Making email addresses safe from bots on a webpage?

Question

When placing email addresses on a webpage do you place them as text like this:

joe.somebody@company.com

or use a clever trick to try and fo

Answer 1

This is what we use (VB.NET):

Dim rxEmailLink As New Regex("<a\b[^>]*mailto:\b[^>]*>(.*?)</a>")
Dim m As Match = rxEmailLink.Match(Html)
While m.Success
    Dim strEntireLinkOrig As String = m.Value
    Dim strEntireLink As String = strEntireLinkOrig
    strEntireLink = strEntireLink.Replace("'", """") ' replace any single quotes with double quotes to make sure the javascript is well formed
    Dim rxLink As New Regex("(<a\b[^>]*mailto:)([\w.\-_^@]*@[\w.\-_^@]*)(\b[^>]*?)>(.*?)</a>")
    Dim rxLinkMatch As Match = rxLink.Match(strEntireLink)
    Dim strReplace As String = String.Format("<script language=""JavaScript"">document.write('{0}{1}{2}>{3}</a>');</script>", _
                RandomlyChopStringJS(rxLinkMatch.Groups(1).ToString), _
                ConvertToAsciiHex(rxLinkMatch.Groups(2).ToString), _
                rxLinkMatch.Groups(3), _
                ConvertToHtmlEntites(rxLinkMatch.Groups(4).ToString))
    Result = Result.Replace(strEntireLinkOrig, strReplace)
    m = m.NextMatch()
End While

and

    Public Function RandomlyChopStringJS(ByVal s As String) As String
        Dim intChop As Integer = Int(6 * Rnd()) + 1
        Dim intCount As Integer = 0
        RandomlyChopStringJS = ""
        If Not s Is Nothing AndAlso Len(s) > 0 Then
            For Each c As Char In s.ToCharArray()
                If intCount = intChop Then
                    RandomlyChopStringJS &= "'+'"
                    intChop = Int(6 * Rnd()) + 1
                    intCount = 0
                End If
                RandomlyChopStringJS &= c
                intCount += 1
            Next
        End If
    End Function

We override Render and run the outgoing HTML through this before it goes out the door. This renders email addresses that render normally to a browser, but look like this in the source:

<script language="JavaScript">document.write('<a '+'clas'+'s='+'"Mail'+'Link'+'" hr'+'ef'+'="ma'+'ilto:%69%6E%66%6F%40%62%69%63%75%73%61%2E%6F%72%67">&#105;&#110;&#102;&#111;&#64;&#98;&#105;&#99;&#117;&#115;&#97;&#46;&#111;&#114;&#103;</a>');</script>

Obviously not foolproof, but hopefully cuts down on a certain amount of harvesting without making things hard for the visitor.

Answer 2

You can protect your email address with reCAPTCHA, they offer a free service so people have to enter a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to see your email: https://www.google.com/recaptcha/admin#mailhide

Answer 3

Gmail which is free has an awesome spam filter.

If you don't want to use Gmail directly you could send the email to gmail and use gmail forwarding to send it back to you after it has gone through their spam filter.

In a more complex situation, when you need to show a @business.com address you could show the public@business.com and have all this mail forwarded to a gmail account who then forwards it back to the real@business.com

I guess it's not a direct solution to your question but it might help. Gmail being free and having such a good SPAM filter makes using it a very wise choice IMHO.

I receive about 100 spam per day in my gmail account but I can't remember the last time one of them got to my inbox.

To sum up, use a good spam filter whether Gmail or another. Having the user retype or modify the email address that is shown is like using DRM to protect against piracy. Putting the burden on the "good" guy shouldn't be the way to go about doing anything. :)

Answer 4

A script that saves email addresses to png files would be a secure solution ( if you have enough space and you are allowed to embed images in your page )

Answer 5

Option 1 : Split email address into multiple parts and create an array in JavaScript out of these parts. Next join these parts in the correct order and use the .innerHTML property to add the email address to the web page.

 <span id="email">  </span>   // blank tag

 <script>
 var parts = ["info", "XXXXabc", "com", "&#46;", "&#64;"];
 var email = parts[0] + parts[4] + parts[1] + parts[3] + parts[2];
 document.getElementById("email").innerHTML=email; 
 </script>

Option 2 : Use image instead of email text

Image creator website from text : http://www.chxo.com/labelgen/

Option 3 : We can use AT instead of "@" and DOT instead of " . "

i.e :

 info(AT)XXXabc(DOT)com 

Answer 6

Use a contact form instead. Put all of your email addresses into a database and create an HTML form (subject, body, from ...) that submits the contents of the email that the user fills out in the form (along with an id or name that is used to lookup that person's email address in your database) to a server side script that then sends an email to the specified person. At no time is the email address exposed. You will probably want to implement some form of CAPTCHA to deter spambots as well.