LegalAlien - 3:58 am on Dec 22, 2005 (gmt 0)

>>> There are email harvesting robots that can read javascript. <<<

Yup! We've been down all these paths and the spam bots always found their way around our methods. Only the image option is totally effective as there's nothing there for a bot to see, but this is not very convenient for users.

We're currently using Unicode and have been pretty much spam-free for six months, even though the spam bots continue to regularly hit our site. This displays as a normal email link for users, can be read by screen readers and is compatible with all current browsers -- including those with JavaScript disabled.

If you're interested, just search for “ascii to unicode converter” on Google and select the first listing. Use this tool to convert your HREF value, including mailto: (everything inside the quotes, but leave the “quotes” in place) and replace the ASCII text in your HTML with the Unicode output. If you want your actual email address displayed as the link, do the same for the link text.

If you're using a WYSIWYG editor, you may need to do this in a text editor, as it will probably convert it back to ASCII when you save the file. FrontPage users (or CGI form users, where the recipient email is included as a hidden field) can also convert email addresses used in their forms -- again, with a text editor.

There are bound to be those that follow this post stating that this can also be harvested, but if you think about it logically, it’s a huge and very slow task to scan pages in Unicode, which is probably why malicious developers haven’t taken this approach yet. I’m not saying it’s impossible; just not very practical -- or necessary with so many easier methods.

I hope this helps ;)