Email spam bots - display name vs. actual email address

[apalmer123@msn.com]

A webmaster that I thought was pretty knowledgeable insists that having the displayed text for an email hyperlink NOT be the actual email address reduces the amount of spam sent to that email.

I think that the bots are smart enough to get the email address from the anchor tag and that it doesn't matter what the displayed text says.

Anyone know the real truth?

Thanks!

[carpediem]

Hi apalmer123,

My understanding is that the bots are looking for anchor tags with mailto: reference. As they are usually working for spammers, the context of the display links probably don't matter to the bot program.

We utilize javascript and a secured contact form in an attempt to prevent web bots from stealing e-mail addresses from our websites.

Hope that helps,

Danielle

[wige]

Out of curiosity, I downloaded a bot that was designed to harvest e-mail addresses and other text from web sites. The bots look at the source code of the page and pull out any string that looks like an e-mail address, regardless of whether it is a mailto: link, the link text or even plain text. The bot I played with was even smart enough to drop added nospam text and could convert "something at somewhere dot com" into "something@somewhere.com". The bot was also able to crawl SSL pages. The only method I have seen that worked against the bot was putting the e-mail address into an image that is not linked, or using a secure contact form.

[RegDCP]

IMO the only safe way is having a captcha protected secure contact form.

Reg

[wpriley]

I've used a free application called E_Cloaker with good results for several years. You can download it at CodeFoot.com: Software: E Cloaker 2.0.

Wige, I would be curious if your bot picks up E-mail addresses encrypted with the above application.

Thanks.

[wige]

The bot I tested with had a decode option for unencoding, but it was off by default. This does look like at least a partially effective method. A bot would have no problem processing this code, but as it is not commonly used, the bot would more likely skip over it.

[deepsand]

If you can read the source and at least deduce what is most likely an e-mail address, so can a bot.

Therefore, if you want to provide the user with on-site contact, use a secure form; if you want to provide for their e-mailing you, display the address as an image.

Be aware, though, that even images are not guaranteed to be unreadable by bots. By employing OCR, and building a database of observed CAPTCHA images and the corresponding proper characters, there have been bots available for some time now that serve as effective CAPTCHA decoders.

[deepsand]

IMO the only safe way is having a captcha protected secure contact form.

Reg

Unfortunately, CAPTCHA is not 100% reliable.

By employing OCR, and building a database of observed CAPTCHA images and the corresponding proper characters, there have been bots available for some time now that serve as effective CAPTCHA decoders.

That is why some sites frequently change their library of CAPTCHA character strings; needless to say, these changes occur just about the time that human users have trained themselves to be able to reliably read them, leading to yet another round of pissed-off users!

[dean]

If I did use mailto links, I would escape some of the characters in both the anchor tag itself and in the text. There may be some bots that can still grab the address, but I think it prevents at least some harvesting.
What I'm really surprised about is why more webmasters don't speak about the basic unuseability and annoyance factor of mailto links. Just guessing, I think that a rather large percentage of internet users only use web-based email. Most likely, the one they get from their ISP. Even geeks, I would think, use both a client and web-based mail with multiple addresses. I know that I don't like it when a link with unclear anchor text suddenly opens my email client. It's annoying.
Just curious, what would a captcha have to do with preventing email harvesting from a secure contact form? I assume a secure form means that there are no email addresses in the html code, among other things.
I'm also wondering why the OP has an email address as a forum name?

[itsdonny]

This is a great email encoder here. The you can add your email to any page you want.

Mysterious Ways - Hide Email Addresses from Spam Harvesters