Can this be protected? - several examples

Greg Rundlett greg at freephile.com
Mon Mar 29 21:07:01 EST 2004 

Tilly, Lawrence wrote:
> I am putting up some web sites, primarily for personal use.  Some parts 
> of the site require a user to login and so I have no problem with 
> posting semi-private info in there. However, on the "front page" I want 
> to provide my email address so that visitors that do not already know 
> the login info can drop me a line to request it (giving me the chance to 
> be sure I know who is getting it).
> 
> Now, I've heard of bots similar to what search engines use that crawl 
> the web and scour for email addresses on web sites.  It sounds very 
Bots and other programs do certainly scour the web for email addresses. 
  For that matter, I have a bookmarklet[1] that can harvest all the 
email addresses from a single page with one click--useful for harvesting 
lists from membership pages and website mailing list archives etc.

> I really doubt that I'm not the only one on the list with this concern 
Everybody should have this concern.  Never post your email address on a 
webpage.  Your bound to get extra spam because of it if you do.
> and I hope some of you have some creative ideas on avoiding this.
If you run a website, a good method is to use a form2mail script that 
can be configured to send mail to 'inside' addresses without ever 
revealing them.  There are good (and bad) scripts to do this in both 
Perl and PHP.  For a PHP example, see 
http://freephile.com/library/form2mail.php

If you really want to publish the address in readable and clickable 
form, then javascript alternatives do quite nicely because most bots and 
scrapers do not implement a javascript interpreter because it's
   a) too difficult, or
   b) it would end up being too complex, or
   c) there are just too many low-hanging fruit to care.

To use a javascript method is simple.  You just use the 
'document.write()' method to output pieces of the email to the browser 
document, and the source code (aka 'View Source') never has a complete 
email address in it.  The JavaScript-enabled browser parses and renders 
the fully clickable address.
Drawbacks:
1) Your users need to have JavaScript enabled.  99%? of people do, so 
this is usually not a concern.
2) This does nothing to prevent real people from finding out your email 
address-- they can read it on the page!

Here is an example[2] of implementing such a script yourself.  Note this 
script adds names and phone numbers too, so that you can maintain 
sitewide contact information in one javascript file.

If you use PHP and Smarty templates, Smarty has a built-in email 
obfuscator filter that will do a fine job.  Just look at the email 
addresses at BUZGate.org.  Eg. 
http://buzgate.org/ma/bfh_program.html?pgm=MSIC  The output to the bot 
looks like this (long line broken for legibility):
<script type="text/javascript" language="javascript">
eval(
unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68
%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%4c%69%73%61%40%6d%73%69%63%6f%75
%6e%63%69%6c%2e%6f%72%67%3f%73%75%62%6a%65%63%74%3d%49%25%32%30%77
%61%73%25%32%30%72%65%66%65%72%72%65%64%25%32%30%74%6f%25%32%30%79
%6f%75%25%32%30%62%79%25%32%30%42%55%5a%47%61%74%65%2e%6f%72%67%22
%20%3e%73%65%6e%64%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b')
)
</script>



########################
# JavaScript Example 1 #
########################

/************************************************************
v. 1.0 contact constructor
written 04/29/01 by Greg Rundlett
copyleft freephile.com  greg at freephile.com

This object constructor creates information about people, or in other 
words, a contact list
Edit the bottom of the page to add more contacts,
and then in the page, use the following implementation within script tags:
  var contact=Gail.HTML();
  document.write(contact);
************************************************************/

function contact (FirstName,LastName,ContactDetails) {
   this.FirstName    =  FirstName;
   this.LastName     =  LastName;
   this.FullName     =  this.FirstName + "&nbsp;" + this.LastName;
   this.coordinates  =  getArgs(ContactDetails);
   this.emailLink    =  '<a href="mailto:' + this.coordinates.email + 
'">' + this.coordinates.email + '</a>';
   this.HTML         =  displayContact;
}

