Forum Moderators: open
My question is, does this truly restrict the spam bots? This site has many emails listed and I need to get them off of the web as they are now, we are being deluged with spam and I am thinking it is from being listed freely like this.
Please help with this, or offer other suggestions, I am all ears.
Thanks much-
Another thing to keep in mind...if you're already getting spam on the posted addresses then encoding them now will probably not do much for you in terms of the volume of spam you get. You've likely already been harvested and your addresses shared all over the place. You now need to either change the addresses or get some good filtering in place.
As for hiding techniques: As a user, I find it very annoying to have to *extract* the true email address instead of being able to click it and write the thoughts that are fresh in my mind. Decoding the address means a brain context switch. Alternatively, uou might consider something like a "spam" subdomain (i.e.: spam.mydomain.com) and more strongly filter (with SpamAssassin or similar) mail coming through that domain before redirecting it. Then, any email going on a website can use that subdomain.
JavaScript is the way to hide your address in plain sight nowadays. Although you say it may be trivial to process JavaScript, I have yet to have one harvested by a bot. Maybe it depends on the technique you use.
The safest thing to do would of course be to remove all your e-mail addresses and use a form instead. However, that's not always an option.
I wanted to mention something that I noticed when looking at Hiveware Enkoder as bill mentioned. It seems that the code that the Enkoder produces is quite large for the purpose. I am always worried about bloating my page’s code needlessly. What are the thoughts regarding this? Is there a smaller way to protect email addresses and keep code to a minimum?
As for harvesters not doing parsing JavaScript, what makes you think that? There are command line implementations of JavaScript and it would be trivial to pass a page through a program. A good harvester is virtually undistinguishable from a real client.
If I was writing a harvester, I would be looking for the ways people encode their addresses, as those addresses are *more*valuable*, since spam sent to them isn't as likely to get lost in the shuffle and since other people selling lists won't have those addresses. I'm sure anyone writing a harvester has browsed this site and seen all the reccommended ways of hiding addresses.
The ultimate solution to spam is not hiding.
I put in a program of js cloaking for email addresses on client websites almost two years ago and the spam silence is now amazing. Sure, if lots of people do this, then the harvesters will adapt to it. But so far there are such easy pickings out there, in bare nekkid html, that the harvesters haven't bothered.
Oh yes -- our clients usually offer an 800 number in plain sight and in some cases a text image of the email address as well. If you want to reach them, you definitely can.
This is war, and some of our comforts are sacrificed. I just hope all email doesn't end up compromised eventually. That's what it looks like will happen from the present vantage point, but who knows, we may yet pull a rabbit out of this black hat.
I'm not saying that hiding is the answer to spam...this is just an answer to kiwanji's original question. Birdman's suggestion to use a bot trap and .htaccess ban list would be my next step if I start getting spam on my current sites. Maybe I've just been lucky so far...
<added>Here's another: bad-bot script: follow-up? [webmasterworld.com]</added>
For people with Javascript disabled I suggest you supply a 'contact us' form. Obviously go for one that only has your email address on the server side!
The mentioned encoder script is big, so if you use it, put it in an external javascript file and call it from the HTML file.
I do not like any of the someone@domain.nospam.com.nospam methods as the link is not clickable and immediately usable without some editing.
The best method is still one based on using code fragments assembled with document.write statements (again best from an external file).
Use that, and then also have a contact form for people to email directly from the website. I find about 10% of people use the form, rather than their email program. I always wonder if that 10% would not have bothered writing at all if the form wasn't there.
However whatever method you use, you still have to do a Google search every few weeks to make sure that no-one else has published your email address in a directory entry, or press release, and so on.
Am I missing something? Could someone provide a link to a source for "effective javascripts" for the purpose of cloaking?
Thanks
In general, the method seems to work. I only rarely get spam at addresses hidden by this method, while, for addresses that for one reason or another can't be hidden, I get inundated.
I've also found that the method works for email addresses that the harvesters have already got hold of. I think a harvested list must have a limited shelf life, and so hidden addresses tend to get dropped once new list is gathered.
document.write (a+b+c+d+e+f+g)
where those letters represent fragments of code and the email address from a broken up string that started off like:
<a href="mailto:someone@somewhere title="extra information">link text</a>
and which is reassembled by the javascript VM that runs in the browser client.
So, you still need to protect the address from being spidered.
