Spam Prevention Tip

[colr]

I have come across an excellent method of disabling email adress harvesting programs from obtaining addresses posted on a website.

Converting email addresses to the UTF equivelant prevents spam-bots from reading email addresses on a web page, alowing safe use of the <a href="mailto:youraddress@yourdomain.com"> tag.

For example, using the email address above, the UTF encoded equivelant is:

*I did post the tag here, but the browser displays it the same as above!!!

Tests have been run that prove that spam-bots do not have the functionality to decode UTF, and it is highly doubtful that they will start doing so as the extra processing power requied to do so would slow down the bots extremely. Since the majority of websites on the net do not protect themselves with this method, the bot manufacturers will continue to ignore UTF encoded emails in favour of quickly searching for occurences of the '@' symbol.

Try it yourself - a converter script is available at http://www.pinnacledisplays.com/unicode-converter.htm.
Simply replace the email address with the UTF equiveant, thats all you have to do - browsers will automatically convert this to a viewable format.

Up until now, I have refrained from posting email address on my sites as it was simply inviting these bots, and consequently hundreds of spam emails a day. Nowe we have a method of providing this functionality, while protecting ourselves at the same time.

Now to simply update all the sites . . . groan!

C.

[paulhiles]

You mean something like this?
try viewing source on the following page:
http://www.claddagh.co.uk/contact.html

I'm not sure it's a 100% effective, but as you say, it should cut down on many of the automatic email harvesters.

[colr]

Thats the ticket!

The article I read (can't remember where) stated that you only need to create a UTF '@', but I prefer to do the whole email address too.

The report also described a test whereby they created 20 pages on 20 different domains. On 10 they posted the standard non-UTF emails, and on the other 10 used the UTF versions.

They then submitted all pages to the Search Engines, and sat back and waited. Before long the standard email posts started pouring in lots of spam emails, where as the UTF encoded versions recieved NONE! This was after several months of testing, and led the testers to conclude that it had in fact prevented the harvesting of the email addresses - pretty conclusive evidence.

I had considered tha fact that as this technique gained popularity the spam-bots would start looking for it, but at the present rate with so many un-protected email address posted, why should they bother until the majority of web designers use it?

C.

[Corey Bryant]

We also use this in an external JS file:

Code:

function sendmail (address) {
address = address.split("__"); 
address = address.join("@");
window.open ('mailto:'+address,'_blank');
}

and then in the HTML code:

Code:

 Sales

(just make sure that if you change __ in the external JS file you change it in the sendmail function as well. It seems to work out pretty good as well.

[cooper]

I do something similar to all of the above where I mix it up just to really confuse any automated email harvesters:

Code:

<script language="javascript" type="text/javascript" src="/js/mail.js"></script>
...
info@pureinfluence.com

Then in the external JavaScript file, I have this code:

Code:

function sendEmail()
{
	location.href = 'mailto:info@pureinfluence.com';
}

It seems to be pretty effective for my uses. I'm sure I could get more complicated with it but for now this works well.

Go ahead and use it (with your own email address please) in your web site.

BTW - I found a simple ASCII code web page that can help you to encode those characters: http://www.bbsinc.com/symbol.html
The best one to replace is the @ symbol: & #64; (just remove the space after the ampersand)

Good luck!

[DrTandem1]

That is a very useful tip! Thanks. I'll convert one of my sites and see, if I notice a difference.

[hal]

Hi guys,

Great ideas. You may consider them appropriately stolen. <grin> But, um, Cooper, I am in my normal state of confusion, here. I assume you did it just for clarification, but let's go over this once. You say..

Code:

info@pureinfluence.com

But wouldn't that put the address right on the page itself, ready for harvesting? Why not

Code:

Write to us.

Thanks,

Hal

[ozchris]

SiteUp.com will encode it for you in onestep for free here: http://www.siteup.com/free_stuff.html

I modify it slightly so that it doesn't even display on page, altho it does show on the taskbar, so you know what's going on. As per here: http://sydney-web-design.com/links.htm

[DrTandem1]

Hal,

What is interesting is that using the ASCII or UTF, the browser displays it in plain text. However, looking at the source code, it is in the ASCII version for both the mailto link as well as the anchor text.

I am assuming that the scripts used by sp^mmers are looking at the raw source code for the typical plain text of name@domain.com and not a string of ASCII characters.

Anyway, I'm going to try it and see, if it reduces the amount of sp^m over time.

[cooper]

Quote:

Originally Posted by Hal

... I assume you did it just for clarification, but let's go over this once. You say..

Code:

info@pureinfluence.com

But wouldn't that put the address right on the page itself, ready for harvesting? Why not

Code:

Write to us.

