Hi,
i have some email addresses in a web site of a client.
Can you tell me what are the best ways to somehow hide the email addresses
from the SpamBots.
Can you give the a list of:
1. What To Do
2. What Not To Do
Thanks,
MiguelHere is one option
http://www.safeemail.org/
though I believe as spambots get smarter, they'll eventually catch on.
You could also look at javascript email cloakers, there are many out =
there.
Also you could always just use an image to display your email, but I'd =
follow this articles advice.
http://www.15seconds.com/issue/040202.htm
"Miguel Dias Moura" <web001@.27NOSPAMlamps.com> wrote in message =
news:%23JRngyGWEHA.4032@.TK2MSFTNGP11.phx.gbl...
> Hi,
>=20
> i have some email addresses in a web site of a client.
> Can you tell me what are the best ways to somehow hide the email =
addresses
> from the SpamBots.
>=20
> Can you give the a list of:
> 1. What To Do
> 2. What Not To Do
>=20
> Thanks,
> Miguel
>=20
>
Using ISO-8859-1 encoding as the safemail.org sites generates is a
sham. The site should be taken down as it is probably a phishing hole
used to collect legitimate addresses from those who don't know
any better.
How do I know this? I've developed encoding schemes myself (years ago)
using Cold Fusion and ASP. I discovered that none of the browsers
I tested with can parse the mailto: protocol handler if it was encoded.
Thus, even scripts used by amateurs can find the mailto: and grab
any characters that follow and simply decode them. Its a piece of cake.
Using JavaScript to build the address dynamically is also a sham that to
my surprise is still being touted by developers that are supposed to know
better. Let me make it clear:
TEXT EMBEDDED IN THE BODY OF A WEB PAGE IS INSECURE
The JavaScript method is easily foiled by anybody that has 'screen scraping'
and 'regular expressions' scripts. Cheap Linux hack box harvesting farms
can be built from old machines for what? Under $100 a box if that?
At the moment, the only way to display an e-mail address in a web page
'securely' is to use an imaging methodology that requires a human operator
to read something and/or interact with a form.
Still, that is not really 'secure' but is 'presumed' to be an effective defe
nse
as actually harvesting the address would require a human operator to see
and manually record the addresses one at a time. So, this method is
only as secure as the hassle factor allows.
<%= Clinton Gallagher
A/E/C Consulting, Web Design, e-Commerce Software Development
Wauwatosa, Milwaukee County, Wisconsin USA
NET csgallagher@. REMOVETHISTEXT metromilwaukee.com
URL http://www.metromilwaukee.com/clintongallagher/
"Raterus" <raterus@.spam.org> wrote in message
news:uzlf08GWEHA.2844@.TK2MSFTNGP12.phx.gbl...
Here is one option
http://www.safeemail.org/
though I believe as spambots get smarter, they'll eventually catch on.
You could also look at javascript email cloakers, there are many out there.
Also you could always just use an image to display your email, but I'd follo
w
this articles advice.
http://www.15seconds.com/issue/040202.htm
"Miguel Dias Moura" <web001@.27NOSPAMlamps.com> wrote in message
news:%23JRngyGWEHA.4032@.TK2MSFTNGP11.phx.gbl...
> Hi,
> i have some email addresses in a web site of a client.
> Can you tell me what are the best ways to somehow hide the email addresses
> from the SpamBots.
> Can you give the a list of:
> 1. What To Do
> 2. What Not To Do
> Thanks,
> Miguel
>
the easiest, and the way i prefer since my site is so small... is to just
make a form to send an email to selected person. the real email address
doesnt get sent to the browser but contained on the server.
simplest solution IMHO...
"clintonG" < csgallagher@.REMOVETHISTEXT@.metromilwauke
e.com> wrote in message
news:OHB5vqIWEHA.2544@.TK2MSFTNGP10.phx.gbl...
> Using ISO-8859-1 encoding as the safemail.org sites generates is a
> sham. The site should be taken down as it is probably a phishing hole
> used to collect legitimate addresses from those who don't know
> any better.
> How do I know this? I've developed encoding schemes myself (years ago)
> using Cold Fusion and ASP. I discovered that none of the browsers
> I tested with can parse the mailto: protocol handler if it was encoded.
> Thus, even scripts used by amateurs can find the mailto: and grab
> any characters that follow and simply decode them. Its a piece of cake.
> Using JavaScript to build the address dynamically is also a sham that to
> my surprise is still being touted by developers that are supposed to know
> better. Let me make it clear:
> TEXT EMBEDDED IN THE BODY OF A WEB PAGE IS INSECURE
> The JavaScript method is easily foiled by anybody that has 'screen
scraping'
> and 'regular expressions' scripts. Cheap Linux hack box harvesting farms
> can be built from old machines for what? Under $100 a box if that?
> At the moment, the only way to display an e-mail address in a web page
> 'securely' is to use an imaging methodology that requires a human operator
> to read something and/or interact with a form.
> Still, that is not really 'secure' but is 'presumed' to be an effective
defense
> as actually harvesting the address would require a human operator to see
> and manually record the addresses one at a time. So, this method is
> only as secure as the hassle factor allows.
> --
> <%= Clinton Gallagher
> A/E/C Consulting, Web Design, e-Commerce Software Development
> Wauwatosa, Milwaukee County, Wisconsin USA
> NET csgallagher@. REMOVETHISTEXT metromilwaukee.com
> URL http://www.metromilwaukee.com/clintongallagher/
>
>
> "Raterus" <raterus@.spam.org> wrote in message
> news:uzlf08GWEHA.2844@.TK2MSFTNGP12.phx.gbl...
> Here is one option
> http://www.safeemail.org/
> though I believe as spambots get smarter, they'll eventually catch on.
> You could also look at javascript email cloakers, there are many out
there.
> Also you could always just use an image to display your email, but I'd
follow
> this articles advice.
> http://www.15seconds.com/issue/040202.htm
> "Miguel Dias Moura" <web001@.27NOSPAMlamps.com> wrote in message
> news:%23JRngyGWEHA.4032@.TK2MSFTNGP11.phx.gbl...
addresses
>
On Tue, 22 Jun 2004 16:20:02 +0100, "Miguel Dias Moura"
<web001@.27NOSPAMlamps.com> wrote:
>Hi,
>i have some email addresses in a web site of a client.
>Can you tell me what are the best ways to somehow hide the email addresses
>from the SpamBots.
>Can you give the a list of:
>1. What To Do
>2. What Not To Do
>Thanks,
>Miguel
a) This is the simple way of doing it: The javascript is placed
inline where your email link would be. This uses a combination
of the traditional javascript method with the suggestion Raterus
made.
<html>
<body>
<script language=javascript>
<!--
var username = "contact";
var hostname =
"mydomain.com";
var linktext = username + "@." + hostname;
document.write('<a href="http://links.10026.com/?link=' + 'mail' + 'to:' + username + '@.' +
hostname + '">' + '<img src="http://pics.10026.com/?src=email.gif" alt="'+linktext+'"
border="0" align="absbottom">' + "</a>")
//-->
</script>
</body>
</html>
You may want to leave out the alt attribute or put something
like "email contact" there instead.
A spam bot will either pick up the page display (which shows a
gif or the source code which shows javascript.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment