| ||
| We live in SERP! |
| ||
Make no mistake. You can't escape death, taxes, or spam. The only thing you can do is try to reduce spam and prevent spammers from getting your email address *easily*. The following briefly explains why this is, and offers a balanced solution to make getting your email address as difficult as possible for spambot harvesters, while still making your site friendly for users. Perhaps just a little bit tougher? Actually, it's almost impossible for a spammer to get it. The script above isn't the real barrier. It's every other script on the Internet. If a spammer wants to get that address, their spambot email harvester must parse every single JavaScript on every page that they scan, and this costs processing power. What are the chances that a script contains an email address? Not very good. It's a total waste of time when there are already so many other people that don't protect their email addresses. I've written a simple free utility, the Renegade Email Protector, that obfuscates email addresses 4 different ways: 1) JavaScript Hybrid The first approach is simple for anyone to modify as it is human readable. It inserts random garbage into the email address and strips it out when someone hovers their mouse on the link: When a user then clicks, the RenegadeFix4E8tXtGz function has already replaced the garbage that's inserted into the address to reveal the correct address. Spambots will easily get "johndoe@4E8tXtGzdomain.com" out of it, but who cares? That wrong address will just waste their time. 2) Unicode Encoded (Entities) The second approach encodes the email address in unicode entities and looks like this: While a browser will easily decode the entities there and display the correct address, none of the spambots tested were able to do this. While not my first choice for protecting email addresses, this can easily be put in a noscript tag for visitors that do not have JavaScript enabled (see below). Unfortunately, this approach, like the next two, is not human readable and is extremely tedious if you're typing individual addresses while reading off of a chart. 3) JavaScript Obfuscation The third simply obfuscates the HTML with the mailto link. It's not human readable, but your browser can easily understand it. Your browser then understands that as 'John Doe'. Underneath that, the escaped text is just a simple function that uses 'document.write' to display the proper HTML in your browser. 4) Obfuscated JavaScript Hybrid Lastly, the ofuscated JavaScript hybrid uses a similar script to #1 above then escapes it as in the third method above: It is divided into 2 parts that are both required to get the proper address. (For the mathematicians out there: The order of complexity is linear and not a change in magnitude. Never-the-less, of the many spambots tested, none were able to harvest any email addresses from anything except the first script where the wrong address was harvested. A change in order of magnitude becomes a moot point if even simple examples can't be handled properly. i.e. The exercise is only academic.) To further make things difficult, you can take the JavaScript and put it in a *.js file then call it from the page like so: Just remember to strip the '' tags when you save the script in the file. Finally, for those visitors that do not have JavaScript enabled in their browser, you can use the unicode encoded method between noscript tags as follows: While more complex algorithms could be designed, the above 4 methods work sufficiently to protect email addresses from spambot email harvesters. | ||
| Permanent Link |