Remember when you could post your email address in plain text format on any web page, and not have to worry about getting bombarded with emails about a better mortgage rate or increasing a certain body part size? Well, those days are long gone, and today you must protect your email address from Spam Bots, which are automated searching bots that extract email addresses from web pages in order to be used in marketing lists. There are several tricks that one can deploy, that will allow your visitors to get your email address but keep it away from spam bots.
Email Icon Generator
The Email Icon Generator will create a little image that has your email address in it. Spam bots are unable to read the contents of an image, however your visitors will see it clear as day. The downside to this tactic is, you can’t put a “mailto:” link on the image, because a Spam Bot will pick this up.
Contact Forms
Contact forms have become very popular, and are very easy to create. Luckily there are many available to download, so you do not need to reinvent the wheel. WordPress has a plug in called WP-Contact that will add a contact form to your WordPress blog. A Contact form basically will create a form for a visitor to fill out, and behind the scenes it will fire off an email to your email address. Your email address is never exposed to the outside world.
Email Address Encrypted
This great little tool will encrypt a hyper link with JavaScript so that when a page is executed the code snippet will decrypt and print our a standard “mailto:” and your visitors will not know the difference. This is a great technique because your email address is hidden from spammers, but your visitors will not even know the difference.
Be Creative
You could create an ASCII art image of your email address. Your visitors will get a neat little text-image of your email address, but the Spam Bots will not be able to pick it up.
Conclusion
Spammers are constantly changing their tactics, so you might have to adapt yourself over time. Each of the techniques above has its own advantages and disadvantages, but they will all help you lock our spammers from your inbox.
Hello.
This post got me thinking again!
I wonder how much you know about the bot’s abilities? I’m wondering if it would be sufficient to fool the bot by just enclosing odd runs of your email into adjacent spans? In pseudo-HTML, like so:
[span]myname[/span][span]@[/span][span]myhost.com[/span]
You could also do that using the kbd tag, which may also be appropriate textually, but may also fool the bot further.
I just don’t know how smart these things are and if that would be sufficient.
It seems like since the bot would need legitimate parsing rules this might fool it: since it won’t know when to stop composing adjacent tags into a valid address without real parsing rules; but on the other hand they may just brute force try everything — smashing anything around the ‘@’ into an email, sending mail, and eliminating it only if they get a bounce.
Here’s another thought for the server-side:
Can you put up a link that grabs your email on the server and sends back a redirect to the client that’s a mailto link? In other words, the link on the page is href=”getMail?name=b.smith” and on the server your code looks up b.smith wherever — or simply assumes b.smith@thisdomain and then sends a client re-direct to href=”mailto:b.smith@thisdomain”. The thought is that the user ultimately sees their email program open just like a regular mailto link.
That could be programmed in nearly any server language.
Anyway, why do spammers want to keep all this hacking alive?
You know what: I bet someone has a bot test site that you can submit content to and see if the bot would parse it. If there’s no such site it would be nice to see that started up.
OK, thanks!
Ciao.
Argh!
Well, I’m off it again! I just read this blog post:
http://techfeed.net/blog/index.cfm/2006/12/4/CFFormProtect-invisible-accessible-automated-spam-bot-killer
And he mentions “spammers hiring cheap labor to fill out forms”. So it’s pointless to do anything that might even expose the address to a human.
So I’m just back again with thought that the best tools are ones that never expose the email in any way. In your posting here, that would be things like “contact forms”.
Anyway, good luck!
I also made a email obfuscation using javascript utility. Give it your email address, and it returns you an HTML snippet that will dynamically generate a clickable email link:
http://bla.st/theobfuscator.php
PHP Source is also provided, so you can build this into your own PHP applications.
Another (non open source) obfuscation tool is:
http://automaticlabs.com/products/enkoderform
Some bots have become smart enough to detect for email addresses like [span]myname[/span][span]@[/span][span]myhost.com[/span]
It’s a constant battle
Yes, I’ve seen the cheap labor approach. I have a site where feedback isn’t all that important, be we do have a contact form. In order to submit, the user has to answer a very simple question about the site. I had 5 trivial questions one of which would be picked at random. The contact form spam for viagra and mortgages continued. These were not bots!
if i was writing that kind of spamm bot i would put unknown mailto’s into log file, so i would upgrade it after i see first usage of html tags
the best idea is with javascript, you would have to use some javascript compiler for that ( rhino ? 
) and not many people will bother, just like with images.