Defending your Email Address

As you may, or may not know, evil spam harvesting bots collect email addresses on web pages. There are a few ways to defend yourself. Unfortunately this is yet another thing to think about. You can put your email address as an image (non clickable) in the page, you could do something like user [at] domain [dot] com, but both of these solutions to the problem do not allow the end user the ease of getting ahold of you. You can also only put a form on the site, but this forces someone to use the form (some people would rather use an email client). This is a great way to handle the problem, but your email address is still hard coded into HIDDEN form fields (in most cases). The best solution for this method is using PHP (although PHP is not always available), thus your email address is never in the source code. There is a way to display your email address using javascript to perform a "document.write" and concatenate parts of code and variables together to make the mailto link. This is by far the slickest solution. There is one glaring problem though. This solution does not comply to usability and accessibility standards. It does not pass Government Section 508, or Bobby guidelines. But if usability or accessibility compliance is not your thing, then this javascript tip sure is slick.
<script language="javascript"> <!-- var contact = " Ken Edwards" var email = "ken" var emailHost = "" document.write("<a href=" + "mail" + "to:" + email + "@" + emailHost + ">" + contact + "</a>") //--> </script>
This script can be put anywhere in the page, it does not have to be in the head region. If you put it in your head region, you will have to break the script up into two, one for the vars and one for the document.write. But wait, there's more! The best way to defend your email address (other then not having it on a web page altogether) is to ASCII encode it. Web Browsers render ASCII, and thus this method does not hinder the usability (or accessibility) in any way. Spam bots, as far as I know, do not know how to decode ASCII yet. It would take some smart programming, and a lot of processing power for them to do that. I strongly suggest you ASCII encode your email addresses on your web pages. Only the @ and the . (period) need to be encoded. &#64; = @ &#46; = . (period) There is a nice PHP script I have found that will encode your entire email address. This does not work that well I have found, so I don't recommend it. I think that ASCII encoding your email address is the best way to defend yourself from SPAM. Please send this to anyone else who would benefit from the ASCII encoding trick. SPAM is one of those problems that affect everyone, even if you are not directly involved. I think everyone should use this trick on their web sites. It would no doubt cut down on the amount of SPAM accumulated because of harvesting bots. UPDATED
In Response to Neil T'a comments: Excellent point about accessibility. For a moment there I was not thinking of accessibility, I was just thinking of my loathing for SPAM, and how much of it I know I receive because of my email address being on web pages. I am not totally sure a screenreader could not read the name. Unless of course the screenreader did not have javascript enabled. But when you are worried about screenreaders then you are also concerned with Bobby and Section 508 compliance. So this trick is not for you. And who these days turns JavaScript off? I couple years ago I would have agreed with that statement. But not today. For university or government sites you would not use this javascript, I doubt it would pass Bobby or Section 508 standards. I would imagine ASCII encoding would fly though. I was right, Bobby did not like this. UsableNet Lift (a service/product that checks usability and accessibility standards, including section 508) did not like it either. It suggested using a NOSCRIPT tag, but said that was not in the 508 spec. Lift had other issues other then the NOSCRIPT problem. I would not want to put a standard mailto: link in a NOSCRIPT tag though. Your email address is going to be written in the source of the page, thus, accomplishing nothing. So what have we learned here? This javascript method is not accessibility friendly. Does this matter? Nope, it sure doesn't, not for 99% of you. Lift gave a green light to the ASCII encoding trick. So this is the one I suggest using unless you don't care about the non javascript folks, or you are developing university or government sites. And if encoding the @ sign and the . (period) is not enough for you, then encode the entire thing! I like the user [at] domain [dot] com trick too, but that is as counterproductive as putting an image with your email address on the page.

Comments (2)

There is an accessability issue associated with that. Screenreaders, and those who have JavaScript disabled, won't be able to use the link.

Using ASCII encoding is quite effective, suprisingly. Despite what you think, most harvesting bots are still too dumb to be able to decode them.

You could, of course, give your email address in the form user [at] domain {dot} com. That's probably the most secure method. Unless the email harvesters have insanely powerful machines, they won't bother processing every single possible variation of an email address since there's no way they'd be able to crawl the internet as fast as they can now.

I found Hiveware's Enkoder to be easy to use. They've even got a web-based version that will translate your email address into javascript.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Warning: include(/home/meancode/public_html/breakingwindows/footer.php): failed to open stream: Permission denied in /home/breaking/public_html/2004/03/defending_your_email_address.php on line 272

Warning: include(): Failed opening '/home/meancode/public_html/breakingwindows/footer.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/breaking/public_html/2004/03/defending_your_email_address.php on line 272

Blogcritics Magazine

Social Networking

Mac Headlines

Read up-to-date headlines on everything Mac.

Content provided by prMac.

ESRB Search

Creative Commons License
This weblog is licensed under a Creative Commons License.
Enhanced with Snapshots