Putting e-mail addresses on your website.

[nath]

How do,

I've just made a little website for my business (Home IT Support) and want to put my e-maill address on the contact page. I want to avoid spam if poss so I've rejigged it to be blah AT moo DOT com. I know this is what people initially did to avoid spam but have the webbots wised up to this?

I lack the skillz0rz to make a webform for people to e-mail me so if the above isn't sufficient, any advice would be appreciated.

Ta!

 

[Clown]

Webbots can spam webforms too

 

[Kryten]

Not a massive amount you can do - an increasingly common way round this is having a webform with a Captcha. Not sure what else you can do.

 

[wyrd_fish]

a lot of people advocate using java script to write it for you

not sure how effective that would be, and i'd write my own as chances are any from script sites will be known to crawlers


any one know more about crawlers and javascript?

 

[ford prefect]

Might sound like a silly idea, but you could put your email address in an image, so bots can't read it - in your websites logo for example.

 

[nath]

Not a silly idea at all, I thought about that - wouldn't I then have to obfuscate it with some wild and wacky 70's patterns in the background like a captcha?

Does anyone actually know if blah AT moo DOT com is enough anymore?

 

[Louster]

I would be amazed if it is, given it's so widespread and not particularly difficult to look for.

 

[nath]

Yeah that's what I was thinking. I guess I should just put a direct link and suffer the junk mail - hopefully won't be that bad.

 

[Louster]

I wouldn't go that far - any protection is better than none, even if it only slightly reduces the number of bots that are able to harvest your address.

Using an image without all the captcha obfuscation gubbins is probably a good (and easy) idea, even if it's not totally foolproof.

 

[Jonty]

Hi nath

I believe the 'AT' 'DOT' system should be fine for most general purposes. Yes a bot could parse the information, but if it's not a link then it's unlikely to happen.

As for a webform, I can help you write one if you want, but your web server needs to support PHP. Again, they can be spammed, but if you custom write one rather than using publicly available code, chances are most bots will leave it alone.

With regards the image method, I wouldn't recommend it because it's not good for accessibility (i.e. people with poor vision, or who use screen readers, or who have images disabled etc.). You could have alternate text to describe the email address, and it's unlikely a bot would be checking for this, but it's still not a commonly used method (this accessibility argument is also made against CAPTCHA systems, hence why some big providers provide alternative methods such as audio).

As for Javascript, it is possible to output an email address using this method, but again it's less than ideal because of the accessibility concerns, and because it also excludes those who have disabled Javascript (or whose browser blocks it on untrusted websites).

I have also encountered a couple of others ways of obfuscating an email address:

• Character entities: You can convert your email address to character entities and put these in your source code. A bot parsing the text will not pattern match the '@ .' etc., but your browser will convert the entities so visitors just see your email address like normal. Again, it's not infallable, but I haven't heard of any bots specifically designed to look for this (... famous last words!).
  
  
• Geek Description: You could describe your email address in words. For example, if your email address is something@somewhere.com, you could say "You can contact me at 'something' at this domain". Obviously some people won't understand 'at this domain', but this may be acceptable depending on your target audience (obviously this is less helpful if you're using an ISP email address etc.).

To be honest, spam is always a risk, and none of these methods can counteract a human spotting your address and spamming you (and trust me, it sadly happens). My personal preference would be to use a webform, since they're simple, accessible, and they don't reveal your email address unless you wish to reply to the message you receive.

Kind regards

 

[nath]

Thanks all (specially Jonty ). The site is geared towards home users as I'm now a self employed home IT support engineer. As such, ease of use is pretty important. I'm not sure my server supports PHP, I'm just using uk2.net to redirect to my ukonline webspace. I've decided to go for the blah AT moo DOT com, I've also put a * next to it and briefly explained why I've put it in that format. Hopefully I'll not get much in the way of spam, but fortunately it's a dedicated e-mail address for the business so I guess not the end of the world if it gets a bit.

Thanks again for the suggestions

 

[Kryten]

Some cracking suggestions there. In most cases those captcha images work well but theres some (Facebook, pay attention before you get shut down!) that are plain dreadful and unreadable even by 20/20 vision users.

On a more non-technical note, it may be worth speaking to UK2.Net - I've never personally used them but I've been told on more than one occasion that they've got a decent array of services behind their internet provision - naturally you're in a better position to back that up than me - but point being, they may be able to provide a server side spam solution for you. I've known a couple of ISP's (Nildram long in the past) to do this for no extra charge, but probably worth it. If your site got rather popular and ended up heading the first page of a Google search (probably unlikely, searching for IT/Engineer/London) you'd probably spend more time playing "hunt the real email" in your inbox than fixing computers. Maybe even a software solution your end may do the trick? Not infallible by any counts but if it alleviates the above worst-case scenario, every little is gonna help.

 

[Chilly]

have a bog standard email form, with a silly question that only a human can answer, but that isnt annoying.

"How many heads do you have?" or similar...

/edit - and then get sued by a pair of siamese twins

 

[SheepCow]

have a bog standard email form, with a silly question that only a human can answer, but that isnt annoying.

"How many heads do you have?" or similar...

/edit - and then get sued by a pair of siamese twins

Questions like "How do you spell orange?" seem to be popular.

 

[dysfunction]

Some people may not know how to spell orange though..

