Protecting email addresses from spam bots / web crawlers
https://stackoverflow.com/questions/3663963
-
01-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
How do you prevent emails being gathered from web pages by email spiders? Does mailto: linking them increase the likelihood of them being picked up? Is URL-encoding useful?
Obviously the best counter-measure is to only show email addresses to logged-in users, or to provide a contact form instead of an email address. But in terms of purely client-side solutions, what is available?
Solution 4
Years later, I've created the following jQuery for a different website:
$(".email").each(function() {
$(this).html( $(this).html().replace("...", "@").replace(/\.\.\./g, ".") );
$(this).attr( "href", $(this).attr("href").replace("...", "@").replace(/\.\.\./g, ".") );
});
Emails are then written as:
<a href="mailto:bob.smith...example...com" class="email">bob.smith...example...com</a>
It's not perfect, but it's very simple and seems to thwart most email harvesters. The advantage to this method is that someone not using JavaScript will probably be able to work out what the actual email address is.
Check out this study on various email obfuscation methods.
OTHER TIPS
Most email spiders don't have javascript interpreters, so if you really need the mailto: you can inject it with javascript... just make sure the address is obscured in the javascript somehow, e.g.
myLink.href='mai'+'lto:'+'bob'
+'@'
+'example.com';
If you need to display the email address on the page, a common solution is to generate an image using something like php's gd (although the javascript injection should work ok for this too).
The idea is to remove the email addresses from the HTML and inject them with javascript. That way the email address doesn't appear in its original form in any of the HTTP traffic, which is what the spider is looking at.
I tend to avoid a mailto as it makes it too easy for people to harvest email addresses.
If you are going to have contact pages on your website, then just have a form, and when they submit your server-side code and use the appropriate email address.
If you need to be able to have other people's addresses available, use numbers, names, usernames, some way to identify them.
If you just have an email address in a span it is likely to be picked up, even if you try to hide it, as these programs can be pretty complex, as finding email addresses is what they are about.
As with most secrets, if you don't want others to get them, don't put them on the page.
I usually split them up into separate parts and then re-combine them using javascript. The final javascript does a document.write to write out the html.
i.e.
var mail = "mailto";
var namepart = "test.user";
var domainpart = "example";
var tld = "com";
var address = namepart + "@" + domainpart + "." + tld;
document.write("<a href=" + mail + ":" + address + '">' + address + "</a>";
If you don't need the mail link you could replace the @ symbol with [at]
Example: sam [at] example.com
