What are some ways to protect emails on websites from spambots? [closed]

Asked 21/11, 2008 at 13:36 Answered 8/4, 2022 at 9:35

I'm creating a public internet facing website which contains the email address of their salespeople.

What kind of programming options do I have to generate the "mailto" and display the email from that address but limit the spambots from picking up the address?

Photoperiod answered 21/11, 2008 at 13:36 Comment(0)

Recaptcha has an excellent capture based email protection. You can see it implemented at the bottom of any page in my website using the Site Feedback link.

Spermogonium answered 10/1, 2009 at 5:48 Comment(5)

Unfortunately, with the ne version of reCAPTCHA this feature does not exist anymore. – Arbitral 7/8, 2015 at 5:59

@lorenzli: Yes it does, I just changed my site email a couple of weeks ago using it. Now at tech.dolhub.com. – Spermogonium 8/8, 2015 at 17:55

@LawrenceDol google.com/recaptcha/mailhide gives a 404 error, subdirectories such as /admin/ are redirected to the new site without the mailhide feature. – Arbitral 10/8, 2015 at 23:10

@Lorenzli I found the mailhide page with a simple search. Added the link to my answer. – Spermogonium 11/8, 2015 at 15:9

As of 2022 - Mailhide, the service provided by Google that relies on reCAPTCHA - no longer exists and hasn't for some time. The only Mailhide services is a third-party service, and I'm personally skeptical about since the copyright footer on their website hasn't been updated in 2018. A small thing, maybe, but if they can't get such a small thing right, I'm skeptical they can do such a complex thing as email obfuscation on the modern web. – Edwards 9/6, 2022 at 0:11

I know that Facebook does it by displaying an image instead of text. Sure, they could use OCR on the image, but why bother for just one email address?

If you really didn't want spam bots to get an email address, the best way is to never show it to anyone. Show a link to "Contact this person" which brings up a form. On the server side, send the contents of that form to the recipient, with a reply-to of the sender's email address. Include a little blurb at the bottom of their message that "if this email is spam, please 'click here' to block this user", which will then block the IP of the sender. I've used this method on a number of occasions and have never had a single complaint.

Scherzando answered 21/11, 2008 at 13:38 Comment(4)

What happens if the sender mistypes their email address? – Photoperiod 23/11, 2008 at 12:43

too bad, i guess. If your users have accounts, you could prefill the sender's name and email address. – Scherzando 23/11, 2008 at 23:45

I'm less likely to fill out a form than I'm to write an e-mail. – Reata 10/9, 2010 at 8:45

The method you mentioned in the second paragraph is great but sometimes those emails are filtered and sent to the spam folder automatically. In those cases, there is a risk that the recipient never see the message. – Sciolism 17/9, 2013 at 9:59

You can obfuscate it but IMHO whatever you do, one day spammers will get your email address. The future is in spam filters, not trying to keep email addresses secret.

Phare answered 21/11, 2008 at 13:48 Comment(1)

Yet the harder you work to obfuscate it initially, cutting out the problem at the root, the less hard you will have to work at cutting out spam for the lifetime of your website. – Edwards 28/12, 2021 at 20:6

What I have done in the past is use javascript to build the mailto: link. This is nice for the users because they can just click on the link and I don't know of any spambots that take the time to execute javascript yet.

I think I got the idea from Jakob Nielsen's useit.com website.

In the page header I have this piece of javascript:

<script name="mailto" language="JavaScript">
    //<![CDATA[

    function load()
    {
        c1 = "bcl"
        c2 = "brian"
        c3 = "lane"
        c4 = "com"
        // Fill in the addresses
        document.getElementById("contact1").innerHTML = "<a href=" + "mail" + "to:" + c1 + "@" + c2 + c3 + "." + c4 + ">" + c1 + "@" + c2 + c3 + "." + c4 + "</a>";
    }
    //]]>

</script>

Tell it to load it when the page loads:

<body onload="load()">

And then in the body of the page I put a link to a spamtrap:

<span id="contact1"><a href="mailto:[email protected]">[email protected]</a></span>

Criminology answered 21/11, 2008 at 16:1 Comment(4)

That may work against the simple bots, but a spider that understands enough Javascript (or parses the generated source code) can easily collect the e-mail addresses. – Shult 21/11, 2008 at 17:1

for XHTML compliance so you can use < and & – Scherzando 19/12, 2008 at 11:12

Do you think this method has an effect on indexing of the website. Is it maybe important that Google should index the email address, or is that not important. – Ileana 13/12, 2011 at 15:21

@SaifBechan If you're trying to avoid spam, then you absolutely do not want Google or any other search engines indexing your email address. – Edwards 9/6, 2022 at 0:14

If this is not a static HTML page, but a ASP.NET, JSP, Coldfusion, or PHP page then you could have a drop down box with a list of all your sales people, a text box for comments, and a "Contact Us" (ie, Submit button). When the button is clicked, it will call a server-side code which creates the email and sends it to your local mail server for delivery. The outside world will never know the email address of your sales people, nor the email format (ie, [email protected]) of your company.