Thanks,

Hal

Sure, that would work too. What happened is a result of this forum and your browser interpreting the encoded @ symbol and printing it as such instead of the encoded version I pasted in. I must have missed it when reviewing my post, sorry about that. Tell you what, to see it in action go to this page and view source: http://www.pureinfluence.com/contact.php
The code is toward the bottom. I put the actual email address in case people want to use (copy and paste) the email address in something other than the default email client on the computer they are using. In cases where the computer they are using isn't their's or they have a web-based email account like Yahoo, Hotmail or Gmail, etc.

I hope that clears up any confusion. :o)

[hal]

Hi,

Of course! The browser. I forgot that simplest of all commands, "Round up the usual suspects!" <grin>

I've said it before and I'll say it again... I am not responsible for anything I may say pre-morning-coffee!

Thanks.

Hal

[Webworks7]

I have been encoding just the @ symbol in the mail links to ampersand-pound-zero-six-four-semicolon on all new e-mail addresses for the past year or so.

This technique, along with never creating accounts like "info," "sales," "help," or other common names, has been very successful in keeping the spam levels down for my clients.

[hal]

Hey guys,

I was just thinking... why not add this as a cute little twist? Give some satisfaction to the spammer/harvester! Make it something which will satisfy you, as well. Right after the <body> tag, post your favorite enemy's email address, and comment it out.

Code:

<!--
  favorite@enemy.com
-->

Maybe even throw some do-nothing JavaScript around it, in case the program is told to ignore a simple comment.

The harvester sees that, is satiated, and goes away. Two stones with one bird. Simple. Machiavellian, but simple. <grin>

Hal

[colr]

DrTandem1- I dont think the tip will work to reduce spam over time, but will certainly prevent it from getting any worse. Ideally, this tip should be used by those starting out with a new domain - it should be theoretically possible to stop spam from starting altogether to a new domain by simply encoding the email addesses, and not using info@, sales@ etc...

Hal - when you say 'enemies', I assume you dont mean competitors? After all, that would just be an underhand tactic, no?

C.

[akbigdog]

I've been using this technique for about a month now, though I have not followed up with the client to see how it has worked. I first learned how to hide e-mail addresses using this method at Mysterious Ways.
The tool offered on their Web site allows you to simply enter an address and, optionally, text for the link itself. You may then choose whether to encode the link using UTF and ASCII or a combination of those with JS. The script then encodes both the e-mail address and the link text, if entered, or uses again the e-mail address for the text if nothing else has been specified.
On a slightly different note: anyone know where to find a PHP script that does this? I'd rather not have to write it myself, but I would love to have it.

[CraigAllen]

Ach, I can't delete my post! Okay then I'll just have to change it to say that I am trying the Unicode Converter on my sites and will anxiously look forward to a tapering off of new spam!

[hal]

Hi Colr,

Quote:

Hal - when you say 'enemies', I assume you dont mean competitors? After all, that would just be an underhand tactic, no?

Ha! Good heavens, no! <grin> It was just an off-the-wall thought.

Besides, if we start doing that to each other, then pretty soon even the spammers would have to implement some sort of PageRank!!! <lol>

Hal

[deltatrend]

I am skeptical about this. News articles and my experience tell me that harvesting is no longer the means of directing sp^m messages. I am seeing messages delivered to addresses that are not at all exposed on the web.

It seems to me that viruses are being used to enter into computers and send sp^m to addresses in that inbox or address book.

For the record, I never put email addresses on websites, only use forms. I am sure that if enough sites change to UTF, the harvesters will do the conversion. Then, I would have to find another trick, but it will already be too late!

[deltatrend]

There is an article today on TechWeb that confirms that sp^m is being sent by "zombies", but mainly outside the US, and so it accounts for little of the volume of messages.

Quote:

That explains the low percentage of spam messages originating from overseas' IP addresses. The lack of cheap bandwidth outside the U.S. is stymieing spammers' attempts to scale up the volume of their mailings to U.S. sizes.

In fact, the majority of spam that does come from countries other than the U.S. originates with zombies, hijacked computers typically with high-speed, high-volume access to the Web, giving spammers a free ride, bandwidth-wise.

They don't explain how these viruses distinguish a US-based computer from a non-US.

[hier]

I thought I would give the Unicode encryption technique a whirl, but I've come across something strange.

I'm using Dreamweaver MX and whenever I convert my <a href="mailto:you@yourdomain.com"> into Unicode it keeps converting back to regular text.

At first it will appear as it should in code view. I then save the file and save it to my server. However when I view the source for the page via IE6, the Unicode for <a href="mailto:you@yourdomain.com"> appears in regular text. When I re-open the file I altered in DWMX, I find that that too has reverted to regular text.

Any ideas why this might be happening?