Slashdot Mirror

← Back to Stories (view on slashdot.org)

How are You Preventing Mailto-Link Harvesting?

Posted by Cliff on from the making-it-harder-for-the-spammers dept.

mixwhit asks: "In our ever increasing effort against spam, we are now considering replacing all mailto: links on our website with something unharvestable (i.e. 'user (at) address', javascript mailto links, character entity evasion, etc.). Obviously this won't stop the spam, but it seems prudent to stop the harvesting so that the spam may slow down someday (year 2024 maybe?). What are others doing with this issue? We would prefer to preserve mailto link clickability, but also only want to make this adjustment once." One suggestion I would make is to put your email address in an image. People can read it, but harvesters won't be able to harvest it (unless they download the image for OCR), but any barrier you can place in front of the spammer, without blocking people honestly interested in communicating with you, is probably a good thing.

10 of 229 comments (clear)

  1. Mail form by NaDrew · · Score: 4, Insightful

    Just use a mail form instead of mailto: links. Once you reply to feedback mail, the sender has your address and you can correspond normally. Meanwhile, evil spambots can't harvest an address that isn't shown anywhere.

    --
    Vista:XPSP2::ME:98SE
  2. I use an image by Kris_J · · Score: 2, Insightful
    My personal site uses a simple image of my email address with no link. So far no spam, but the odd real email. Even if it does start getting spam, it's a Spamcop address. At work, we have a generic text-only active link as you would expect for reception. For individual emails you need to be logged onto our student/staff portal.

    Meanwhile, I'm keeping an eye out for the next technology to replace email. IM was promising about five years ago, but went to hell faster than email.

  3. Missing the point by jtheory · · Score: 4, Insightful

    You have to consider the trade-off of the inconvenience of your readers/customers with the amount of spam you get.

    I have a few websites with my email address all over them, in mailto links. I "mask" the email very lightly, by escaping most of the characters, and it has worked beautifully.

    Here is a webpage that will quickly convert your mailto link into a form that bots will miss.

    Could a bot be written that would be able to harvest these email messages? YES. But would it be worth the spammer's time to code it? NO, so it probably won't happen.

    Put yourself in the spammer's shoes (or slime-covered bedroom slippers). Why would you want to go to a lot of work to build a bot that will harvest the email addresses of the very people you don't want to get your spam, because they will report you to spamcop, harass your ISP, and even hack your computer and post some very unattractive pictures of you on the internet?

    No, they want the chumps, and they want to find them without needing to check every webpage for dozens of patterns.

    --
    There are only 10 types of people: those who understand decimal, those who don't, and, uh, 8 other types I forget.
  4. "block images from this server" by KnightStalker · · Score: 3, Insightful

    I suspect you're using an ad-blocking browser or proxy, which has blocked the image itself but has left a large (clickable) white space that would be the image if you hadn't blocked it. That's the behavior Firebird shows for me, blocking ads.osdn.com. If you're using Mozilla or Firebird, and you right-click on the "background" I think you'll find "block images from this server" or "block images from ads.osdn.com" checked.

    --
    * And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
  5. blind people by kipple · · Score: 2, Insightful

    already have a lot of trouble with that picture-of-the-email-address thing. it is a neat solution but it lacks portability, to state it another way.

    --
    -- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
  6. maybe, just maybe by DrSkwid · · Score: 2, Insightful

    they spam :
    info@yourdomain
    sales@yourdomain
    help@yourdom ain
    webmaster@yourdomain
    postmaster@yourdomain

    etc.etc.

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  7. Re:Beware of disability advocates by glivings · · Score: 4, Insightful

    The problem with having e-mail addresses encoded in images goes beyond excluding the blind. People with text-only browsers (a la lynx), screen readers, PDAs, cell phones, etc. are all excluded.

    It's important to remember that web pages are not always rendered visually.

  8. Unicode actually works! by aquarian · · Score: 2, Insightful

    Believe it or not, this actually works. These days most harvester programs still don't read Unicode. Once I started doing this, I saw a great reduction in spam. It won't work forever, of course -- eventually the spambots will read Unicode, and the game will be over for this technique. But in the meantime, it's easy enough to do a search and replace of every "@" symbol.

    If you want to convert your whole address, E-cloaker is a neat little free program for converting text to Unicode.

  9. Not for Netscape 4 by extra88 · · Score: 2, Insightful

    I haven't checked the stats recently but Netscape 4.x and earlier does not supports Unicode. Pretty much all browsers can handle the HTML entities given in other examples. You may not care.

  10. Re:Mail form - bad idea by John+Q.+Public · · Score: 2, Insightful

    My problem with mail forms is that I don't have a record of any messages sent or any information if things go wrong with the delivery. Black hole for information == bad.

    That being said, if you have a copy sent to the sender as well it's not as evil.

    --
    UserAdvocate: The voice of the user