Well, I hope you realize there is no end-all solution to spam. Spammers are always going to be there, and no matter what defense mechanisms we devise against them, they are going to figure out a way to bypass them. In a sense, the spam and anti-spam phenomenons are part of an evolutionary process. Each side will find new ways to attack and defend its values. You devise blacklists, they’ll find ways to get more e-mail addresses to send their e-mail from. You devise semantic spam filters, they’ll throw paragraphs from a book in their e-mail message to throw the engine off course. And the beat goes on.
An important part of the game, therefore, is to protect your e-mail address from them. If they don’t have your e-mail address, then they can’t spam you. Knowing that spammers have their little scraper bots at work day and night, you’ll probably have to publish your e-mail information as foo at bar dot com instead of foo@bar.com, or resort to similar tricks, whenever you must make it public. This causes tension between the need to publish your e-mail address and the need to stay protected. Here’s a little trick I noticed on a website I visited a while back, to help alleviate the problem. It will work as long as their automatic e-mail scrapers don’t learn to process JavaScript.
The gist of it is that the server produces a web page containing an encoded version of the e-mail address, such as foo at bar dot com, but it also produces JavaScript code knowledgeable enough to locate the e-mail address and make it readable again. As long as scrapers monitor your website without executing JavaScript, they will see the encoded e-mail address.
For the less insightful reader, here’s an example. You place the following in your HTML page.
<script type="text/javascript" src="email-support.js"></script>
...
<span id="e-mail-address">foo at bar dot com</span>
And your email-support.js script may look like this:
function updateEmailAddress() {
var span = document.getElementById('e-mail-address');
if (span) {
var textNode = document.childNodes.first;
textNode.nodeValue = ... // Decode.
}
}The only part missing is the code that invokes the function, which is easy, by using window.onload or frameworks that build on it. Of course, some of the scrapers out there may be smart enough to decode foo at bar dot com into a perfectly valid e-mail address, but you can fool even them, by encoding the e-mail address using some encryption algorithms like DES, IDEA, or, hey, feel free to create your own! Hell, you can use public key cryptography for all I care. Also, you can consider the option of an empty span, one without a meaningful e-mail address.
<span id="e-mail-address">(inject e-mail address here)</span>function updateEmailAddress() {
var span = document.getElementById('e-mail-address');
if (span) {
var textNode = document.childNodes.first;
textNode.nodeValue = 'foo@' + 'bar' + '.com';
}
}You have to be careful not to hardcode the complete e-mail address in your script, otherwise you defeat the purpose of the operation. E-mail scrapers will probably look for e-mail addresses in JavaScript files as well, so simply writing textNode.nodeValue = 'foo@bar.com' is a bad idea.
What does this achieve again? It presents users that have JavaScript enabled browsers with different content from users without JavaScript enabled browsers. It is believed that most spammers who look for e-mail addresses on the web do so with custom built browsers that do not have JavaScript support. It follows that this concoction will throw off more than 90% of the automated scrapers out there. It is not a foolproof solution to the problem of publishing your e-mail address, but there is no such thing as a full-proof solution when you intend to make your e-mail address public on the web. You never know when a spammer will visit, using an old-fashioned JavaScript enabled browser. But, considering the alternative, this trick comes in pretty handy if you must use the @.
Post a Comment
You must be logged in to post a comment.