I use an image to display the address and javascript (slightly obfuscated) to set the target of the link. I set the target statically (in the html) to just "mailto:".

In this way spambots are defeated, and links continue to work. If javascript is turned off, the user has to enter the to: address manually.

Kaled.

How do you use an image to send E-mail through a form?! I'm guessing the server can't read images.

why not use something other than formmail? Plenty of free php and other alternatives that will not show this info. I have heard some of the smarter email harvesters can parse the javascript and have even broken the coding behind those encrypted links.

Short story:

Look in your form processing script: it should have a line similar to

$from-email=$data{'from-email'};

Change it to

$from-email= 'your@email_address.com';

Then remove the hidden field from the form.

Longer story:

Any email form that has the email address in a hidden field can be read by the spiders, but additionally poses security risks as well. If the script doesn't have appropriate security measures, someone can query your script directly via command-line and send as many emails as they want, bypassing the form.

The way to do what you're asking is whatever server-side processor you have should contain the email address in a hard-coded variable or some other means of preventing abuse. The same consideration should be given to any email fields the visitor enters into the form, as the from-field can be abused in the same way.

Example: If I can figure out what your mailer is doing, I can query it from the command line by requesting

mailer.cgi?from-email=address1@here.com,address2@here.com&Comments=test

In an automated process this could be a comma-separated list of several hundred emails. The really bad part about this is YOU get contacted for spamming.

A common misconception is that you can limit the input to the requesting server by only accepting queries from the HTTP_REFERRER that matches your server. These can be faked. :D

As rocknbil explained all you need to do is to hardcode your email address in the email processing php script.

And, if you really hate spambots, you can return them against themselves by giving them what they are searching for : email addresses.

Created a bit of PHP that will look up the domain of the spambot. Publish an email address for their abuse administrator, such as abuse@foobar.net. Here is how I do it :

function SpambotBait() {
 global $SpammerAddress, $REMOTE_ADDR;
 if($SpammerAddress) return $SpammerAddress;
 $loopback = gethostbyaddr($REMOTE_ADDR);
 if($loopback && $loopback!= $REMOTE_ADDR) {
 $levels = explode(".", $loopback);
 $ubound = count($levels);
 if($ubound - 2) $loopback = $levels[$ubound-2].'.'.$levels[$ubound-1];
 } else {
 $loopback = "[$loopback]";
 }
 
 $SpammerAddress = 'abuse@'.$loopback;
 return $SpammerAddress;
}

Use the following as a bait :

<meta name="email bait" content="mailto:<?=SpambotBait();?>" >

You can also monitor Spambot activity by creating email addresses just for them

The following is a trap for spammers. Please ignore :<a href="mailto:takethat2 at foobar dot com">takethat@foobar.com</a>