Email-spam-protection - SPAM-Protection: Hiding an E-Mail address

last update 21.Jul.2008

Rate this site:

Email spam protection

SPAM-Protection: Hiding an E-Mail address

It's no wonder that many internet users get Spam-E-Mails, when they are placing their E-Mail address as plain text on websites. The reason is, that most of all spammers are using Harvesters (also known as Webcrawler, Spider, Robot, or Bot). The Harvester is a software program or automated script, which browses the World Wide Web in a methodical and automated manner to find E-Mail addresses for spamming.

In order to prevent this, or to make it more difficult, we could use miscellaneous possibilities:

Adding characters:

Instead of: info@example.com write: infoXYZ@example.com (remove XYZ!)

A human immediately recognizes that he must remove the XYZ signs. Bots should get serious trouble to understand this.

Result: efficient protection.

Replacing characters:

Instead of: info@example.com write: info{at}example{dot}com, or info at example dot com

A human immediately recognizes that he has to replace the characters {at} and {dot} with @ and '.', and that he has to remove the blanks too. It is possible that Bots are able to recognize these replacements too!

Result: lower protection.

Using Unicode:

Instead of: info@example.com write into the HTML-Code: info @ example . com

Current browsers are able to translate Unicode-characters into the corresponding characters. Bots too!

Result: expensive and lower protection.

Using CSS (Cascading Style Sheets):

Instead of: info@example.com write into the HTML-Code: info<span style="display:none;">!!!Delete this text!!!</span>@<span style="display:inline;">example.com</span>

A browser does not show the CSS-Style text !!!Delete this text!!!, but if you copy&paste the E-Mail address, the text comes back and a human should understand that he has to delete it. Until now Bots don't evaluate CSS.

Result: efficient protection.

Using CSS (Cascading Style Sheets):

Instead of: info@example.com write into the HTML-Code: <p style="direction: rtl; unicode-bidi: bidi-override;">moc.elpmaxe@ofni</p>

This CSS-Style reverses the letter direction from right to left. For that reason you have to insert the E-Mail address vice versa! Problem: if you copy&paste this E-Mail address, you will also get it vice versa - and this will confuse many human users too. Until now Bots don't evaluate CSS.

Result: efficient protection.

Using JavaScript:

Instead of: info@example.com write into the HTML-Code: <script type="text/javascript">document.write('info' + /* Comment */ '@exam' + 'ple.com');</script><noscript>This E-Mail address is protected against Spam-Bots! Please activate JavaScript inside your browser!</noscript>

The JavaScript-Code dismantles the E-Mail address in several parts.

Result: efficient protection.

Inserting images:

Instead of: info@example.com use: info example.com oder:

Replace the '@' character with a graphical one, or replace the whole E-Mail with an image. Problem: a user could not copy&paste the whole address and have to insert the '@' by hand.

Result: efficient protection.

Using a contact form:

Another opportunity is to provide a contact form (via a Perl or PHP script), like the form on this website at the bottom. Advantage: nobody can see your E-Mail address. Disadvantage: you must protect your script against Cross-site scripting (XSS) and against Bots by using a Captcha.

Result: expensive, but the best protection.

Endnote:

As you can see are all examples more or less comfortable and secure. Especially from the point of view of accessibility, visually impaired people could get problems.