Jump to content
xisto Community
delivi

Email Address Protection From Spam Bots

Recommended Posts

I've developed a nifty small javascript file that will protect the email address in the webpages from spam bots.

all you need to do is to download safeMail from http://blog.delivi.com/download/safeMail.zip

include the javascript file in between the <head> & </head> tags in the following format.

<script type="text/javascript" src="PATH/safeMail.js"></script>

here PATH is the location where you've uploaded the safeMail.js file

then include the email address in your web page in the following format,

<span class="safemail">username [at] domain [dot] com</span>

the class 'safemail' is used by the script to identify the mail address and generate the valid code as shown below.

<span class="safemail"><a href="mailto:username@domain.com">username@domain.com</a></span>

the generated code will not be visible to the spam bots so you protect your email from spams.

Please try this script and post your comments and suggestions here or at http://blog.delivi.com/javascript/safemail

Share this post


Link to post
Share on other sites

the generated code will not be visible to the spam bots so you protect your email from spams.

How can we be of certain? Is there a way to test this in the eyes of spam bot? Spam bots are getting better where they are able to read JAVA scripts in action.

jlhaslip and I were in the middle of something similar to your quick and awesome email replacement using dynamic image--where your email address will show as jpg but to use it, the code would be very similar to yours.

If spam bots truly cannot see the converted email address, you're sitting on a goldmine here delivi! :P

Another thought: what about home based pc spammers? They use auto surf and programs to click all URLs on a site to collect email addresses. This won't be protected from these manual email collectors since a browser translates into a real email address...?

Share this post


Link to post
Share on other sites

you are right BH, but the spam bots have a lot of information out there to crawl at, so they wont be wasting time running all the javascript codes. this will consume a lot of server power. So as of now we can be assured that the spam bots will not see as the email address is generated on the fly and they dont care to execute the javascript codings.as about the human spammers I dont think that there is a proper solution for it.I was planning about the Image replacement, but it affects the usability and accessability of the email address. People prefer to click on the email and send message or atleast copy it. You cannot do both on an image.The best possible solution would be to use flash. :P

Share this post


Link to post
Share on other sites

Ok, I see what you guys are getting at, but couldn't you protect your email by using a PHP mailer function so that not even the regular users can find your email? I'm doing that right now, I just made a form for my users to send email to me with and I thought this would protect my email since PHP is executed servside, but I could be wrong.

Share this post


Link to post
Share on other sites

Ok, I see what you guys are getting at, but couldn't you protect your email by using a PHP mailer function so that not even the regular users can find your email? I'm doing that right now, I just made a form for my users to send email to me with and I thought this would protect my email since PHP is executed servside, but I could be wrong.

I belive you are correct in your assumpitions about the Bots not gathering your email address via php server side scripting.If you look in my Siggy, there is a link to a page I have written that provides the code for an obfuscated mailto: link which you can place on to your page and I suspect that tyhe Bots are not *yet* able to find the email address from it.

Gawd, I hate spam... :P

Share this post


Link to post
Share on other sites

Interesting code. But i must ask a question similar to BuffaloHELPs: How do we know there aren't spam bots that have an advanced form of digging out e-mails in a page? I mean, what if a spam bot was programmed to search out e-mails in the following syntax: username [at] domain [dot] com?

 

People prefer to click on the email and send message or atleast copy it. You cannot do both on an image.

I don't know about that. Actually, i'ma see this as a challenge and try to create a script that makes use of an e-mail image that is clickable. I'll make a new topic on it if i can get it to work by any means possible. :P

Share this post


Link to post
Share on other sites

I agree with t3jem again.Just make a form where clients can just fill out information, and sort out the weird ones.


i agree. i have been thinking about illiminating spam on my new upcoming website and all i could think of is to make a form for email. since i can mark all spam in bulk, all i have to do is go through it every day and do some upkeep. any good webmaster does this anyway.

i wouldn't trust the javascript code that was posted vaguely. i went to the site and just too many holes in it. may illiminate some, just like creating a form, but not all. i haven't looked at how haslip has written his code. i'm going to take a peek :D

and true fusion is exactly right. why i wouldn't trust it. if i wanted to create a bot, it would also be very general so i can capture what looks to be an address but isin't. if i send mail, it will just get ruturned and i delete it out of my database. but general in the terms with ".<all extensions>" would be really general but if i include it to look for an @ sign before the extension, then you have a really good bot and i wouldn't care if it picked up some text that wasn't an email address. i would know soon enough.

i'm not too familiar with these dynamic graphic images, but these bots can pick up those now too i hear. i'm not an expert at programming now either though(used to be :P) and it seems like most anything that is created to deter bots right now wont work in the future so you would always have to keep changing your code around.

aside from the what i will probably end up doing with my form, i'd like to expand on the idea of the original poster. i don't know if this is possible, but create a jpg or gif image, allow it to be clickable, but create a script that encripts letters and numbers within the html code.....the bot will see the script, but not the algorythm, and what shows up on the site itself that's viewable would be different than what you see in the source code.

anyway....did i confuse? :P dunno if this can be done though. i have to see what haslip did.

