![]() What doesn’t this do? It doesn’t get rid of the useless text (“REALLYNICE”), which means that while the link remains clickable, it’s also useless if the visitor doesn’t manually edit the address.Īs the webpage developer, it’s my duty to make the link human-readable, and make the dummy text as obvious as possible. So what does this do? It keeps the link clickable, and it prevents the spambot from knowing what our real email address is. Important! Notice that I didn’t type the email address between the ‘a’ tags… that would make this system pointless! I suggest typing sensible alternate text, such as “Email me!” or the email recipient’s name.īy adding a little bit of unrelated text to the username portion of the address (“REALLYNICE”), we can prevent spambots from knowing what our true email address is: Email me! Code language: HTML, XML ( xml ) Yes, that means we’ll be using the standard email link technique: Email me! Code language: HTML, XML ( xml ) Part one: Add some useless text to your address. Granted, I can tell you in advance this isn’t a foolproof method, but it’s very easy to implement and doesn’t leave JavaScript-deprived visitors out in the cold. A simple compromiseĪfter kicking around these thoughts for a while, I decided to implement a compromise between two of the three methods I’ve covered so far: using an altered email address to fake out the bots, and using JavaScript to make the bots work a little harder. This seems like a temptation for a zealous hacker who wants to prove his or her worth. Secondly, I think it would be easy to write a bot that finds page content written in that format, especially in places where it’s a common practice, such as bulletin boards and forums. Sounds silly, but it’s a big usability component if you’re trying to encourage people to contact you. I started looking at the common trick of writing “name at somewhere dot com.” I have a couple of problems with this approach: First of all, the address isn’t clickable. What about spelling it out at myaddress dot com? It wasn’t much of a surprise, to be honest. Guess what? I couldn’t find any, aside form the simple character entity encoding described above. ![]() I decided to search around for encoding tricks that would work without JavaScript. ![]() This is a big no-no if you’re a supporter of graceful degradation/progressive enhancement. What if your visitor has JavaScript disabled? Many times, they’ll see nothing… no fake email address, no chunks of encoded text, nada. While the JavaScript adds several layers of complexity for the bot to overcome, it also limits what your visitors can do on your site. More complex encoding methods, such as the aforementioned Hiveware enkoder, still seem to work well, but they also rely on JavaScript. com/.org/.whatever, etc… they just look like this: yourname Code language: CSS ( css ) Javascript shouldn’t be required ![]() The patterns are still there: the ‘mailto’ protocol, the sign, the. A block of text encoded as character entities is easy to defeat with automated decoders, even by an amateur like me. However, precisely because of their popularity, some spambots are being written to overcome simpler encoding methods, such as obscuring the address using character entities. This has become a very common practice, thanks largely to free encoder tools such as the Hivelogic Enkoder by Dan Benjamin. I always try to encode email addresses on sites I build in an effort to make the addresses more difficult to abuse. Read about the updated code at Įveryone knows the story: an innocent email address is posted online and a big bad spambot finds it, relaying it to every spammer on the face of the earth… the email address becomes useless due to the 500 spam emails you get every day!
0 Comments
Leave a Reply. |