Post Archive

› April 25, 2002

Protecting email addresses on websites from spam

  • Reported by francois

I've noticed how nearly everyone who leave comments protect their email address with some variant of -nospam. I've been wondering whether we should recommend it on the commenting form, and how effective this method really is. I've also been meaning to read up a bit more on how to protect mailto: links on my sites.

Anyway, on the Webdesign-L list yesterday, Steve Champeon referred to his article on the subject. Mod_rewrite, anyone?

Comments

1. April 25, 2002 09:11 AM

Quote this comment

michael Posted…

I use The Hivelogic Email Address Encoder & Javascript Wrapper. [via – scroll down for more info on spam]

2. April 25, 2002 09:12 AM

Quote this comment

michael Posted…

Ooops. I meant to say via Zeldman, but I was distracted by a co–worker and wound up posting bad code.

3. April 25, 2002 11:16 AM

Quote this comment

francois Posted…

I see kuro5hin had an article on this topic just a few days ago. Even if one doesn’t go with the article’s recommendation, it’s probably worth going through all 75 comments before saying anything further.

4. April 25, 2002 11:46 AM

Quote this comment

Dave Posted…

Please forgive me for incesantly plugging my own scripts lately, but some might find this one useful.

5. April 25, 2002 12:18 PM

Quote this comment

Scotty THe Body Posted…

The one that I downloaded from Macromedia Exchange seems to work relatively well. Of course, it’s for Dreamweaver users only, but that’s me, for the most part.

6. April 25, 2002 12:56 PM

Quote this comment

Nate Posted…

The other question is – should we even have the email address input box at all? Ideally it should be an email or url input box since it works as either or anyways. I’m guessing folks are putting in somebody@nospam.com because the email address field is required, even if it isn’t used.

7. April 25, 2002 03:11 PM

Quote this comment

evan Posted…

I have been posting on message boards and leaving my email address around on my own and others’ websites (including every post I’ve ever made on this website) for years now and I receive very very little spam (<5 per diem). I don’t think the scraping that everyone is so concerned about occurs as often as most think it does. On another, completely different note, getting a users IP address is a good idea, as is getting their email, however, neither one needs to be displayed, which would be the only way a spambot (or malicious individual) would get a chance to misuse the email address.

8. April 25, 2002 03:14 PM

Quote this comment

evan Posted…

Wow–the asterixes I added around the word “displayed” before were automagically converted to bold tags (or are those strong tags?). I don’t remember that being part of the deal, but rock on with your bad selves!

9. April 25, 2002 08:38 PM

Quote this comment

some dude just passing through Posted…

One word to thwart email harvesting- webpoison http://www.monkeys.com/wpoison/ just my 2 cents

10. January 6, 2003 03:51 AM

Quote this comment

francois Posted…

As could be expected, some spambots are already working around Hivelogic's entity encoder. This message from Matt Haughey on the Webdesign-L list: --- I've been surprised not to hear more from people that developed and use these sorts of methods, if they've been at all successful for them. Last summer I launched a new site for a friend's project and encoded all email address with entity encodings (IIRC, I used the hivelogic page to generate it for me). About a month later I started getting spam on the special account that existed on that site and nowhere else online. A couple weeks later, I even got one correctly addressed to that email address, but the message began with: "Dear &34;&234;&0342;..." So I can attest to the fact that the entity encoding method is not at all 100% foolproof and spambots exist that can scrape from them just fine. ---