Friday, July 6, 2012

Don't let spam bots grab your email address!

Do you want to protect the email address used on your website from being harvested by spambots?

You want to use your email address so that your viewers have a way to contact you if they have any comments or questions. So you need to put a "mailto:" link on your webpage.

But if you put your email address on your webpage, this is an invitation to the robots used by spammers. These bot are programmed with one goal: find email addresses. All they have to do on your website is look in your HTML code -- the code that tells your browser what to put on the page. And they will easily find your address right there in the "mailto" link.

The old-school methods for "hiding" an email address:

* Munging. In this technique, the viewer must type in the address to send an email to the website. That's because real words are used instead of the usual symbols. Example: harold AT aol DOT com

* Encoding. The most common code used is standard ASCII code. Each letter or symbol in the email address is replaced by its equivalent. A simplified address a @ b.com would be coded as:

& #97; & #64; & #98; & #46; & #99; & #111; & #109; ( spaces were put in to prevent the browser from printing the actual address )

One can still use the mailto: link, since the browser recognizes this code, and prints out the actual address on the webpage.

But these methods no longer work.

These methods may have worked when they were first introduced, but one should never underestimate the intelligence of the hackers who program the spambots. There are new bots that can decode both of these email encryption techniques.

These two methods by no means exhaust the possibilities. A Google search on "hide email address" turns up over two million results. Even discounting duplicate methods, there are undoubtedly quite a few ingenious techniques available.

So what can I do now?

Without going through all of the Google entries, I can predict beyond a reasonable doubt that the method I use myself does a better job of protecting your email address than any other. How can I be so sure? Because I doubt that any hacker would have the time or skill to write a bot that would allow him to grab my email address -- it's that well hidden!

My method has the email address in the middle of a javascript, which is in turn located off the webpage itself, in a file that's located in a different folder. So the robot would need to discover both the name of the folder and the name of the file. Yet even though the address is not located anywhere in the HTML code of the page, it DOES appear - almost like magic - on the page itself. But a robot doesn't have eyes to see it!

I hear you saying, "But that's impossible!" Well, it's not. Just visit the website in the paragraph below, and you can find out how it's done.

No comments:

Post a Comment