The following message was posted by Frank_Rizzo on 6/17/02 but the message is too old to respond..
--------------------------------------------------
I was worried about spambots crawling for email addresses. I found the following which works well:
<P>hey buddy, mail
<SCRIPT>
m1 = "frank_rizzo";
m2 = "mysite";
m3 = ".com";
document.write('<a href=\"mailto:' + m1 + '@' + m2 + m3 + '\">');
document.write('frank rizzo<\/a>');
</SCRIPT>
but dont expect a reply
</P>

Because the script renders the mailto: on the fly, spambots never get to see the real email address.

This is also useful for preventing attacks from virus such as Sircam. Sircam looks at your cache files and scans the page for emails but won't find them. It they will find is mailto:' + m1 etc.
----------------------------------------------------

Here's my question: how do spambots get the raw ASP or PHP code instead of the HTML that is generated by the code. In otherwords, the page that is rendered by the code above (HTML) will still show the intact email address. So do spambots read the rendered HTML or the raw code (ASP, PHP) behind the page?

If it's the raw code, how do they do that?
And if they do get the raw code, can't they also be programmed to harvest the rendered HTML and still get the "assembled" email address if this method is employed?

Tim