homepage Welcome to WebmasterWorld Guest from 54.227.56.174
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

    
Having a form on a page instead of an email address stop harvesters?
geoffhodbod




msg:663082
 6:20 pm on Jun 8, 2003 (gmt 0)

Hi,

Does having a cgi form to let people email you on a site protect you against email harvesters taking you email address as opposed to just having an underlined email address that users can click on to launch a new message creation window from their email client or is there no advantage in a form?

 

Birdman




msg:663083
 6:41 pm on Jun 8, 2003 (gmt 0)

Yes, it will stop it, as long as the email address is not in the form as a hidden input element. Keep your email address hard-coded in your mail script.

There are other ways to encode your email address to prevent harvesters from getting it.

PHP Bag-O-Tricks II: Encoding email addresses [webmasterworld.com]

g1smd




msg:663084
 7:37 pm on Jun 8, 2003 (gmt 0)

An email form keeps bots and screen scrapers away. Good idea.

You can also use other tricks to have a non-scrapable email link on your pages. Some people encode parts of the email address, using entities like < and so on. This isn't foolproof, so should be combined with writing the link using javascript document.write statements, as well as cutting the link up and using more than one javascript command to write it.

jimbeetle




msg:663085
 7:59 pm on Jun 8, 2003 (gmt 0)

Formmail forms can also present some security risks. This e-mail form security thread [webmasterworld.com] has some good info and a couple of links to previous threads.

While we're on this, seems to me that using a call to an external js file would mask an e-mail address from bots and cut down on the hundreds of 404s my sites get from mail bots trying to follow encrypted addys. Make any sense?

g1smd




msg:663086
 8:37 pm on Jun 8, 2003 (gmt 0)

The formmail script can be exploited by spammers to email miillions of messages through your domain, with spoofed headers, if you aren't careful. There do exist some modified versions where the target address is hard coded into the script which then cuts this abuse out. You should also rename the script, and the script directory, and ban robots from it. This makes it a lot more safe.

External javascript is great. It cuts out most of the screen scrapers. The email address link should be written out as several separate pieces though, just in case a simple robot parses all text looking for anything that matches "xxxxx@xxxxxx" in any part of any file. Add some entity encoding to it and you are several steps ahead of the spammers.

waldemar




msg:663087
 8:55 pm on Jun 8, 2003 (gmt 0)

The formmail script can be exploited by spammers to email miillions of messages through your domain, with spoofed headers, if you aren't careful.

Happened to me about three months ago on a regular webmaster@-account. Not funny, to receive about 500.000 "Returned mail: User unknown" mails.

g1smd




msg:663088
 1:06 am on Jun 10, 2003 (gmt 0)

See also: [webmasterworld.com...]

John_Caius




msg:663089
 3:55 pm on Jun 25, 2003 (gmt 0)

See also: [webmasterworld.com...]

:)

Lorel




msg:663090
 2:24 am on Jul 3, 2003 (gmt 0)

I'm using a method I haven't heard anyone mention. I can't remember if I thought this up myself or read about it somewhere. I write out the email address as if I was spelling each word and symbol out and giving instructions to turn all capitalized words into appropriate symbols and remove spaces:

myusername AT mydomain DOT com

This means surfers will have to write in the email but it has cut my spam down considerably.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved