I too am one of many who is overwhelmed by the amount of spam filling my various virtual domain email accounts. I have many pages out there with my email spattered on them in just plain hypertext links. Obviously, these are being scavanged by harvesting programs.

I was thinking, how can you provide a clickable email without giving out your email in the code?

Well I think I have come up with a solution, and who knows, I am sure others have probably already thought about this too. In my experience on the internet, nothing seems to be original anymore, but for those who may not have put much thought into a solution like this, here goes...


I have made a flash button graphic to use for my email on my home town community site http://www.salida.org.

The graphic displays the email address, but the button itself is encoded with the email address so there is no need to put the mailto:yourname@youraddress.com in the code.

I am going to begin implementing this type of email link in all my new sites that way the email harvesters can't pull the emails off the websites.

Feedback?

I encrypted my email addresses on my websites with Java, but it didn't cut the spam any.
The problem with either flash or java is that some people won't be able to even see the button.
But if you use a text link it can be harvested. An alternative is to use a graphic of your email address - it can't be clicked on, but people can copy it if they really wnat to contact you.

For a quick fix, just replace the @ with the html code for the symbol ( & # 6 4 ; ). You can do a global replace on the bazillion pages that have your email, and then the crawlers searching for @ won't find yours, and mailto links still work. There are better ways, but that's a quickie.

I've had a site for years, and u can imagine the email harvesters having a field day with my site :(
Until I finally found a few different ways to scramble my email address.
One way I found is exampled below
email scrambler

<A HREF="mailto:webmaster@yourcompany.com">E-Mail My Company</Aor using Java:

<script LANGUAGE="JavaScript"><!-- Begin
user = "webmaster";
site = "mycompany.com";
document.write('<a href=\"mailto:' + user + '@' + site + '\">');
document.write(user + '@' + site + '</a>');
// End --></SCRIPT>

I'm sure there are a few other other methods, but I've been using these for awhile, and seem to work just fine! Hope this helps.

Lando

Encryption is easy and it works very well.

I was taking into consideration that the harvesting programs would adapt to new methods of scrambling the email addresses. I thought the flash button would be a stronger agent against that since all the code is self contained in the swf file. It's true not everyone can display flash, or even javascript. But I would have to say that the percentage of web users who can't view flash or javascript is so low to where it's almost not worth taking into consideration. Yes? No?

All the latest versions of IE and NN are Flash compatible.

Another question here to follow up with is embedding emails in forms. Now I am sure harvesters pick up the 'recipient="mailto:user@userdomain.com"' that is in there to direct the output to the specific email. Many websites like to have the form posting for comments and feeback which allows anyone anywhere with web access to send an email sans-email program.

What are possible solutions for having to put email addresses in the form?

I was taking into consideration that the harvesting programs would adapt to new methods of scrambling the email addresses.

Well worth considering... But as of right now, encryption is the simplest method to implement and it works. Why not take the simplest effective route and make changes later if they're warranted?

Besides, who's to say the link harvesters won't eventually start extracting email addresses that are embedded flash. If a browser can do it, so can a bot if it's programmed to do so.

Just my opinion of course...

I'm interested in hearing more about some of the ways mentioned here about keeping an email harvesting script from getting your email address, though my preference is to not show my email address in any way, shape or fashion if I don't want it harvested. Rather, I prefer to use a form which keeps my email address set completely apart from the html that the harvesters can read.

Using basic replacement doesn't work for most, if any, harvesters. Programmers are problem solvers and it doesn't take long for them to recognize trends such as myemailATdomanDOTcom and the likes. Anyone with just a bit of regular expression knowledge who is willing to run around a bit and research the different schemes one might come up with to hide our email addresses will find them and get past them.

Flash can and will be decoded. Anything that is displayed in text to the average user can and will be harvested, and if it isn't displayed to the average user, why would it be there at all?

Beyond that, I personally think email harvesters of this sort are a waste of time. It's much easier to harvest domains and then use up cpu cycles running username checks against domains. It is not difficult to run 'queries' againt an smtp server to determine whether xyz@domain.com exists followed by xxy, xyy, etc. populating a database with the users that come up as valid. It's fast and none too difficult to make work.

This all said... Secure your servers, use good anti-spam software at the server and the client level and for goodness sake, NEVER buy anything from a spam email. (My policy is to never buy anything I've even seen in a spam email, not even from a reputable dealer.)

Here's a pretty foolproof method:
I've developed a little utility that allows you to convert your HTML into ISO-Latin-1.

This creates a string of numbers from the HTML code. You then document.write the String.fromCharCode in your web page to convert them back to readable text.

All the spambots will see is a string of numbers.

For instance, say you had the following code:
Email No One (noone@nowhere.com?subject=Hi, NoOne)

By running that through our utility, you'd get the following string of numbers (I've added hard returns to prevent horizontal scrolling on this web page... normally, there'd be no hard returns in the string of numbers):
60,97,32,104,114,101,102,61,34,109,97,105,108,116,
111,58,110,111,111,110,101,64,110,111,119,104,101,
114,101,46,99,111,109,63,115,117,98,106,101,99,116 ,
61,72,105,44,32,78,111,79,110,101,34,62,69,109,97,
105,108,32,78,111,32,79,110,101,60,47,97,62

You'd then add the following code into your web page where you wanted the email address to show up:

<script type="text/javascript" language="javascript">
<!--
{document.write(String.fromCharCode(PASTE NUMBERS HERE))}
//-->
</script>

and simply paste the string of numbers where is says "PASTE NUMBERS HERE".

You can access the email obfuscation utility here:
http://www.hillscapital.com/html2iso.htm

The page contains instructions to make it easy for you.

Here's a pretty foolproof method:
I've developed a little utility that allows you to convert your HTML into ISO-Latin-1.

This creates a string of numbers from the HTML code. You then document.write the String.fromCharCode in your web page to convert them back to readable text.

All the spambots will see is a string of numbers.


This won't work if I do a regex search of the rendered code.

But, JayDrake is correct when he says the most foolproof method is to use a form.

JayDrake:
What is a regex search?

You know, I just thought of an amazingly simple way around our obfuscation scheme...

Say you loaded the webpage up into an iFrame (to allow quickly changing the SRC attribute programatically, so you can go through many web pages quickly), then just searched for the @ sign and harvested anything preceding and proceeding that @ sign. They'd be searching the rendered page, not the code.

But, JayDrake is correct when he says the most foolproof method is to use a form.

JayDrake:
What is a regex search?

regex would be regular expression, a standard method of performing pattern matching which is employed in many programming languages and scriptable applications.

I do not necessarily provide my direct e-mail address. I rather have a form/butten that requests a vCard file (from an autoresponder).

I get two benfits:
- First, I can easily filter and even reject spam if I please so (send bounce messages etc)
- Second, I get an e-mail exchange, rather then just a message.

Example: http://www.conficio.com/about/contact.html

I'm open to critique here.

Kind regards
K<o>
P.S.: It's a bit tricky to set up though.

I get two benfits:
- First, I can easily filter and even reject spam if I please so (send bounce messages etc)
- Second, I get an e-mail exchange, rather then just a message.

Not as visitor friendly as I would like, requiring additional steps in the contact process, but the only other concern I would have with it is support for the vcard format. Seems it's been around awhile and that shouldn't be an issue though.

My website was getting harvested on a regular basis until I took the measures as outlined by Lando. Took a while for my addresses to drop out of the lists but after that my spam (as addressed on my website) virtually stopped. Sure, I still get an occasional spam from someone using an outdated list but it's nothing like it used to be.

My website was getting harvested on a regular basis until I took the measures as outlined by Lando. Took a while for my addresses to drop out of the lists but after that my spam (as addressed on my website) virtually stopped. Sure, I still get an occasional spam from someone using an outdated list but it's nothing like it used to be.

The javascript way works reasonably well assuming you don't use the email address as the link text. These mailto links won't work for people who don't have javascript enabled, however.

It's interesting that outdated lists aren't just recycled on known good email addresses. (Defined as those email addresses which do not bounce email back.) I suppose these email list people just aren't as ruthless as I give them credit for. ;)

My experience is that once an email address gets on a spam list it will be out there forever. I have stopped using my "compromised" email addresses and use server-side processed forms or embed the new, clean email address in a gif (with no mailto link).

Here is a thought: many of the ideas on this page work currently, but only because of their relative lack of popularity - once any particular way of protecting email addresses on a web page becomes popular the harvesters will crack it and you are back to square one. If a new method takes too long to crack they will resort to bombarding domains with common address prefixes (support@, info@, sales@, webmaster@) until they get one that doesn't bounce.

Which gives me an idea: do not completely remove email addresses from your pages - include in plain text one or more address that is not visible to the human user. Email harvesters will pick it up and begin spamming - you just set the "decoy" email address to automatically delete all mail sent to it. The spammers leave your site alone because they have an address that apparently works. I don't suppose they would take too long to figure it out though...

Which gives me an idea: do not completely remove email addresses from your pages - include in plain text one or more address that is not visible to the human user. Email harvesters will pick it up and begin spamming - you just set the "decoy" email address to automatically delete all mail sent to it. The spammers leave your site alone because they have an address that apparently works. I don't suppose they would take too long to figure it out though...

Protect your domains. Do as mentioned here. Use an email address like addmetoyourblacklist@yourdomain.com and have that address scripted to automatically add anyone who sends mail to that recipient be added to a blacklist for your server, saving the rest of your email addresses on that server from receiving spam.

It's complex to set up properly, but certainly fun!

The best way to keep your email address off a web page, without any fiddly tricks, is to use php.

Another point is, if your visitor is in an internet cafe, or on any computer which does not belong to them, the usual MAILTO: will probably not work, since they would not have their own email program available. Ideally, you need a form on your website which will email the message to you.

Have a look at
http://www.hahomes.com/
there is a button on the front page to send an email - and tell me what the email address is...
It just doesn't appear - anywhere...
If you want to play with it, please put the word 'test' in the "name" section, as well as your own name, so that we will know that it is not a genuine enquiry.

I haven't done it on this page, but I have also written some php pages which look the same as these two, but send an email back to the visitor, confirming what they have written, perhaps confirming their order, perhaps saying someone will be in touch with them.

This "reply" email also reminds them of the web site address - if someone took the trouble to write, I don't want them to forget which site they were on. Yes, I know that the site will be in "history", but I want any potential clients to have an easy time as possible if they want to re-visit the site.

Brian Livingston did a fairly exhautive study of various spam proofing techniques and wrote a little book about them:

https://briansbuzz.com/spamproof/buy.php

He tends to favor a small GIF of your address along with the fromCharCode javascript...

The problem I see with the gif approach is that it is not difficult to crack:

1. I am sure that most people call these gifs "email.gif", or if you have several on your site the natural tendency is to call them "email-webmaster.gif", "email-sales.gif". Simply add the website domain and the harvester has cracked it.

2. Even if you don't use "email" in the gif name, its not hard to recognize a short, wide gif (e.g. 150 x 20) with low color-depth which can be put through a text recognition API to extract the characters and decide if its an email address.

I am sorry to say that I think we are fighting a losing battle against the spammers and only an overhaul of the SMTP sending protocol (e.g. mandatory authentication) will change things.

First, I am not concerned about human visitors to my site. I actually want it to be very easy for them to contact me. Second, I do not want any automated process to find me. That's usually the spammers, though it is also the search engines. They however, are benign.

Here's something that allows people to find me (even if they are using a screen reader) yet currently (and that's the key word) keeps the automated stuff too confused.

It's a twist on the javascript routine of:

<script LANGUAGE="JavaScript">
user = "andrey";
site = "achievebalance.com";
document.write('<a href=\"mailto:' + user + '@' + site + '\">')
document.write('andrey at achieve balance dot com</a>');
</script>

What people see is: andrey at achieve balance dot com, which when the say it, makes plenty of sense and is easy. Hopefully, the automated stuff is not as savvy.

