Forum Moderators: mack

Message Too Old, No Replies

Hide email address from spammers

How to do this in form with method=post

         

albroun

11:55 am on Feb 20, 2004 (gmt 0)

10+ Year Member



Hi

I am trying to hide my email address from spammers.
The code is basically as follows:

<form name="feedback" method="post" action="http://www.whatever.com/cgi-bin/userform.cgi">
<input type=hidden name="SendMailTo" value="whoever@whatever.com">

I tried using hex values for my email address instead of text but this did not work.

I am using another method for my main pages, which is as follows. It splits up the email address using Javascript and uses an image to display the address. I am wondering whether I can adapt the javascript method to the form above. I gather that PHP can be used for this sort of thing but I dont know any PHP at all and not even sure if my web host recognises it. Below is what I currently use (I hope it is of some use to anyone who reads this post):

<script language="JavaScript">
userpart1 = "who";
userpart2 = "ever";
sitepart1 = "what";
sitepart2 = "ever.com";
document.write('<a h' + 'ref="m' + 'ailt' + 'o:' + userpart1 + userpart2 + '@' + sitepart1 + sitepart2 + '\">');
document.write('<img src="email-image.jpg" border="0" height="35" width="115" alt="email address as image">' + '</a>');
</script>

Thanks

Alasdair

tombola

1:07 pm on Feb 20, 2004 (gmt 0)

10+ Year Member



If it's only your email address that you want to hide, you don't need to send your email address to userform.cgi. You can set your email address in the program itself.

$SendMailTo = "whoever\@whatever.com";

albroun

2:00 pm on Feb 20, 2004 (gmt 0)

10+ Year Member



thanks

sorry cannot quite follow.

I wish to have an enquiry form as well as an email address on my site.

I cannot access the cgi code - my web host doesnt allow me to get in there and tamper with it, nor could I anyway as I dont know any perl.

The line of code you suggest - where do I place it?

Thanks

tombola

5:00 pm on Feb 20, 2004 (gmt 0)

10+ Year Member



So your hosting company has installed some scripts and you may not install/run your own scripts?
If that is the case, I cannot help you, I'm afraid.

albroun

10:57 am on Feb 21, 2004 (gmt 0)

10+ Year Member



Actually your suggetion made me realise that I can change the SendMailTo value to whichever email address I want! Thus I have used another email address for receiving web enquiries, rather than my main one. If the other email address gets spammed then I will simply direct the mail to a different one and so on. Users wont notice anything because they do not see the email address to which the enquiry form is directing them!

grahamstewart

1:17 pm on Feb 21, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



You could create your form by using an external javascript that writes out the html with multiple document.write() calls. I don't know of any bots (spambots or search bots) that can execute javascript so they will not see it at all.

The disadvantage is that people who surf with Javascript turned off will not see the form either. So its possibly not ideal.

Placer14

2:02 pm on Feb 21, 2004 (gmt 0)

10+ Year Member



There is a small little utility that I use that can change strings into hex/ascii code and it works quite nicely.

Such as: <a href="mailto:&#115;&#117;&#112;">&#115;&#117;&#112;</a>

I removed the bulk of my email address just for example's sake. The utility is called Mailto Encryptor and is only like 10kb. Maybe this is what you're looking for?

grahamstewart

2:29 pm on Feb 21, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Good suggestion but I think he tried that already "I tried using hex values for my email address instead of text but this did not work."

Placer14

4:50 pm on Feb 21, 2004 (gmt 0)

10+ Year Member



I took "it did not work" to mean the browser didn't render the hex code properly. Not as in, spammers still got my address.

Eitehr way, I don't have nearly the spam problem that I would normally have if I don't use this utility. ;)

Conard

5:08 pm on Feb 21, 2004 (gmt 0)

10+ Year Member



The spammers have had the hex/ascii code trick figured out for a while now.
We had to switch to another method last year.
Java script and a no script tag for the non java surfers.

g1smd

7:08 pm on Feb 22, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



You are always better off putting the email address in the server side code, rather than in any place that the client can see it.

Hex values and URL encoding are already being decoded by spammers.

The javascript document.write stuff is still good (however I would use an external file for the code), but don't forget to escape the closing </a> tag by using <\/a> if you want valid HTML code.

albroun

11:23 am on Feb 25, 2004 (gmt 0)

10+ Year Member



Hi

Interesting to read that the hex/ascii method has been found out.

The reason why it did not work for me is that I use an HTML hand-coding tool, rather than plain old notepad for my page creation, and it automatically converts asci code into ascii text! I have noticed that wysiwyg web page editors do so as well.

All very well if you never use anything other than notepad, but inconvenient otherwise.

I wonder how long it will take before the spam spiders can read javascript?

g1smd

8:24 pm on Feb 26, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



There is so much javascript out there that does not include email address-writing-code, that it would be very unproductive for spammers to parse and run all of the javascript out there looking for code which renders email addresses; especially when there are such rich pickings from just looking for mailto: and someone@somewhere strings.

bill

2:35 am on Feb 27, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I can confirm that the hex/ASCII method is ancient history. I put one address encoded that way on one of my Chinese sites and within two weeks the spam floodgates opened. I switched to an address encoded with the Hiveware Enkoder method and have had zero problems for the last 6 months or so.

BjarneDM

9:23 pm on Feb 27, 2004 (gmt 0)

10+ Year Member



you can do an onsubmit in the <form> tag and insert the correct email at that point. The modified code will look something like this:

<form id="feedback" onsubmit="InsertEmail();return true" method="post" action="http://www.whatever.com/cgi-bin/userform.cgi">
<input type="hidden" id="SendMailTo" value="later">

and in the <head> section you have defined your script:

<script type="text/javascript">
function InsertEmail() {
document.getElementById("SendMailTo").value = <what-ever-email>;
}
</script>

If you need to use more than one email-address on the same page you can pass a parameter in the call to InsertEmail and use a case structure to select the right one.

patricks

7:19 am on Mar 6, 2004 (gmt 0)

10+ Year Member



You can try converting your email address to Unicode characters. Most email harvesting programs don't recognize them, but your browser will.

bill

11:44 am on Mar 6, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Welcome to WebmasterWorld patricks

Unfortunately the Unicode trick doesn't work anymore.