Welcome to WebmasterWorld Guest from 54.144.79.200

Forum Moderators: phranque

Message Too Old, No Replies

Having a form on a page instead of an email address stop harvesters?

     

geoffhodbod

6:20 pm on Jun 8, 2003 (gmt 0)

10+ Year Member



Hi,

Does having a cgi form to let people email you on a site protect you against email harvesters taking you email address as opposed to just having an underlined email address that users can click on to launch a new message creation window from their email client or is there no advantage in a form?

Birdman

6:41 pm on Jun 8, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yes, it will stop it, as long as the email address is not in the form as a hidden input element. Keep your email address hard-coded in your mail script.

There are other ways to encode your email address to prevent harvesters from getting it.

PHP Bag-O-Tricks II: Encoding email addresses [webmasterworld.com]

g1smd

7:37 pm on Jun 8, 2003 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



An email form keeps bots and screen scrapers away. Good idea.

You can also use other tricks to have a non-scrapable email link on your pages. Some people encode parts of the email address, using entities like < and so on. This isn't foolproof, so should be combined with writing the link using javascript document.write statements, as well as cutting the link up and using more than one javascript command to write it.

jimbeetle

7:59 pm on Jun 8, 2003 (gmt 0)

WebmasterWorld Senior Member jimbeetle is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Formmail forms can also present some security risks. This e-mail form security thread [webmasterworld.com] has some good info and a couple of links to previous threads.

While we're on this, seems to me that using a call to an external js file would mask an e-mail address from bots and cut down on the hundreds of 404s my sites get from mail bots trying to follow encrypted addys. Make any sense?

g1smd

8:37 pm on Jun 8, 2003 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



The formmail script can be exploited by spammers to email miillions of messages through your domain, with spoofed headers, if you aren't careful. There do exist some modified versions where the target address is hard coded into the script which then cuts this abuse out. You should also rename the script, and the script directory, and ban robots from it. This makes it a lot more safe.

External javascript is great. It cuts out most of the screen scrapers. The email address link should be written out as several separate pieces though, just in case a simple robot parses all text looking for anything that matches "xxxxx@xxxxxx" in any part of any file. Add some entity encoding to it and you are several steps ahead of the spammers.

waldemar

8:55 pm on Jun 8, 2003 (gmt 0)

10+ Year Member



The formmail script can be exploited by spammers to email miillions of messages through your domain, with spoofed headers, if you aren't careful.

Happened to me about three months ago on a regular webmaster@-account. Not funny, to receive about 500.000 "Returned mail: User unknown" mails.

g1smd

1:06 am on Jun 10, 2003 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



See also: [webmasterworld.com...]

John_Caius

3:55 pm on Jun 25, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



See also: [webmasterworld.com...]

:)

Lorel

2:24 am on Jul 3, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I'm using a method I haven't heard anyone mention. I can't remember if I thought this up myself or read about it somewhere. I write out the email address as if I was spelling each word and symbol out and giving instructions to turn all capitalized words into appropriate symbols and remove spaces:

myusername AT mydomain DOT com

This means surfers will have to write in the email but it has cut my spam down considerably.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month