One site that I've maintained for several years has a guestbook where people leave their emails. In the past year it was becoming increasingly evident that this site was providing great fodder for the address harvesters.

I looked around and found this cgi script that seems to have cut the problem - completely. And I do mean completely. It also seems to have stopped the auto-entry problem suffered by many guestbooks where spammers use robots to have their junk posted with links in guestbooks.

you can find it here http://www.monkeys.com/wpoison/

It may not work for everyone, but it worked in this instance. The idea is that the script feeds a never ending loop of phony email addresses that trap the harvester so it won't proceed down the page. The potential downside is that SEs might get caught in the loop, so if you use this, do so only on one page and make sure it's a page that you won't mind if it doesn't get indexed in the search engines.

I'd be interested to know if any of you have experience or critique about this method.

Just installed the wpoison link on one of my sites (I have ASP installed, not CGI and don't have admin access to the server to add a CGI mapping). Anything that causes spammers problems is great by me.

Thanks for the tip!

Great !! I hope it works for you. Keep us posted if you notice any results.

jade

I too am inundated with spam emails.. I had to change my email just to avoid the hundreds of emails *sigh*.

I found a great program. It's called "EMail CLoak" and it's VERY inexpensive $8.95.

Here's the link: http://www.email-cloak.com/

Best $$ spent.

You put in the email address you want to cloak.. then what you'd like it to say on the page, click on the CLOAK button and get the code.

Email: somebody@mymail.com
Link: Click HERE

It's great. Takes away all those @ signs that the robots looks for.

Enjoy!

I would say that the best solution that I have seen in this posting is implementing a web based form. However even that is vulnerable to spam.

Lets all remember that crawling isn't the only way a spammer finds an email address.

-standard email names (eg. sales, info, support)
-dictionaries
-pure guesses
-lists of emails from others (naughty businesses sharing data)
-multiple recipients from a TO field
-thousands of other ways.

At least with the form you have that mail filtered into a specific account and possibly into a specific folder never reveiling the destination email address until you warrant it.

Another question here to follow up with is embedding emails in forms. Now I am sure harvesters pick up the 'recipient="mailto:user@userdomain.com"' that is in there to direct the output to the specific email. Many websites like to have the form posting for comments and feeback which allows anyone anywhere with web access to send an email sans-email program.

What are possible solutions for having to put email addresses in the form?

Aloha ----

Very good question! My strategy for hiding regular email links is to encrypt the address (using http://fantomaster.com/fantomasSuite/shadowCoder/fascodersv-e.cgi) and then have it written by a remote javascript. I'm guessing the encrypted version would also work in a form, but I don't know for sure....

_||_
db

...possible solutions for having to put email addresses in the form?

If at all possible don't put the email address in the form at all. Post it to a page with a server-side script which will send the email directly from the server. If you can't user server-side scripting on your site you could possibly post it to a page you set up on a free service like Brinkster or Tripod then redirect back to your own page. The script itself is very simple.

I would say that the best solution that I have seen in this posting is implementing a web based form. However even that is vulnerable to spam.

I currently write PHP web based forms, and wrote ASP web based forms in the past (when I used to use ASP), and repeat, the email address does not appear on the page, or in the code.

I have never had any spam sent automatically to any of these addresses - they are simply invisible.

Sending to unknown email addresses on my servers results in the mail being bounced.

Very good question! My strategy for hiding regular email links is to encrypt the address (using http://fantomaster.com/fantomasSuite/shadowCoder/fascodersv-e.cgi) and then have it written by a remote javascript.

All the spammers have to do is to search for ;&#064 as well as "@".

This is the method used by a good many spammers to "hide" their web site name within the spam, so that some less effective automatic anti spam software can't see it.

Not sure why you use Javascript. If you just cut and paste this "ultimate stealth" (!) solution into a HTML web page, it works fine... perhaps you need the javascript for something else?

