [server-side] will insert your mailto link into a paragraph, etc.

    Also Using a mixture of Hexadecimal entity references (i.e., substituting random characters/letters) in a direct mailto does tend to work to some extent. Since if the spam-robot just scrapes a text string; the spam-bot will end-up trying to email things like the & ampersand character within an e-mail address - instead of a normal letter, that can be viewed by a human and browser, etc.

  4. #4
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,785
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The spammers will have JavaScript turned off so that the code to hide what they are looking for so that they can't see it will not be run.

    The only way to stop spammers seeing mailto: links is to not use them. They are not very user friendly in any case since not everyone has an email program available for it to link to (eg. your local library or internet cafe).
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  5. #5
    SitePoint Member
    Join Date
    Jun 2010
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try MobileFish.com they offer a script generator to hide email addresses.

    http://www.mobilefish.com/services/h.../hideemail.php

  6. #6
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,785
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by Tumikia View Post
    Try MobileFish.com they offer a script generator to hide email addresses.
    That will hide the email address from the 10% of your visitors who don't have JavaScript making it impossible for them to contact you.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  7. #7
    Mouse catcher silver trophy Stevie D's Avatar
    Join Date
    Mar 2006
    Location
    Yorkshire, UK
    Posts
    5,881
    Mentioned
    122 Post(s)
    Tagged
    1 Thread(s)
    I've found that replacing the @ with & #064; (without the space, obviously) in both the href and the link text is quite successful at keeping the volume of spam low - it isn't foolproof, but it is effective.

    You can use Javascript to create email addresses by concatenating parameters, but it is not advisable. It makes them outright inaccessible to anyone without Javascript, and potentially makes them harder to use (eg you can't just right click and copy link address if you want to do anything other than create an email in your browser's default application) for everyone else.

  8. #8
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,785
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The disadvantage of any method of trying to hide the email address in links is that once spammers figure it out there is nothing you can do to get that address back.

    The way to protect email addresses from spammers is to use a form and add the email address after it is submitted. That way if you start getting spam you change the server side form validation to filter it out and they still don't have the address.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  9. #9
    Mouse catcher silver trophy Stevie D's Avatar
    Join Date
    Mar 2006
    Location
    Yorkshire, UK
    Posts
    5,881
    Mentioned
    122 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by felgall View Post
    The disadvantage of any method of trying to hide the email address in links is that once spammers figure it out there is nothing you can do to get that address back.

    The way to protect email addresses from spammers is to use a form and add the email address after it is submitted. That way if you start getting spam you change the server side form validation to filter it out and they still don't have the address.
    That's true. Although if that happens, you can always set up a new address and give a bounce message on the old one instructing people to use the new one instead.

    There are pros and cons of both mailto links and contact forms. The disadvantage of forms is that some people don't like them - they like using their preferred email client, which has spell-check, maybe formatting, plenty of space to write in rather than the postage-stamp-sized textbox that too many forms have, the option to save drafts and keep a copy of sent messages, no need to type your email address in with the concomitant risk of getting it wrong (which people do a lot). Ideally, you'd give people the option of which method they want to use.

  10. #10
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,785
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by Stevie D View Post
    The disadvantage of forms is that some people don't like them - they like using their preferred email client, which has spell-check, maybe formatting, plenty of space to write in rather than the postage-stamp-sized textbox that too many forms have, the option to save drafts and keep a copy of sent messages, no need to type your email address in with the concomitant risk of getting it wrong (which people do a lot). Ideally, you'd give people the option of which method they want to use.
    The disadvantage of email links is that there are lots of computers where they will not work at all such as schools, libraries, internet cafes etc. The only people guaranteed to be able to use email links are spammers since anything you do to try to block spammers from using an email link will also block at least 10% of your legitimate visitors who could have used the email link if you weren't trying to block the spammers. So if you do provide an email link then providing an email form is just about mandatory as otherwise you'd be blocking at least 15% of legitimate visitors from being able to email you and possibly a lot more.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  11. #11
    Mouse catcher silver trophy Stevie D's Avatar
    Join Date
    Mar 2006
    Location
    Yorkshire, UK
    Posts
    5,881
    Mentioned
    122 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by felgall View Post
    The disadvantage of email links is that there are lots of computers where they will not work at all such as schools, libraries, internet cafes etc. The only people guaranteed to be able to use email links are spammers since anything you do to try to block spammers from using an email link will also block at least 10% of your legitimate visitors who could have used the email link if you weren't trying to block the spammers. So if you do provide an email link then providing an email form is just about mandatory as otherwise you'd be blocking at least 15% of legitimate visitors from being able to email you and possibly a lot more.
    As I said in my previous post, "There are pros and cons of both mailto links and contact forms ... Ideally, you'd give people the option of which method they want to use."

  12. #12
    SitePoint Member
    Join Date
    Aug 2006
    Location
    France
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I prefer to display foms than email addresses but when a customer asks for it, I must obey.

    What I do is hide the email address into an standard URL.
    For example, if I must obtain john@mydomain.com, I put http://www.mydomain.com/john.php into the HTML. Then I have a Javascript that, if a human user action is detected (mousemove or keypress), transforms the URL into a full working email address (both in the text and the href of the <a>).
    In addition to that, I have the page "john.php" that redirects to contact.php (or any other page), where there is a contact form.

    This technique provides :
    - no email address into the page (neither HTML nor JS),
    - email links on the fly for human users,
    - a contact form to non-javascript users.

    What is not covered :
    - When the email addres is on another domain. I generally create a local alias that forwards to the real address.

  13. #13
    om nom nom nom Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,269
    Mentioned
    50 Post(s)
    Tagged
    2 Thread(s)
    I never rely on Javascript to give necessary information. Unless the point is to only let those with Javascript see that info, but most of the time this isn't what people really intend.

  14. #14
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,785
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by Stevie D View Post
    As I said in my previous post, "There are pros and cons of both mailto links and contact forms ... Ideally, you'd give people the option of which method they want to use."
    Spammers definitely consider having the email address display in the web page to be a big pro for them regardless of how it is encrypted within the page. They can always employ a few thousand people from some country where a few cents an hour is a good wage to manually view web pages and record email addresses if they can't find any other way to get those email addresses.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •