Whats the deal with email harvesting? Is it THAT big of a deal? I ask because this web site Ive been working on (worst web site ever) has all emails added via JS using character entities making it completely unreadable for me unless I open the web site outside of DW and get the emails that way (which is a pain). I did something a little different using readable email addresses in a JS function for the edits I did calling a JS function to write them out (something along the lines of eLink("user","com","domain","click here");). It certainly beats
 mailto:&#112 ;re ...
And I figure its a little safer as well since anyone trolling for emails would certainly be able to decode those characters.

Still, Im wondering if its worth it for such a little crappy site used by 15 people. I mean, I guess it doesn't hurt, but its still pretty painful.

:lol: well ya know what I think... that you should give me that script cause I just used that retarded JS script on a site, because my client requested that his email address not be able to caught by spambots and things like that. Also, I think if the site doesn't get exposure... who cares :lol: but I guess it could still be looked up.

Thats what Im thinking - it doesnt matter that much especially given the limited exposure of this thing. But, I guess its better that way. I just think its retarded that these kinds of things have to be done because of this spam junk.

Did you want the eLink script? It really doesnt do anything other than use a document write to stitch the pieces together.

Did you want the eLink script? It really doesnt do anything other than use a document write to stitch the pieces together.
Definately hook it up. I used that JS &amp this &amp that and it got on my nerves... even though I did it w/ a generator it was still annoying. And I'm always looking for better more efficient ways to code my things.

Yea, this is almost like people taking emails from these forums... i dont get spam, and my names under each of my posts. But, couldnt u just use a simple database if you wanted to hide them.

Heres the function, defined in an external JS file:

function eLink(user, tld, domain, display){
if (!display) display = user+'@'+domain+'.'+tld;
document.write('<a href="mailto:'+user+'@'+domain+'.'+tld+'">'+display+'</a>');
}

Then embedded within the doc where needed.
<p>If you have any questions,
<script language="JavaScript" type="text/javascript">
eLink("senocular", "com", "hotmail", "email me");
</script>
.</p>

Yea, this is almost like people taking emails from these forums... i dont get spam, and my names under each of my posts. But, couldnt u just use a simple database if you wanted to hide them.

A database is only a place to store data on the serverend. Email links are needed on the client end, its just a matter of trying to get them there in a way that will get past the bots. I suspect most will probably scan for a "mailto:" or "@" string and snag the text that goes along with it hoping its an email. Using this JavaScript, you can make the client browser work in creating that at runtime and keep the mailto and @ in a JS function away from actual email contents

The best way to protect email adresses is to link emails like <a href="mailto:senocular AT senocular DOT com">mail me</a> and then loop over all the a tags seeing if they start with mailto and replacing ATs and DOTs with '@' and '.'. That way, if the user has JavaScript disabled, they still have some way of sending the email.

The best way to protect email adresses is to link emails like <a href="mailto:senocular AT senocular DOT com">mail me</a> and then loop over all the a tags seeing if they start with mailto and replacing ATs and DOTs with '@' and '.'. That way, if the user has JavaScript disabled, they still have some way of sending the email.

Thats a good idea. Wouldnt they still be snagged, though? Then again, I guess no one is going to go through their harvested list and swap out those ATs and DOTs.

the PHP alternative:

hideEmail.php

<?php ob_start(); ?>
<?php
$safetoemail =$_REQUEST['safetoemail'];
$name = "testemail";
$domain = "domain";
$construct = $name . "@" . $domain . ".com";
$goEmail = "mailto:".$construct;

if ($safetoemail == "yes"){
header("Location: $goEmail");
}
else
{
echo "not ok to email";
}
?>


To call the function make your email text link to:
hideEmail.php?safetoemail=yes

example:

<a href="hideEmail.php?safetoemail=yes">Click Here to Email Me! </a>


If it is safe, then the link will cause the same action as mailto.

Thats a good idea. Wouldnt they still be snagged, though? Then again, I guess no one is going to go through their harvested list and swap out those ATs and DOTs.

Well, you could use _AT_ or @AT@ or (AT) or whatever, or something completely unique ;)

I thought about using PHP or a server-side solution too... but I didnt want to over complicate things. If I had my way, I wouldnt do it at all. I'll probably take the AT-DOT route and just do a replace ;)

for anyone interested, here's what Im using now:
function emailReplace(){
var anchor_elems = document.getElementsByTagName("a");
var i = anchor_elems.length;
var href;
while(i--){
href = anchor_elems[i].getAttribute("href");
if (href && href.indexOf("mailto:") == 0){
href = href.replace("[AT]", "@");
href = href.replace("[DOT]", ".");
anchor_elems[i].setAttribute("href", href);
}
}
}

with emails formatted as
<a href="mailto:senocular[AT]senocular[DOT]com">click</a>
emailReplace() is then called when the document has loaded, either in the onload event of the body tag or by whatever other means you please