For a quick fix, just replace the @ with the html code for the symbol ( & # 6 4 ; ). You can do a global replace on the bazillion pages that have your email, and then the crawlers searching for @ won't find yours, and mailto links still work. There are better ways, but that's a quickie.

The secret is to kill the spam bots! Why not go further than that and code lots more of your mailto.

Every word has vowels, so instead of encoding all the letters, we can simplify things by only translating the vowels, the "@" and the "com" in your email address, plus the "mailto:" portion of the link.
Your address will still be totally unreadable to a spam bot.

Here is the code with a PERIOD (.) added in the middle of each character BEFORE the ASCII
number, to prevent translation. Delete the periods before using the code:

mailto: = &#.109;&#.97;&#.105;&#.108;&#.116;&#.111;:

@ = &#.64;

com = &#.99;&#.111;&#.109;

a = &#.97;

e = &#.101;

i = &#.105;

o = &#.111;

u = &#.117;

Here's the format of the code, should you want to go further:

[Ampersand][Hash][ASCII Number][Semicolon]
a = & # 97 ;


Some people simply replace the "@" in their address with the code version. I don't think that's enough. Spammers only have to teach the software to recognize that one coded letter and your in trouble. Also, some spam bots search for the "mailto" link because whatever follows must be an email address, so I recommend you encode that too.

I use this method and do not get spam from the web sites I make.

Keep up the good work and lets try to rid the net of that pest (spam)!

Regis

This is the method used by a good many spammers to "hide" their web site name within the spam, so that some less effective automatic anti spam software can't see it.

Not sure why you use Javascript. If you just cut and paste this "ultimate stealth" (!) solution into a HTML web page, it works fine... perhaps you need the javascript for something else?

What's the "ultimate stealth" solution?

One reason I use the javascript for my web signature is so I can put it on all pages and only have to write it once (my host doesn't support SSI, so I use javascript instead) -- but I also read that putting an email address in a remote file would hide it from spambots. What's your knowledge of that?

Thanks -----

_||_
db

What's the "ultimate stealth" solution?

The web site given to convert the email addresses called itself the ultimate stealth, which I thought was a little over the top...


One reason I use the javascript for my web signature is so I can put it on all pages and only have to write it once (my host doesn't support SSI, so I use javascript instead) -- but I also read that putting an email address in a remote file would hide it from spambots. What's your knowledge of that?

I wondered if it was something like that. I have no knowledge of that, because as I said, I always use PHP, which doesn't pass the email address out at all.

If you give me a URL, I will see if I can see your email address, as a spammer would.

One reason I use the javascript for my web signature is so I can put it on all pages and only have to write it once (my host doesn't support SSI, so I use javascript instead) -- but I also read that putting an email address in a remote file would hide it from spambots. What's your knowledge of that?

I wondered if it was something like that. I have no knowledge of that, because as I said, I always use PHP, which doesn't pass the email address out at all.

If you give me a URL, I will see if I can see your email address, as a spammer would.


Pete ----

I must admit, I don't even know what PHP stands for! I'm strictly an html Neanderthal : ^ )

Thanks for checking my site. The URL is in my signature (below)

_||_
db

it was pretty easy to find this email at your site

VALUE="info#hotcosta.com"

I took the @ sign out and replaced it with # before posting it here, but it was all clearly and easily accessible.

it was pretty easy to find this email at your site

VALUE="info#hotcosta.com"

I took the @ sign out and replaced it with # before posting it here, but it was all clearly and easily accessible.

Well....so much for the idea that PHP is spider-proof! How about my site, did you try it?

_||_
db

it was pretty easy to find this email at your site
it was all clearly and easily accessible.

Well....so much for the idea that PHP is spider-proof! How about my site, did you try it?



Well, I could cheat and just read your email address off the web page <G>, but if you have software which runs through all the site, your Yahoo address will be collected from the js file. However, you are taking some precautions, and the cheaper software wont find you.

As to my email being easily accessible, yes, on that site it is. Too lazy to sort it out there, because it is more complicated - advertisers can have clients directed to that page, and so the address would change in real-time.

