In a nutshell, I provide two (actually more) kinds of contact avenues depending on which problems real people may encounter and why.

Note: The following scheme sounds more complicated than it is (& Jim Morgan would probably think it insane:)

1.) My on-site redirected-to pages provide info and show echo'd details about the visitor's Host, App, etc., and also describe which details to send to the e-mail address displayed on the page as a graphic.

2.) My 403s get the worst of the worst so they have mucho hoops --

- My standard 403 provides the same info but includes a link to an off-site page -- a bare IP I use as a catch-all for troublesome visitors redirected from active domains -- that then shows the same echo'd details.

- But rather than a graphic e-mail address, the off-site page includes a link that pops up a window with a reCAPTCHA Mailhide. [google.com...]

If I didn't have a catch-all IP, I'd use #1 for Custom 403s, too, and possibly include the Mailhide pop-up. But the graphic address is enough, really, and shows in your logs that a real browser at least hit it.

I just tell them, if they're human to reload the page, where a script redirects them to my home page by session id. Bots don't do this. Very simple :)

Many thanks for the replies.

I just planted a link to a GIF (email addy) on a page with a brief explanation. 1/2 kb for the page size.

keyplyr, what happens on subsequent visits? Do they always have to reload?

keyplyr, what happens on subsequent visits? Do they always have to reload?

If they are still coming from the same blocked IP, yes they will need to do it every time because it is by session id. Note that none of the IP ranges I block are commonly used by innocent human surfers. I just added this for that rare possibility that someone at work is surfing on their own.

Also, the humans that have installed harvesting tools do not get a second chance as long as that attribute is present in their UA string.