Can this be protected? - several examples
Greg Rundlett
greg at freephile.com
Mon Mar 29 21:07:01 EST 2004
Tilly, Lawrence wrote:
> I am putting up some web sites, primarily for personal use. Some parts
> of the site require a user to login and so I have no problem with
> posting semi-private info in there. However, on the "front page" I want
> to provide my email address so that visitors that do not already know
> the login info can drop me a line to request it (giving me the chance to
> be sure I know who is getting it).
>
> Now, I've heard of bots similar to what search engines use that crawl
> the web and scour for email addresses on web sites. It sounds very
Bots and other programs do certainly scour the web for email addresses.
For that matter, I have a bookmarklet[1] that can harvest all the
email addresses from a single page with one click--useful for harvesting
lists from membership pages and website mailing list archives etc.
> I really doubt that I'm not the only one on the list with this concern
Everybody should have this concern. Never post your email address on a
webpage. Your bound to get extra spam because of it if you do.
> and I hope some of you have some creative ideas on avoiding this.
If you run a website, a good method is to use a form2mail script that
can be configured to send mail to 'inside' addresses without ever
revealing them. There are good (and bad) scripts to do this in both
Perl and PHP. For a PHP example, see
http://freephile.com/library/form2mail.php
If you really want to publish the address in readable and clickable
form, then javascript alternatives do quite nicely because most bots and
scrapers do not implement a javascript interpreter because it's
a) too difficult, or
b) it would end up being too complex, or
c) there are just too many low-hanging fruit to care.
To use a javascript method is simple. You just use the
'document.write()' method to output pieces of the email to the browser
document, and the source code (aka 'View Source') never has a complete
email address in it. The JavaScript-enabled browser parses and renders
the fully clickable address.
Drawbacks:
1) Your users need to have JavaScript enabled. 99%? of people do, so
this is usually not a concern.
2) This does nothing to prevent real people from finding out your email
address-- they can read it on the page!
Here is an example[2] of implementing such a script yourself. Note this
script adds names and phone numbers too, so that you can maintain
sitewide contact information in one javascript file.
If you use PHP and Smarty templates, Smarty has a built-in email
obfuscator filter that will do a fine job. Just look at the email
addresses at BUZGate.org. Eg.
http://buzgate.org/ma/bfh_program.html?pgm=MSIC The output to the bot
looks like this (long line broken for legibility):
<script type="text/javascript" language="javascript">
eval(
unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68
%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%4c%69%73%61%40%6d%73%69%63%6f%75
%6e%63%69%6c%2e%6f%72%67%3f%73%75%62%6a%65%63%74%3d%49%25%32%30%77
%61%73%25%32%30%72%65%66%65%72%72%65%64%25%32%30%74%6f%25%32%30%79
%6f%75%25%32%30%62%79%25%32%30%42%55%5a%47%61%74%65%2e%6f%72%67%22
%20%3e%73%65%6e%64%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b')
)
</script>
########################
# JavaScript Example 1 #
########################
/************************************************************
v. 1.0 contact constructor
written 04/29/01 by Greg Rundlett
copyleft freephile.com greg at freephile.com
This object constructor creates information about people, or in other
words, a contact list
Edit the bottom of the page to add more contacts,
and then in the page, use the following implementation within script tags:
var contact=Gail.HTML();
document.write(contact);
************************************************************/
function contact (FirstName,LastName,ContactDetails) {
this.FirstName = FirstName;
this.LastName = LastName;
this.FullName = this.FirstName + " " + this.LastName;
this.coordinates = getArgs(ContactDetails);
this.emailLink = '<a href="mailto:' + this.coordinates.email +
'">' + this.coordinates.email + '</a>';
this.HTML = displayContact;
}
/*
This method parses the ampersand-separated name=value pairs from
the coordinates property of the contact. It stores the name=value pairs as
properties of an object and returns that object (array).