But, as I said earlier, have a look at
http://www.hahomes.com/
there is a button on the front page to send an email - and tell me what the email address is...
It just doesn't appear - anywhere...
If you want to play with it, please put the word 'test' in the "name" section, as well as your own name, so that we will know that it is not a genuine enquiry. That is an example of how I do it for other people.

PHP source *IS* spider-proof.

But, as I said earlier, have a look at
http://www.hahomes.com/
there is a button on the front page to send an email - and tell me what the email address is...
It just doesn't appear - anywhere...
If you want to play with it, please put the word 'test' in the "name" section, as well as your own name, so that we will know that it is not a genuine enquiry. That is an example of how I do it for other people.

PHP source *IS* spider-proof.

Pete -----

I'll take your word for it -- but I'm totally amazed that PHP can send an email to an address that does not appear anywhere in any of the code on your site!

I still don't know what PHP stands for : ^ ) -- even though I looked at a couple basic tutorials, enough to confirm that my host doesn't support PHP.


Be well and spider-proof! -----

_||_
db

I'll take your word for it -- but I'm totally amazed that PHP can send an email to an address that does not appear anywhere in any of the code on your site!

OK, then, I will explain in the simplest terms possible - and hope that you are not offended! <G>

Let us assume that you are viewing my web page. You will appreciate that two computers are involved. One computer is yours, perhaps running Internet Explorer to view the web page. The other computer is my server, which sends the code over the internet to your computer. This is what always happens with a web page. However, some servers run software, like PHP. What this does is, takes code / instructions that I have written, and works on them before it sends you anything. I have written some multi-lingual sites - you clicked on 'English' and told my computer that you wanted to read in English - so my code says "if the visitor clicked on English, send the text in English" - "if the visitor clicked on Spanish, send the text in Spanish". In either case, you will see exactly the same web page, except in the English version, you might see the word Hello, and in the Spanish, you would see the word "Hola". If you think about it, you can see how this is done on my server, not your computer. In this example, as you asked for the code in English, the word "Hola" is never sent to your computer. I could have designed different pages for different languages, but then, if I want to simply change one graphic, or one price, I would have to change half a dozen different pages instead of just one, as happens now.

In the example I was talking about, you filled in a webform, and MY COMPUTER sent the email. So it doesn't need to sent the email address to YOUR COMPUTER. Remember that, on your johreiki site, the user has to be able to send an email, the user has to open Hotmail, or Outlook, or whatever. On mine (as on webproworld!) you don't.

This is, of course, a vast oversimplification, but I hope that it gives you an idea of what is happening.

This is called server-side web programming (it runs on MY server), and typical languages used would be PHP or ASP. You use some javascript - this is client-side web programming, it runs on YOUR computer.

Worth worrying about is the fact that visitors have the option of turning off javascript, in which case they would presumably not see your email address at all.


I still don't know what PHP stands for : ^ ) -- even though I looked at a couple basic tutorials, enough to confirm that my host doesn't support PHP.

PHP is a recursive acronym (don't ask!!) which stands for PHP: Hypertext Preprocessor. It processes the hypertext (the HTML code) before it is sent to your computer.

Hope that helps.

This is called server-side web programming (it runs on MY server), and typical languages used would be PHP or ASP. You use some javascript - this is client-side web programming, it runs on YOUR computer.

Let's not forget Perl (my favorite). Like other server-side scripting, the source code is not transferred to the browser. The only thing the broser gets is what you want it to get.

Let's not forget Perl (my favorite)..

Who could forget perl? (:->


Like other server-side scripting, the source code is not transferred to the browser. The only thing the broser gets is what you want it to get.

Which usually excludes your email address.

Just to take it one step further, the programs that spammers use, can only get (simplification again) the stuff that your browser gets, so again, no email address.