/*
This method parses the ampersand-separated name=value pairs from
the coordinates property of the contact. It stores the name=value pairs as
properties of an object and returns that object (array).
*/
function getArgs(someString) {
   var args = new Object();
   var info = someString.substring(0);      // Get the information to 
sort, and make sure it's a string value.
   var pairs = info.split("&");             // Break at the ampersand.
   for(var i = 0; i < pairs.length; i++) {
	  var pos = pairs[i].indexOf('=');       // Look for "name=value".
   	if (pos == -1) continue;               // If not found, skip.
   	var argname = pairs[i].substring(0,pos);  // Extract the name.
   	var value = pairs[i].substring(pos+1); // Extract the value.
   	args[argname] = unescape(value);       // Store as a property.
   }
   return args;                             // Return the object.
}

// this function builds the HTML to send to the page
function displayContact () {
   var output = '<div>' + this.FullName + '<br>';
   if (this.coordinates.email) output += this.emailLink + '<br>';
   if (this.coordinates.phone) output += 'phone: ' + this.coordinates.phone;
   output += '</div>';
   return output;
}


/************************************************************
          EDIT ABOVE if YOU KNOW WHAT YOU'RE DOING

            EDIT BELOW TO MANAGE CONTACT INFO
*************************************************************/

// this is the line to edit for the Club Postal Address
var clubAddressHTML = 'P.O. Box 316,<br>Newburyport, MA 01950';

// these are the lines to edit for club members, and their contact 
information
// var  = new contact("", "","email=");

var Goofy = new contact("Goofy", 
"Disney","email=goofy at disney.com&phone=(888) 555-1212");

var Greg = new contact("Greg",  "Rundlett", 
"email=invalid at freephile.com&phone=(978) 463-2231");

/*
sample blank contact
var  = new contact("",  "",  "email=&phone=");
*/


/************************************************************
                    debugging tests
************************************************************/

// if (Greg.coordinates.email) alert(Greg.coordinates.email);
// document.write(Greg.FullName);
// document.write("<br>" + Greg.coordinates.email);
// document.write("<br>" + Greg.emailLink);
// var contact=Greg.HTML();
// document.write(contact);

/*
for (name in Greg) {
   document.write (name);
   document.write ("=");
   document.write (Greg[name] + "<br>");
}
*/

/*
for (name2 in Greg.coordinates) {
   document.write (name2);
   document.write ("=");
   document.write (Greg.coordinates[name2] + "<br>");
}
*/


########################
# JavaScript Example 2 #
########################

<script language="JavaScript" type="text/javascript">
<!--
/* written 03-09-01 by Greg Rundlett freephile.com
  copyleft GPL, sanitized 03/29/2004
  if you find this script useful, send me a note, or please reference 
the author
*/

var mailLinks = new Object();
   mailLinks["greg"] = new Array("Greg Rundlett", "greg");
   mailLinks["goofy"] = new Array("Goofy", "invalidExample");

var smtpHost = "freephile.com";

/************************************************************
  SpamProof Mail Script
*************************************************************
-  designed to avoid "mailto:" links in the source so that robots can't 
harvest your email and spam you
-  linktext is the clickable text you want displayed in the browser.
-  pre & post are the text on either side of the "@" sign in your email 
address.
-  they are built from the configuration variables above
************************************************************/

function emailer(name)
{
   var linktext = mailLinks[name][0];
   var pre = mailLinks[name][1];
   var post = smtpHost;
   document.write("<a href=" + "mailto:" + pre + "@" + post + 
"?subject=this%20message%20is%20from%20the%20website>" + linktext + "</a>")
}

/*
// you can test this code with the following script in the body:

for (z in mailLinks) {
//document.write(z);
//document.write(mailLinks[z]);
    emailer(z);
    document.write("<br>");
  }
*/

//-->
</script>

<!-- HERE IS A SAMPLE HTML SNIPPET USING JAVASCRIPT EXAMPLE #2 -->

<p style="font-size: 11pt;" color="#99CCFF">
<b>
<script language="JavaScript" type="text/javascript">
<!--
    emailer("greg")
//-->
</script>
<noscript>Greg Rundlett</noscript>
<br>
President and CEO</b></p>
<br>
As founder and president of FooBar Inc., Mr. Rundlett brings years of 
experience developing senior-level relationships through the OEM, ISP 
and ISV marketplaces. He has held high-level sales and business 
development roles at companies such as FooBar, Bar Group, and Foobank. 
Mr. Rundlett has pioneered software sales throughout his career, leading 
the first Widget-based operating system and the first barfoolian 
software bundle ever shipped through the English Channel.

More information about the gnhlug-discuss mailing list