*/
function getArgs(someString) {
var args = new Object();
var info = someString.substring(0); // Get the information to
sort, and make sure it's a string value.
var pairs = info.split("&"); // Break at the ampersand.
for(var i = 0; i < pairs.length; i++) {
var pos = pairs[i].indexOf('='); // Look for "name=value".
if (pos == -1) continue; // If not found, skip.
var argname = pairs[i].substring(0,pos); // Extract the name.
var value = pairs[i].substring(pos+1); // Extract the value.
args[argname] = unescape(value); // Store as a property.
}
return args; // Return the object.
}
// this function builds the HTML to send to the page
function displayContact () {
var output = '<div>' + this.FullName + '<br>';
if (this.coordinates.email) output += this.emailLink + '<br>';
if (this.coordinates.phone) output += 'phone: ' + this.coordinates.phone;
output += '</div>';
return output;
}
/************************************************************
EDIT ABOVE if YOU KNOW WHAT YOU'RE DOING
EDIT BELOW TO MANAGE CONTACT INFO
*************************************************************/
// this is the line to edit for the Club Postal Address
var clubAddressHTML = 'P.O. Box 316,<br>Newburyport, MA 01950';
// these are the lines to edit for club members, and their contact
information
// var = new contact("", "","email=");
var Goofy = new contact("Goofy",
"Disney","email=goofy at disney.com&phone=(888) 555-1212");
var Greg = new contact("Greg", "Rundlett",
"email=invalid at freephile.com&phone=(978) 463-2231");
/*
sample blank contact
var = new contact("", "", "email=&phone=");
*/
/************************************************************
debugging tests
************************************************************/
// if (Greg.coordinates.email) alert(Greg.coordinates.email);
// document.write(Greg.FullName);
// document.write("<br>" + Greg.coordinates.email);
// document.write("<br>" + Greg.emailLink);
// var contact=Greg.HTML();
// document.write(contact);
/*
for (name in Greg) {
document.write (name);
document.write ("=");
document.write (Greg[name] + "<br>");
}
*/
/*
for (name2 in Greg.coordinates) {
document.write (name2);
document.write ("=");
document.write (Greg.coordinates[name2] + "<br>");
}
*/
########################
# JavaScript Example 2 #
########################
<script language="JavaScript" type="text/javascript">
<!--
/* written 03-09-01 by Greg Rundlett freephile.com
copyleft GPL, sanitized 03/29/2004
if you find this script useful, send me a note, or please reference
the author
*/
var mailLinks = new Object();
mailLinks["greg"] = new Array("Greg Rundlett", "greg");
mailLinks["goofy"] = new Array("Goofy", "invalidExample");
var smtpHost = "freephile.com";
/************************************************************
SpamProof Mail Script
*************************************************************
- designed to avoid "mailto:" links in the source so that robots can't
harvest your email and spam you
- linktext is the clickable text you want displayed in the browser.
- pre & post are the text on either side of the "@" sign in your email
address.
- they are built from the configuration variables above
************************************************************/
function emailer(name)
{
var linktext = mailLinks[name][0];
var pre = mailLinks[name][1];
var post = smtpHost;
document.write("<a href=" + "mailto:" + pre + "@" + post +
"?subject=this%20message%20is%20from%20the%20website>" + linktext + "</a>")
}
/*
// you can test this code with the following script in the body:
for (z in mailLinks) {
//document.write(z);
//document.write(mailLinks[z]);
emailer(z);
document.write("<br>");
}
*/
//-->
</script>
<!-- HERE IS A SAMPLE HTML SNIPPET USING JAVASCRIPT EXAMPLE #2 -->
<p style="font-size: 11pt;" color="#99CCFF">
<b>
<script language="JavaScript" type="text/javascript">
<!--
emailer("greg")
//-->
</script>
<noscript>Greg Rundlett</noscript>
<br>
President and CEO</b></p>
<br>
As founder and president of FooBar Inc., Mr. Rundlett brings years of
experience developing senior-level relationships through the OEM, ISP
and ISV marketplaces. He has held high-level sales and business
development roles at companies such as FooBar, Bar Group, and Foobank.
Mr. Rundlett has pioneered software sales throughout his career, leading
the first Widget-based operating system and the first barfoolian
software bundle ever shipped through the English Channel.
More information about the gnhlug-discuss
mailing list