Slashdot Mirror

← Back to Stories (view on slashdot.org)

How are You Preventing Mailto-Link Harvesting?

Posted by Cliff on from the making-it-harder-for-the-spammers dept.

mixwhit asks: "In our ever increasing effort against spam, we are now considering replacing all mailto: links on our website with something unharvestable (i.e. 'user (at) address', javascript mailto links, character entity evasion, etc.). Obviously this won't stop the spam, but it seems prudent to stop the harvesting so that the spam may slow down someday (year 2024 maybe?). What are others doing with this issue? We would prefer to preserve mailto link clickability, but also only want to make this adjustment once." One suggestion I would make is to put your email address in an image. People can read it, but harvesters won't be able to harvest it (unless they download the image for OCR), but any barrier you can place in front of the spammer, without blocking people honestly interested in communicating with you, is probably a good thing.

5 of 229 comments (clear)

  1. Beware of disability advocates by bluelip · · Score: 4, Interesting

    People fighting for those who have difficulty seeing have been complaining about the sites that have a person type a number displayed in an image to verify that they're not a bot. They say it causes undue hardship on sight impaired folks. That may not be a legal fight your company would like to enter.

    I can see both sides of this. Can't say I know where to stand though.

    --

    Yep, I never spell check.
    More incorrect spellings can be found he
  2. Re:Don't bother, it's too late by Rick+the+Red · · Score: 5, Interesting

    No kidding. Comcast gives us seven email addresses, so I set one up for each of us. My three month old gets spam, and nobody has EVER used that account (except me sending a test email when I first set it up). These scum just take a brute-force approach to generating email addresses, and don't care how many are undeliverable. They come with opt-out buttons, but all those do is confirm they found a valid address, and they never send from the same address twice, so adding them to a filter list doesn't work either. Bayesian filters on the content is the only way to go.

    --
    If all this should have a reason, we would be the last to know.
  3. Re:it works like this by FrenZon · · Score: 3, Interesting

    Alternatively, to keep it transparently usable by end-users, you can just do like this:

    <a href="false@false.com" onmouseover="var a = 'in.com'; this.href = 'real@doma'+a;">email me</a>.

  4. Re:Uhh... by Webmonger · · Score: 3, Interesting

    You can't embed an image in the href text, so I don't see how this suggestion gains us anything at all.

    Actually, you can.
    data URL examples

    Sick, eh?

  5. Re:simple js by xingdiego · · Score: 3, Interesting

    I recommend the above method plus:

    1) Randomize the variable names for u, d, t, and a
    2) Randomize the position of var XX = XX statements.

    This will reduce simple regex replacements if you site is big enough with enough emails that someone would want to create a simple reg mod to harvest it.