...some servers run software, like PHP. What this does is, takes code / instructions that I have written, and works on them before it sends you anything. I have written some multi-lingual sites - you clicked on 'English' and told my computer that you wanted to read in English - so my code says "if the visitor clicked on English, send the text in English" - "if the visitor clicked on Spanish, send the text in Spanish". In either case, you will see exactly the same web page, except in the English version, you might see the word Hello, and in the Spanish, you would see the word "Hola". If you think about it, you can see how this is done on my server, not your computer. In this example, as you asked for the code in English, the word "Hola" is never sent to your computer. I could have designed different pages for different languages, but then, if I want to simply change one graphic, or one price, I would have to change half a dozen different pages instead of just one, as happens now.

In the example I was talking about, you filled in a webform, and MY COMPUTER sent the email. So it doesn't need to sent the email address to YOUR COMPUTER. Remember that, on your johreiki site, the user has to be able to send an email, the user has to open Hotmail, or Outlook, or whatever. On mine (as on webproworld!) you don't.

This is, of course, a vast oversimplification, but I hope that it gives you an idea of what is happening.


Yes; thanks very much! So, when using a form with PHP, there's no "recipient" email address in the form (as there is when using a mail form with perl or cgi)?



This is called server-side web programming (it runs on MY server), and typical languages used would be PHP or ASP. You use some javascript - this is client-side web programming, it runs on YOUR computer.

Worth worrying about is the fact that visitors have the option of turning off javascript, in which case they would presumably not see your email address at all.

Why would people turn it off?




I still don't know what PHP stands for : ^ ) -- even though I looked at a couple basic tutorials, enough to confirm that my host doesn't support PHP.

PHP is a recursive acronym (don't ask!!) which stands for PHP: Hypertext Preprocessor. It processes the hypertext (the HTML code) before it is sent to your computer.

Hope that helps.

Thanks again -- it helps a lot. It seems the only way to protect my email address from spammers, then, and to display things correctly to people who have javascript turned off, is to get a host who supports either PHP or ASP....?


_||_
db

So, when using a form with PHP, there's no "recipient" email address in the form (as there is when using a mail form with perl or cgi)?


To be pedantic, if you are using PHP, or ASP (and probably Perl, I have never used it), you don't need to show the email address on the form.

There is a PHP mail() function which works on the server, and not on the clients computer, and it is this function which requires the email address





Worth worrying about is the fact that visitors have the option of turning off javascript, in which case they would presumably not see your email address at all.

Why would people turn it off?


Some people are paranoid about security, and beleive that leaving javascript on opens them up to attacks.


It seems the only way to protect my email address from spammers, then, and to display things correctly to people who have javascript turned off, is to get a host who supports either PHP or ASP....?

This is certainly the most complete and safe method.

This may have been covered, I apologize if it has, but I find that a lot of my spam comes through email addresses such as info@, service@, webmaster@, etc., which are ones I don’t use or have posted on my site.

You follow? These are all very generic names for email addresses. I found that I was getting them because I had a virtual map set-up to filter all @glacialpoint.com emails to go to my off-server account. So even if the address was dorkbutt@glacialpoint.com, I would get it. Most ISP's I find automatically set this up. I have just moved my site to a new provider and have set-up only specific addresses. That way anything that is not sent to an address I have personally set-up, automatically goes into a different account. It has really cut down on the junk I used to get, and it is a way that I can deal with the stuff I know came from a client or potential client up front, and worry about the misc. junk later.

And no extra cost for applications.

I few of the methods I'd advocate - such as using PHP and Javascript - have been mentioned already so I'll just give y'all a link to my anti-spam
'solutions and faq's' page:

http://www.ackadia.com/computers/it-spam-faqs.html

It includes comments on uses gifs, fixes for XP (relates to IM viruses and Spammers) and examples of JS to hide your email.

At present I use this JS with an image, plus alternate text for when javascript is disabled

Basically, I had my address harvested for years, but this this past year sent me from irritated to the sort of wrath you get when they send "children offers" to a parent - and then to his, to *my* daughter. At present I'm blocking over 10,000 Spam a month...

Other pages in the section include news, tools, links and setting Outlook Express as another line of fire to stop Spam.