Bute answered 21/11, 2008 at 13:46 Comment(0)

Have a look at PrivateDaddy - I think it does exactly what you're looking for: fully automatic, unobtrusive email cloaking that even works with browsers where JavaScript support is disabled. You can get it here (free of course)

Microfiche answered 24/12, 2009 at 16:23 Comment(2)

I work on a community web site with many (10K+) email addrs in user generated content - was going to implement a server side parsing code + image generation to do the trick - ended up implementing it with Privatedaddy and left the data intact. – Monahon 12/1, 2010 at 17:12

Maybe I'm missing something, but not only does PrivateDaddy obfuscation appear to leave the text unobfuscated (which may be a benefit for some), but the example it gives does not seem to be obfuscating anything at all. I followed its advice and checked the page's source, and it showed the full email address both in mailto: and text form. – Edwards 28/12, 2021 at 20:3

I have a solution, well, more of a theory. Problem is, the bots parse the page. they can get the text. even if it's being put into the page in some sophisticated way through Javascript.

So, just you CSS3 pseudo element! it won't be a link, but your email will be visible, and will never be an actual text. something like this:

.email::after{ content:'[email protected]'; }

Again, it's a theory, I've no idea how far these evil people can go to get it, but I think this be pretty safe.

Update (JULY 19')

I now in the opinion this isn't a problem since email servers have become good at filtering spam and there's no reason to make any elaborate tricks to "protect" email text on webpages.

Cartogram answered 24/4, 2013 at 19:52 Comment(0)

You can use something like email obfuscation

Cindiecindra answered 21/11, 2008 at 13:38 Comment(1)

I can be wrong, but I believe that nowadays it is inefficient. I doubt spammer's crawlers are unable to decode entities, since the trick is well known now. – Proof 21/11, 2008 at 15:31

This is a difficult problem. If you post an e-mail such that it can be parsed by a web browser so that it's clickable, then it can be parsed by a spambot. If it's not clickable (e.g. if it's an image), it's more difficult for users. On one side is perfect, seamless experience for users and on the other side is perfect spam-blocking. A simple CSS or javascript to take in an email address as separate tokens is usually better than nothing, though.

Troublous answered 21/11, 2008 at 13:40 Comment(0)

You could only show a part of the e-mail address "[email protected]" as a link that redirects to a captcha, then display the full e-mail address like Google Groups does.

Tula answered 21/11, 2008 at 13:44 Comment(1)

That's the reCaptcha solution above. – Ani 16/12, 2015 at 17:43

We used to do classic ASP string cat for email addresses, the grand idea being that spambots read source, but don't parse server-side code. I have NO idea if that actually works.

Ibby answered 21/11, 2008 at 13:44 Comment(1)

? If you look at the source and see the plain e-mail, it won't work! – Proof 21/11, 2008 at 15:34

Would something that I wrote work for you?

http://kevin-le.appspot.com/viewSource/sourceShare/asmRevealer.js

...and you could see the demo here:

http://kevin-le.appspot.com/extra/contact

It works with mailto, so it's convenient for users, but spambots won't be able to pick up which is your requirements. It'll be obvious once you spend 1 minute looking at the demo.

Multidisciplinary answered 10/1, 2009 at 6:27 Comment(0)

I got the same problem too and i came up with a quick but effective method to help my website out.

Basically bots just read the content of the web page but in 99.999% they do not trigger events, it would require a great amount of dedication and work, things hacker don't usually do in favor of bigger numbers and quicker effects.

So i came up with this function:

function emptyMail() {
    let mail = document.querySelector('#your_mail');
    let mailValue = mail.href;

    mail.href = "";

    mail.addEventListener('mouseover', function() {
      mail.href= mailValue;
    })
}

This worked for me i hope it can help you too.

Katmandu answered 8/4, 2022 at 9:35 Comment(0)

-2

I see the mailto: protocol almost dead anyway... It is convenient, but too easy to parse and gather.

Plus it has its downsides: if you are on a Web cafe, it won't work because it will call whatever default e-mail client it has (if it has any!) and it is not set up on your account. Same if you use exclusively online e-mail managers...

A possible workaround is to decorate e-mails, relying on users to type or correct them: foo (at) example.com or [email protected] are common schemes (hoping spammers doesn't try to decipher these common schemes!), graphical e-mail addresses are another way.

Or, as pointed out, if you can, the best option is to have a contact form, with some reasonable form of protection against robots, that would be usable from everywhere. Although people might be defiant on forms asking for e-mails (for response!), so a disclaimer might be useful too... :-)

Proof answered 21/11, 2008 at 15:42 Comment(2)

If you see a mailto: link, most browsers allow you to copy the link location or the e-mail address. Some browsers may also be configured to support webmail, even if you need a plugin or extension. – Shult 21/11, 2008 at 17:5

mailto isn't dead! email is the core of internet, how could people talk to each other without it? it's so basic. you click a link, then write whatever to that person. how can it be easier? – Cartogram 24/4, 2013 at 19:48

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Update (JULY 19')

Recommended topics

Hot tags