(i bet my script executes faster :P)

this is a good thread - it should probably find itself stickied or something

With the server-side solution you need a new page to load to execute the mailto and it would require different implementations for different server models. Using Javascript its all client-side and not dependant on server model - just on whether or not JS is enabled (or client is JS-capable) :pleased: But like λ pointed out, even without JS, it still makes email mostly usable for anyone with sense enough to change the characters.

sen i was joshin' with you :)
from the realm of the user having javascript disabled though, they wouldn't have to change anything to use the server side method, but keeping it client side would always be best, especially if the site receives a lot of traffic, it would keep the processing on the user's computer and not on the server while multiple users tried to access the same page/function
:)

sen i was joshin' with you :)

I only mention it because you said it was a good thread, I figured the differences can be pointed out.

I dont mean to knock your solution or anything. I was close to using it :love: , but went the JS route anyway ;)

its not too late to turn back sen! :P - if we sticky this lol - let's prune it hahaha

I'll probably throw it in Best Of when its run its course :D

had you considered using gifs at all? obviously it wouldn't link to e-mail, but it would show the e-mail all the same.

ASP version:
hideEmail.asp

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<%
emailname = "testemail"
domain = "domain"

safetoemail = Request.QueryString("safetoemail")

construct = emailname & "@" & domain & ".com"

ActivateEmail = "mailto:" & construct

If safetoemail = "yes" Then
response.redirect ActivateEmail
Else
response.write "not ok to email"
End If

%>


<a href="hideEmail.asp?safetoemail=yes">click here to email me </a>


(http://www.poorreflection.com/hideEmail.asp?safetoemail=yes)

if you use gif's and such - you have to assign the image a link property to get it to trigger the email - a page's source can be read using server side languages and parsed pretty easily, so it would pick that address right up.

however if all you wish to do is display the email address (like bwh2 said), that would work, some advance scripting can read through images like that however.

had you considered using gifs at all? obviously it wouldn't link to e-mail, but it would show the e-mail all the same.

The links Im using need to be email links. Theres actually non-email text that links to it.

Also, I should note that Im dealing with many different emails on one single page, not just my email.

that would make the replace function more useful then - makes more sense now

i have to say this next one so don't laugh - it's an option for those just wanting one email address one time on the page or even a few times if they really wanted to do that.

you could even make a very small flash movie file - maybe 20 pixels tall, by 100 pixels wide - place a movieclip containing text "email me" or something of the like, give it an instance name "emailbutton" then on the frame AS put:

emailButton.onRelease = function() {
getURL("mailto:youremail@yourdomain.com");
}

and then embed that movie into your HTML file.

this is by far not the most advanced nor time-saving method however.

Flash is certainly a way to go. Images have been "protected" that way, so why not email? Text can be used (and it can be selectable) yet wont show in the page source at all. If you wanted, you could pass variables into the Flash movie through a query string to allow for dynamic emails to be displayed (of course it'd be a little more difficult to control the size of the movie to make it fit best with the email being used.

I have a site ( http://www.seattledarts.com ) on which I originally just made the email addresses (lots of them) a part of the HTML. Everybody who had an email address listed there just got hundreds of spam emails a week after the site had been up only a matter of months.

I have since changed everyone's email address and used javascript to obfuscate all of them. On the first round, I missed two occurrences, one per page on the schedule pages, and those continued to get spammed for months until I discovered my error and corrected it. Now we get none except for the few lists on which those two email addresses still reside.

However, another thing I implemented, at the time I added the JS obfuscation, was a hidden email address and link at the very bottom of the page -- the email address is bogus and the link leads to a page that contains THOUSANDS of bogus email addresses, so that the only thing the email harvesters find serves only to contaminate their spam lists. MuahaHAHAHA. See http://www.webpoison.org/ -- it's wonderfully vindictive!

I have a site ( http://www.seattledarts.com ) on which I originally just made the email addresses (lots of them) a part of the HTML. Everybody who had an email address listed there just got hundreds of spam emails a week after the site had been up only a matter of months.

Thats good to know - so its definitely a problem.

Ive heard of people doing the bogus email pages too. The thing about that is it can just further clog internet bandwidth and most harvesters have email verification scripts to check validity. But it is :evil:

The main thing about using the webpoison approach is that it forces up the per unit cost for spammers by making them employ such validation techniques. And anything that ups the cost for them is good, as it is only because the per unit cost is so low that they can even stay in business. And anything that pollutes their lists at the outset is good, as they get a bad rep if they sell it as is.