[hr=noshade] [/hr]
well, i went to the site you listed in your sig and checked if you used the code for your email at the bottom....and yup! :D good job. is that your real email or a test email to see if you get spam from that webpage? if it's a test email, have you gotten any spam yet? have you posted your like in any high profile forums?

script seems to have holes in it as far as spam bot capabilities but i think out of all the scripts i've seen so far in researching, i have to say i like this one the best bust i am going to look at the script more closely. i have it saved. i'm rusty in a few areas and want to decipher it better.

still wondering why someone can't just create something in a database that would decipher misc. code that is pasted in the html. i think you would have to force the visitor to a hidden page for the code to be triggered, but is this possible or am i just nuts and should put my thinking cap back on? :D

nice code btw haslip. i don't know why you wouldn't be marketing it right now. it seems very efficient for what i have noticed and in another year, i doubt it will be of any use since i think the bots are going to become alot smarter within that time. or is this just a hobby of yours :)

Share this post


Link to post
Share on other sites

aside from the what i will probably end up doing with my form, i'd like to expand on the idea of the original poster. i don't know if this is possible, but create a jpg or gif image, allow it to be clickable, but create a script that encripts letters and numbers within the html code.....the bot will see the script, but not the algorythm, and what shows up on the site itself that's viewable would be different than what you see in the source code.

That was similar to what i had in mind. Since PHP can decode base64 encoding, i could use the GET method to help with the dynamic generation of the image. I could use a JavaScript function that decodes base64, as well, which would get the value attached to the image link, and have JavaScript convert the image into selectable text or a clickable link.

Share this post


Link to post
Share on other sites

My safeMail script is more effective than that of jlhaslip ,

* because his script requires the pages to be in PHP, where as safeMail does'nt need any server side intervention.

* you generate the email address for each email address in jlhaslip's script, whereas in safeMail all email addresses added in the prescribed format will be automatically converted into work ones.

* the reason why I choose the email format to be

myname [at] anydomain [dot] com
is because even if the browser doses not support javascript the email address will still be in readable and understandable format. This increases the usability and for the screen reeders.

* jlhaslip's script generates the email address in the html entey form, this is still readable by almost all browsers and even spambots( spambots can parse html tags and the html enteties), since the email address is present in the page, as it is generated in the server side there is no use of this script if the spam bots can parse html entities ??

If you find any bugs or face any problems in using safeMail or if there is any security issue plese post it here or in my blog.

Share this post


Link to post
Share on other sites

well i think you BOTH did an excellent job writing your code. i've researched and it's the best i've seen off a simple google search. unfortunately, both still have holes and the code will be outdated sometime next year.i think truefusion is talking about something innovative though. this is what someone needs to create so it will last a couple years with no spam. and if something like what truefusion or my idea(similar concept) can be done, i just don't see any bot capturing any email addresses anytime soon. how could they?problem here is that spam bots are ahead of their time and there is a lot of money to be made with spam bots. unfortunately there isn't alot of money to be made creating a wall for the bots.....at least not until now since an early stage concept to deter bots and how they collect email addresses.i still think you two should be selling your script in an ebook or off clickbank or something similar. at least have it pay for your time because both scripts were excellent for what they can do right NOW and i haven't seen any similar code written....at least with my google searches....and both your webpages never did come up in any of my searches either.i like free scripts and all which go along the same lines as open source, but by selling scripts like this, it could create a trend and more demand for something that will work better in the future. since i am now on the beginning stages of my business website, i will always be searching for that perfect code. until then, i will have to decide which script i i wish to use between the two of ya. yours was simpler to understand for me. i am still trying to decipher part of haslips code. also, in the beginning of his code, it says it doesn't verify if the email address is valid but at the end of the html document, it seems like it does.has anyone set up a test email on a webpage to see if the bots are capturing after doing some seo and submitting to the search engines and posting the web page to a few high profile forums? i'd be interested in some results of someone wants to test it.anyway, i think you both did an awesome job from what i could see and it's not a matter of which is better because both have their pros and cons

Share this post


Link to post
Share on other sites

* the reason why I choose the email format to be

myname [at] anydomain [dot] com
is because even if the browser doses not support javascript the email address will still be in readable and understandable format. This increases the usability and for the screen reeders.
Although your script would work without the need of a server-side scripting language, and the munged up e-mail would still be viewable by the user if JavaScript is disabled, according to this webpage (link), they do not recommend munging up e-mail addresses, because there are already spam bots out there that look for these munged-up e-mail addresses, which defeats the whole purpose of this script. There may be spam bots that can read images with an e-mail address on them, but it seems like that is rare, if any. However, security can be increased if you warp the text on the image while still keeping it good enough to be read by human eyes. Because, i'm assuming, reading an image is the same as having a PDA type letters out by writing on the screen with an attached pen (like those things you see in super markets or when you get a delivery). Warping the text would make it very hard for the spam bot to translate the warped text accurately.

Share this post


Link to post
Share on other sites

I'm working an a newer and better solutions that will be more secure and effecient than the present solutions.I'll be using AJAX and flash to process the email address. this will definitely be the most effective solution to keep the spam bots at the bay. :P

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.