| I know there have being a few threads on this, but none seem to be open. The various techniques I have seen include 1) Using images - Use a image file for the whole email etc file, or even just to replace the @ symbol. Disadvanatage- The visually handicapped would be left out, you could use alt text, but that means choosing a method to protect the alt text. Also visitor has to type in the text manually. 2) "Munging" - adding nospam, adding nonsense words in caps, or doing myname AT domainname DOT com (good for visually handicapped). Disadvanatage - many comment methods like adding nospam is easily handled by spambots. Too sophiscated methods might even fool the humans! 3) Using URL-encoding and/or HTML character entities. You can encode some percentage, and it can get very sophiscated. http://www.u.arizona.edu/~trw/spam/spam4.htm
http://www.metaprog.com/samples/encoder.htm It's recommended to encode even the mailto: otherwise it's easy for spambots to just just pick up whatever it's behind that. This works for most broswers, but unfortunately it seems spambots are ready beginning to attack this. 4) Basic Javascript The most common idea is to split up the email address then put them together using document.write. This is usually combined with entity encoding mostly to hide the @. Here's a sample from http://www.b-link.co.uk/stevedawson/script_hide_email_.php <SCRIPT LANGUAGE="javascript">
<!-- // Javascript Email Address Encoder
// by www.stevedawson.com var first = 'ma';
var second = 'il';
var third = 'to:';
var address = 'yeah';
var domain = 'fdfs';
var ext = 'com';
document.write('<a href="');
document.write(first+second+third);
document.write(address);
document.write('@');
document.write(domain);
document.write('.');
document.write(ext);
document.write('">');
document.write('Click Here to Email Me!</a>');
// -->
</script> Similar but alternative ideas that don't use document.write
include i)http://philringnalda.com/blog/2002/06/accessible_spamproofing.php ii)<script language="javascript">
function SendMail(Login, Server)
{
window.navigate("mailto:" + Login + "@" + Server);
}
</script>
<body>
<a href="javascript:SendMail('marcell.toth', 'nextra.hu')">Mail me</a>
</body> iii)<script language="javascript">
function SendMail(Login, Server)
{
window.navigate("mailto:" + Login + "@" + Server);
}
</script>
<body>
<a href="javascript:SendMail('marcell.toth', 'nextra.hu')">Mail me</a>
</body>
</html> Most of the examples are given as inline JS, you should probably convert them to external JS files for more protection (I like the ones where you can easily change email by just changing the external JS file). Also doing some minor changes to varible name, mix/try encoding to mess it up some more. iv)http://www.metaprog.com/samples/encoder.htm There is one common problems for the above methods. The first is what to do for users without JS. Because the above methods using a normal a href link (unlike other methods like http://www.hiveware.com/enkoder_form.php , you can't use <noscript> to hide them from non-js users. Some of the methods, e.g i), have a built in failsafe as long as you are willing to sacrifice a disposal email. The other methods don't. One method is to do <a href="javascript...."> <img src=pic.gif> </a>. That way both none-js and js using visitors both get some functionality. A visually handicapped ,none-JS using visitor is out of luck though, perhaps adding isntructions in the alt text (if you are going to add the real email - even encoded in the alt text, you might as well don't use javascript in the first place) to turn on JS, might help. 5) more complicated javascript methods http://www.hiveware.com/enkoder_form.php
http://www.jracademy.com/~jtucek/email/index.html
http://www.u.arizona.edu/~trw/spam/spam.htm
http://www.u.arizona.edu/~trw/spam/spam4.htm
http://rumkin.com/samples/mailto_encoder/ - The most customisable one out there, including some interesting ideas. The above methods use "encrpytion", with arrays and whatnot. Basically the only way a spambot is going to get thorough this is to actually go through the whole process of running the script, since there is no @ or mailto at all. Also each person's script will be different, so there is no common way to break it. Probably most secure, for JS methods? 5) Other methods include form email also other advanced techniques of trapping spambots, blocking by useragent, and CGI re-direct tricks (http://www.bestprac.org/articles/spam_bots_2.htm), that I didn't understand yet. References http://www.bestprac.org/articles/spam_bots.htm
http://www.neilgunton.com/spambot_trap/
| 