It is a problem indeed.
Last winter when one of the sites of the company I work for was launched, a few emails were changed in the last minute and we totally forgot about spam robots. The next 4-5 months we were overwhelmed (and I mean all the company) with Viagra offers and pets training and so on, although I corrected the entries in one month after launch.
I kinda got used to html escape characters. Although it would be so much simpler if there was some extension for it, I hate to copy paste them:)

This is what I use on the aforementioned SeattleDarts site:

</HEAD>
<SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript">
<!--
var stgAddr = "board,president,vicepresident,secretary,treasurer, compsec,publicity,tavernrep,arep,brep";
rraAddr = stgAddr.split(",");
var domain = "domainname"
var suffix = "com";
var subject = "?subject=whatever you want to appear in the subject line: ";
var nbrLength = rraAddr.length
for (var icrIdx=0; icrIdx<nbrLength; icrIdx++){
rraAddr[icrIdx] = [rraAddr[icrIdx], rraAddr[icrIdx]];
rraAddr[icrIdx][0] += String.fromCharCode(64)+domain+String.fromCharCode (46)+suffix+subject;
rraAddr[icrIdx][1] += String.fromCharCode(64)+domain+String.fromCharCode (46)+suffix;
}
// -->
</SCRIPT>

That sets up the array of addresses which I then call thusly:

<p>Send email to:
<SCRIPT LANGUAGE="JavaScript" TYPE="text/JavaScript">
<!--
document.write('<a href="mailto:'+rraAddr[1][0]+'">FirstName LastName, President</a>');
// -->
</SCRIPT>
or call: <b>206-000-0000</b>.</p>

I tend to use the character entities method because it's so easy to use, and works quite well. The Markdown Dingus (http://daringfireball.net/projects/markdown/dingus/) allows you to simply insert an email address inside brackets (<,>), and it'll output the codes.

Also, I use Markdown on my blog, so it only requires two extra keystrokes to work :)

Nice link nokrev :thumb:
I am sure those scripts that you guys provided here work great too.This should really go into a "best of".

and character entities work? If I were a spammer, I would certainly check for those. Nevertheless, they are what prompted me to make this thread anyway because... I hate them. When I need to find tpatterson's email, I dont want to have to go through the trouble of converting the name to character entities and then search for that or have the need to have a rendered page present. As a developer (especially editing an existing site) I want the source readable. Actually, in that case, should character entities be the desired method, then I would rather they be added through a server-side script thereby allowing developer access to readable email addresses. Something along the lines of:
For questions, email our <a href="<?= emailEncode('president@company.com'); ?>">president</a>.

and character entities work? If I were a spammer, I would certainly check for those.
That was my thought, as well, that it would only be a matter of time before email harvesters were equipped to parse character entitites.

This is what I use:



<script language=javascript>
var showtag="@"
var showlink="info(a)company.com";
var showname="info";
var showhost="company.com";
document.write("<a href="+"mail"+"to:"+showname+showtag+showhost+
">"+showlink+"</a>")
</script>

http://www.csarven.ca/hiding-email-addresses

more options... from digg

You oughtn't revive old threads. :)

Link (http://www.dynamicdrive.com/emailriddler/)

:)

Then people without JS can't view it. ;)

And, read the post above yours. ;P

oh is it we cannt revive old threads? but there is no sticky guidelines as such

Oh, there's no rule against it, but it's generally discouraged because it's annoying. ;)

Revive them all you want. Just be prepared for the wrath of nokrev and people of the like :P

:lol:

Oh, there's no rule against it, but it's generally discouraged because it's annoying. ;)

ahhhhh.. u r misguiding

Sorry…

ahhhhh.. u r misguiding
Well, some people do find it annoying, and that can be discouraging... so it wasnt completely misguided. :pirate3:

ok.. got it


:)

Thanks prstudio. I've just used your php script and it works a treat. My problem was that my email address was being picked up from a php page used to process the form, I had no mailto: link to encrypt using many of the other methods. But using your php as a springboard I modified it slightly and now, he presto no spam. Thanks again.

〖^o^〗^o^ 〖^o^〗
Shakugan no Shana (http://manga1.yuedu365.com/bookinfo/10459)
Claymore (http://manga1.yuedu365.com/bookinfo/2409)
Fate-Stay Night (http://manga1.yuedu365.com/bookinfo/3729)
Rurouni Kenshin (http://manga1.yuedu365.com/bookinfo/9984)
Highschool of the dead (http://manga1.yuedu365.com/bookinfo/5003)
naruto (http://manga.yuedu365.com/bookinfo/7793)
One Piece (http://manga.yuedu365.com/bookinfo/8394)
Prince of Tennis (http://manga.yuedu365.com/bookinfo/9274)
naruto (http://manga.yuedu365.com/)
comic (http://manga.yuedu365.com/)
Angel Sanctuary (http://www.yuedu365.com/search/Angel+Sanctuary%40120/stkmhen-1)
Slam Dunk (http://manga.yuedu365.com/bookinfo/13318)