Does HTML Encoding a mailto tag stop spammers
https://stackoverflow.com/questions/563571
-
05-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I think its fairly common practice these days not to include a mailto: tag in your webpage. I also realize that a better solution is to have a contact us form.
Recently I've seen some mailto tags that include and HTML encoded email address. Is this an effective way to stop spammers from attacking an email address?
Example:
<a href="mailto:newbi...">email me</a>
Also, are there any other techniques that I've left out? Which is the best method?
Solution
From what I've heard, it will help reduce the influx of spam but will not stop it entirely. A minority (for now) of email-address-harvesting bots are smart enough to apply the decoding.
OTHER TIPS
Another technique is to use some Javascript to dynamically generate the mailto tag at page load time. In order for spammers to scrape such addresses, they would need to have a full Javascript processor in their web spider.
Some spammers may already do this.
For my personal home page, I give the email address in a graphic. Then I apologize for not making it a link.
I typically use the Hivelogic Enkoder. It is helpful for encoding an entire link element, not just the mailto.
One lesson learned the annoying way, however, is to comment your code with what the original element looked like before encoding. I've accidentally left off classes on the <a> tag a few times.
Without making it hard for some of your users, you're only ever going to be able to stop lazy spammers — because you don't know ahead of time which you're looking at. So if you deliver something easily accessible to a legitimate user, you're delivering something easily accessible to a spammer.
My best advice is just to get a very good spam filter if you're going to put your address on the Web. No amount of href obfuscation will do as much good.
Personally I'd encourage using a form as that will give you much greater control over how you tackle any potential spam. (Personally I don't like "front end" solutions such as CAPTCHA as they're rarely user friendly - if it causes any inconvenience/additional work for your user, I generally like to see if there's a better way)
Using a form also has the additional benefit of enabling you to obtain data from the contactee with some kind of structure. (I.e. it reduces the risk of someone contacting you with a question, but not providing enough info (even their name perhaps) which might help you in providing them with the best response possible.
I have been using simple Javascript string concatenation and substring operations to obfuscate the email address for years on several websites. This seems to have worked well, since I got minimal spam on these addresses. This cannot mean that it will still work in the future.
