Scramble your email (on websites) for spammers

[Mrious_be]

Hi people

I downloaded this litte piece of freeware but haven't tested it yet.
Still, since it's free i just wanted to tell everybody about it.
It seems capable of adding an (your?) email address on a website, but somehow securing it from "sniffers" out there.

It's called Enkoder and to me, it looks great.
Looks like an upgrade btw, so some of you might already know/use it (any comments?).

[Spartacus]

Or use this code:

CODE

<script language="Javascript1.1" type="text/javascript">
    var name = 'name';
    var domain = 'domain.com';
    var protocol = 'mailto:';
    document.write('<a href="' + protocol + name + '@' + domain + '" class=text>link</a>');
</script>

I am using it on all of my websites.
Unfortunately, my eMail accounts are already "infested" by spam (and changing them is not an option).

[tacit]

There are two problems with using JavaScript to encode an email address:

1. Non-JavaScript-enabled browsers can't see or use the link; and

2. Some email spambot software can still locate the email address anyway.

So, in short, it does not stop all spambots from collecting your email address, and it does stop some legitimate users from seeing your email address.

Unfortunately, it's  not a perfect solution. Other tricks exist to do the same thing (for example, you can write your email address just as "someone%40somedomain.com" rather than "someone@somedomain.com"; the "%40" is the ASCII code for "@").

[Mrious_be]

QUOTE(Spartacus @ May 12 2003, 9:18 PM)

I am using it on all of my websites.
Unfortunately, my eMail accounts are already "infested" by spam (and changing them is not an option).

Yeah, same problem here
I do have the opportunity to alter my email account and i'm thinking i will do so in the future somewhere.
Thx for the code, but where exactly do i need to paste that in the html page?

QUOTE(Tacit)

Unfortunately, it's  not a perfect solution. Other tricks exist to do the same thing (for example, you can write your email address just as "someone%40somedomain.com" rather than "someone@somedomain.com"; the "%40" is the ASCII code for "@").

The ASCII code looks simple yes, but don't you think those "sniffers" just recognise them?
I guess, there will always be software to go around every trick they think of, but if we are ellimination like 80% of the bots, than i'm a happy man

Thx guys

[tacit]

Eliminating 80% of the Spambots won't eliminate 80% of the spam, because spammers trade addresses. Really, all it takes is just one bot snagging your email address to get you flooded with spam.

I personally don't bother with any of the spam-concealing Web tricks, because I don't believe they'll stop spammers from getting my email, and I do think that some of them will stop people who SHOULD have my email from getting it.

[Paddy]

I respectfully disagree with tacit - I use the following ASCII code - &-#-64-; (remove the dashes!) on my web sites in place of the ampersand and so far (over a year now) have seen hardly any spam. One of my websites typically gets about 100 unique visitors each weekday, another one has had almost 4000 unique visitors in the past year, so while they aren't exactly Amazon.com, they do receive traffic, and show up quite near the top in fairly general Google searches. So far, so good - I keep waiting for trouble, but so far I've been lucky.  

My own theory is that the spambots are able to collect quite enough email addresses by just looking for the ampersands - they don't need to go looking for the various ASCII variations!

[Mrious_be]

Thanks for all info guys
I'm gonna see if i can create an new email box on my account first, than i'm going to try the ASCII variation.
I might be coming on this topic back in a week or two.

Thx for opinions

[Gary S]

How do these "spambots" exactly work?

[Paddy]

Gary, "exactly", I couldn't tell you - I'm not a programmer - but from what I've read, they troll web sites looking for emails.

There are things you can add to your code to prevent bots/spiders from collecting emails from your site, by not allowing them access to the page in the first place. Just found an incredible forum for webmasters - http://www.webmasterworld.com, with a 17 page thread spanning over 18 months on the subject. A lot of it is over my head...

http://www.webmasterworld.com/forum13/687.htm

And more: http://www.webmasterworld.com/forum11/1608.htm

And finally - read Dreamquick's post on:

http://www.webmasterworld.com/forum11/1668.htm

It explains why the encoding, for the most part, works (for now!).

Other methods:

http://www.webmasterworld.com/forum23/3.htm

And if you do a search on webmasterworld.com you will come up with TONS of information, opinions etc. The links I've posted are from a quick search and picking out what looked like the most relevant/understandable posts from over 250 threads with discussions on email spiders/bots.  Looks like a very interesting forum to poke around in... if you're a webmaster!

[Gary S]

Thanks Paddy.

After reading some of that stuff over there it appears my spam problem is small but I still don't like them.

[Diana]

I know I've posted some about this before, but I also have a javascript e-mail encryptor that works really well.

I got it from this site:
Tim's site

I took his script and changed the wording that is given for those browsers that aren't javascript aware and placed it Here

Actually, I saved that page to my hard drive and bookmarked it on my own hard drive so that I can access it easily while working on web sites. Feel free to do that if you wish. Just remember it's Tim's, not mine..

Tacit is correct about some browsers not being able to handle javascript...but those are getting fewer and fewer. The script above will write a special line letting people using those browsers know that they're missing something. I  dislike "browser arrogance"..that which thinks it's important to be "optimized" for a specific browser, but in this case, I prefer the protection my e-mail address is given by these techniques. *wink..I also put my phone number or mailing address in a conspicuous place for people with challenges.

[Xairbusdriver]

Whether 'bots' are smart enough yet to read ASCII or javascript yet has not been proven. Until it is, I feel I have a responsibility to prevent their access to addresses on a public site as best I can. That's why I use ASCII coding. While javascript capable browsers may be dominant, most can turn off its use, I'm just too lazy to 'sniff' for that, I just use what I know will work, even in a text-only browser.

I use SPAMstopperin OS 9. I don't see it in the authors site right now, but I'll bet he can provide it. He does have a version for X, however. I'm sure there are other programs similar to this one. I like it because it has many options to 'encode' exactly what you want. The easiest would be to just encode the word 'mailto:' which seems to be the most common search word for bots. I use the 'Full Paranoid' choice, leaving nothing but ASCII for everything.

I recently made a page (not live yet) to allow registration for Vacation Bible School. Because of my concerns for cost (secure access costs about half as much as our yearly fees) and the vulnerablility of e-mail, I limited the form to just a phone number and a list of choices to be called for further info. I have seen other sites that ask for everybodys name (parent, child, emergency contact), phone numbers, addresses, age, and even special health problems of the child!  I find that absurdly compromising of peoples information and possibly legally dangerous! Perhaps I'm just paranoid! I just don't see why we should make all this info so easily available to anyone, even if some of it is 'public' knowledge.

I had concerns that the CGI that handles the e-mailing of the form did not allow the 'hiding' of the e-mail addresses in the HTML. My only 'safety' is the hope that the bots don't look for the "@" character too much and that they probably won't recognize "hidMAIL_TO" as the same as "mailto".

Jim C.