Cloak You E-Mail ?

*Tom* · 02-21-2002, 07:57 AM

Lockergnome featured a little utility called E Cloaker yesterday and I got around to looking at it today.

Its premise is that it converts the characters of email addresses and text into browser-readable Unicode, making it more difficult for spam extractor 'bots to harvest email addresses from your web page.

Basically, a simple "email me" link is turned into something like this:

href="#109 #97 #105 #108 #116 #111 #58 #119 #104 #111 #64 #119 #104 #97 #116 #46 #99 #111 #109 ">#69 #109 #97 #105 #108 #32 #77 #101

( I had to take out all the ";" and "&" characters to make it display in this message)

Your thoughts?

http://www.codefoot.com/software/ecloaker/index.html

Justin · 02-21-2002, 09:09 AM

The problem with these things is that your better email harvestors will read that with no problems. If a browser can make out the link, any software tool can do the same (the rules are relatively simple, so URL-encoding or HTML-encoding can each be done in one line of Perl).

The only thing that would prevent a harvestor from snagging your email would be to use an image instead of text (and not hyperlink it, or perhaps link to a mail form with appropriate restrictions/validation)...

*chrisheng* · 02-21-2002, 09:41 PM

Another popular method is to use a JavaScript to generate the address, eg, using document.write( "youremail@yourdomain.com" );, or the like, or even constructing the address from pieces so that the full email address does not appear in the script but only when it is run. This method depends on the email harvesters not having a built-in JavaScript interpreter.

The disadvantage of this method is that JavaScript must be enabled for your visitors to "see" that email address.

Personally, I prefer to embed my email address in my scripts so that it does not appear anywhere on the site.

BenV · 02-22-2002, 08:27 AM

Quote:

Originally posted by chrisheng:
Personally, I prefer to embed my email address in my scripts so that it does not appear anywhere on the site.

Yeah, I don't display my email address anywhere anymore either. I just provide a page for them to send me a message.

----
BenV

Lynn · 02-22-2002, 10:58 AM

do you suppose these email harvesting programs read something like a robot.txt file?

Tibbits · 02-23-2002, 03:45 PM

bit of a messy way of doing it, but you can create a small flash file in a freeware editor with a single line of text (the email address) with a mailto: action attatched.

*LightGuide* · 02-25-2002, 01:17 PM

E_Cloaker (available free from www.CodeFoot.com hosted on FQ) and tools like it will slow down a great many of the harvesting programs -- but yes, some of the more sophisticated ones will read through unicoded addresses. Few take the trouble, though, as the additional parsing load starts to add up.

Some will also read through JavaScript approaches, too, I'm told; and the JavaScript approach also has the deficit of not being visible to those who have JavaScript turned off in their browsers.

I *do* like that Flash approach mentioned above -- I don't think much of anything can read through that!

Ultimately, though, we've found the best approach is not to put email addresses anywhere on the site, but instead use scripted mail forms.

Still, nothing stops *all* of the spam, as addresses are gotten or created via many other means than just raiding your site.

Some of the harvesters I've seen, for instance, parse WhoIs to get admin, tech, and billing addresses. Others automatically send copies to support@ and webmaster@ (etc.) at every domain.

Tibbits · 02-25-2002, 01:33 PM

you can get programmes like sugerplum which ensnare email harvesters and poison the database, but they have their downsides and I doubt Terra would like them running here..

*Tom* · 02-25-2002, 05:59 PM

How 'bout that - codefoot.com is one of "us" !

*LightGuide* · 02-25-2002, 06:14 PM

Quote:

Originally posted by Tom:
How 'bout that - codefoot.com is one of "us" !

YOU BETCHA!