 

[thergador]

how about using
hex or unicode
example
<a href="mailto:%66%6f%6f%40%62%61%72%2e%63%6f%6d">foo's email</a>

or
HTML Comments
foo<!-- >@. -->@<!-- >@. -->bar<!-- >@. -->.<!-- >@. -->baz
foo@bar.baz

a redirect
/* In `email_foo.php` file */
<?php
header (Location: "mailto:foo@bar.baz");
exit();
?>

java scirtp
<script language="JavaScript" type="text/javascript">
<!--
var string1 = "foo";
var string2 = "@";
var string3 = "bar.baz";
var string4 = string1 + string2 + string3;
document.write("<a href=" + "mail" + "to:" + string1 +
string2 + string3 + ">" + string4 + "</a>");
//-->
</script>

CSS
p:after { content: "foo\40bar.baz"; }
<p>email me: </p>

/* Output on screen (\40 is a character entity for the '@' symbol): */
email me: foo@bar.baz

forms
<form action="emailmessage.php" method"post">
<fieldset>
<legend>Contact information</legend>
<label for="fullname">Fullname</label>
<input type="text" name="fullname" value=""
id="fullname" size="50" maxsize="50"><br>

<label for="email">Email</label>
<input type="text" name="email" value=""
id="email" size="30" maxlength="50"><br>

<label for="message">Message</label>
<textarea name="message" id="message" rows="5"
cols="30"></textarea>

<input id="submit" type="submit" name="submit"
value="Contact me">
</fieldset>
</form>
This is a very widely used method since it reveals no email address. Since the email is not in source, it is neither available on viewport. Therefore, the user has to contact you by filling out a form, which eventually gets forwarded to your email. There are some alternative methods to this, where the email is actually accessible if the actioned value is a cgi file and not complex enough. Be careful with this since it technically brings us back to square one. A server-side scripting process for the form values is very safe, and the email spam bots simply pass this source area as it contains no email. A disadvantage for this could be the comment spammers, where they leave their mark on your form, which you might have to put up with later. But that's a different spammer all together.

 

[SheepCow]

java scirtp
<script language="JavaScript" type="text/javascript">
<!--
var string1 = "foo";
var string2 = "@";
var string3 = "bar.baz";
var string4 = string1 + string2 + string3;
document.write("<a href=" + "mail" + "to:" + string1 +
string2 + string3 + ">" + string4 + "</a>");
//-->
</script>

Usability / accessibility says no! No idea what screen readers etc. will make of this but they tend to hate JavaScript in my experience. Also some people have JS turned off.

CSS
p:after { content: "foo\40bar.baz"; }
<p>email me: </p>

/* Output on screen (\40 is a character entity for the '@' symbol): */
email me: foo@bar.baz

Not all browsers support the :after CSS selector.

forms
<form action="emailmessage.php" method"post">
<fieldset>
<legend>Contact information</legend>
<label for="fullname">Fullname</label>
<input type="text" name="fullname" value=""
id="fullname" size="50" maxsize="50"><br>

<label for="email">Email</label>
<input type="text" name="email" value=""
id="email" size="30" maxlength="50"><br>

<label for="message">Message</label>
<textarea name="message" id="message" rows="5"
cols="30"></textarea>

<input id="submit" type="submit" name="submit"
value="Contact me">
</fieldset>
</form>

Bots will have a field day with a form, they love a nice form to submit, so yeah, back to square one with this one

 

[dysfunction]

On Some forms I have seen you are required to enter a random "code" as displayed on the screen. But the code is distorted slightly with funny lines and the text is a bit skew...

I don't have an example but you must have seen this before...

Not sure how effective that method is...

 

[dysfunction]

Oh just realised thats what you call a captcha...

ignore me please

 

[Dissonance]

What goes in the emailmessage.php file that is posted in this method above:

<form action="emailmessage.php" method"post">
<fieldset>
<legend>Contact information</legend>
<label for="fullname">Fullname</label>
<input type="text" name="fullname" value=""
id="fullname" size="50" maxsize="50"><br>

<label for="email">Email</label>
<input type="text" name="email" value=""
id="email" size="30" maxlength="50"><br>

<label for="message">Message</label>
<textarea name="message" id="message" rows="5"
cols="30"></textarea>

<input id="submit" type="submit" name="submit"
value="Contact me">
</fieldset>
</form>

Thanks in advance.

 

[Kryten]

Uber threadnomancy!

 

[MYstIC G]

If anyone actually has this kinda problem, use a GMail account as a go between. Get it to download all you "m00@domain.com" e-mails, let it filter out the junk & set it to forward everything to "nocrap@domain.com"

 

[nath]

That's a very good idea. Fortunately no one actually looks at my website so it's not really an issue, but I may implement that anyway

 

[xane]

Wouldn't a spammer worth his salt just spam admin@yourwebsite.com anyway ?

 

[Dissonance]

I did some research, and found this:

<?php
$to = "email@domain.com".
"$email";
$subject = $_REQUEST['subject'];
$email = $_REQUEST['email'];
$message = $_REQUEST['name'].
$_REQUEST['message'];
$headers = "From: $email";
$sent = mail($to, $subject, $message, $headers);

if($sent)
{print "Your mail was sent successfully, and a copy was sent to you at $email
for your records."; }
else
{print "I apologize, but there was an error in sending your mail"; }
?>

 

[GReaper]

Sorry to extend this thread necromancy, but I wouldn't recommend that PHP as it's insecure:

PHPit - Totally PHP PHP & Security: 3 Example Exploits

Any headers passed to mail() must be secure, or you'll be very prone to a spam problem. Header injection is quite evil.

 

[Dissonance]

GReaper, thanks for the link.