Email DOT com

| | Comments (3)

Having one's email address appear plaintext on a website is something most people try and avoid. Spammer's actively harvest email addresses from the public web and very few want their address on yet another spam list. In situations where it is unavoidable, people often use techniques like spelling out their address (Eg. user AT example DOT com) or adding in extra text (Eg. user_NOSPAM@example.com) or a variety of other approaches. Unfortunately these are easily detectable and extractable with some simple regular expressions and don't do much more than maybe prevent copy-and-paste of your address for legitimate users and maybe force spammers to add another regular expression to their script.

Some quick searches with Google shows how common these approaches are and also how easy it is to detect such patterns.

A slightly better approach, although not always feasible depending on the input restrictions, is to use JavaScript to write out the address. Something simple like:

<script>
document.write("us");
document.write("er@ex");
document.write("ample");
document.write(".com");
</script>

If a spammer were to process each scanned webpage with a JavaScript engine before extracting the addresses then the above wouldn't work, but the overhead (technically and CPU) is such that I don't see this happening anytime soon.

3 Comments

I've had my email address posted on my web site for 11 years now (http://web.archive.org/web/19970613204627/http://www-cs-students.stanford.edu/~amitp/), with no encoding or javascript or anything like that, and I don't see much spam (maybe 1 message per day). I wonder if receiving more spam is better for training the spam filter.

Encoded email addresses are annoying for me as a reader, so I don't use them on my own site.

I guess I'm not really one to talk then... my current Gmail account (which receives forwarded email from my warmbrain account) has over 45,000 spams from the last 30 days.

It would seem my methods are no so foolproof.

Dylan

i found you by your flickr gadget...

and i think the javascript option is the best. there are a few super-tricky ones on the web, i use the syronex one which randomises all the letters in your email address and includes the key in the javascript. someone should do a test with a fresh email address to see whether any spam engines actually have javascript engines...

Leave a comment

About this Entry

This page contains a single entry by Dylan published on March 25, 2008 1:25 PM.

Google Translation API was the previous entry in this blog.

Flickr Google Gadget is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.