Use Only Genuine Interocitor Parts

Add to Technorati Favorites

Endorsements

Firefox 3

Spam-proof MailTo Links

Friday, July 13th, 2007 at 11:03 pm by Kenny

I like providing links for e-mail on web pages, but I hate that spam-bots scrape sites looking for e-mail addresses linked in the usual manner. There are many hacks to try to avoid spam-bots

The Cander Method Version 1 (AKA: "Make The User Do The Work")

Named for a friend that I learned this from, one way to avoid this is to use ineffective links that require a person to modify address before sending it. Here's an example:

<a href="someuser_AT_somedomain_DOT_com">someuser_AT_somedomain_DOT_com</a>

…which appears as…

someuser_AT_somedomain_DOT_com

While this isn't spam-proof, it's spam-resistant. However, as I said, the user would then have to replace _AT_ with @ and _DOT_ with . in order for the e-mail address to be valid.

The Cander Method Version 2 (AKA: "Promiscuous Links, Strong Immune System")

The theory behind this method is "ah, screw it". Well, kinda. This method, also gleamed from the same friend, employs a standard mailto link that is completely vulnerable to spam-bots. Rather than try to trick spam-bots, you just resign yourself to the fact that spam is part of life and it's more important provide users with a good link. The spam protection is then handled by a good spam filter or by redirecting all your e-mail to a Gmail account, which is famously known for it's fantastic spam filtering. While I understand this approach, I still think that a good offense is the best defense.

The Corporate Method

Form e-mail is also a good option if your server supports it. That is, you can setup a script to take text from a standard HTML form and submit it via e-mail to you. This requires a bit more code and monkeying with the server to make sure that the web server is up and functioning and some web hosts may not even allow for this.

The Script-Redirect Method

Another method that I ran across (again, compiled from many sources and some original tinkering) is to provide a redirect that prevents spam-bots from scraping the address. The downside to this method is that you don't display the text of the e-mail address. The upside of this method is that the link works as-is and the user doesn't have to clean up the address before sending the e-mail. Here's how it works:

<a href="mailto.php?u=someuser&d=somedomain.com"
    onclick="target='_blank';"
    onmouseover="this.style.cursor='pointer';">E-mail</a>

Incidentally, the onclick and onmouseover events provide an XHTML Strict method of opening a new window without using extensive Javascript.

Place the preceding link wherever you'd like the e-mail link to occur. You'll notice that the link points to another script called mailto.php and it has a couple query string parameters. The u parameter refers to the username in the e-mail address (everything before the @) and the d parameter refers to the host (everything after the @).

Now that we have the link setup, we need the script that we are actually calling: mailto.php. This is the really easy part. It's one single line that pulls the query string parameters, puts them into standard e-mail address form, and redirects the browser to the mailto link. It's as simple as that. Here's the script for mailto.php:

<?php
    // pull values from query string and
    // redirect to a mailto link
    header("Location: mailto:$_GET[u]@$_GET[d]");
?>

While this may not fool all of the spam-bots out there, it should hopefully cut down on a significant bulk of spam that you might incur from posting a link to your e-mail address.


  • E-mail this story to a friend!
  • Google
  • Digg
  • Technorati
  • del.icio.us
  • Slashdot
  • TwitThis
  • Furl
  • Fark
  • Reddit
  • StumbleUpon
  • Facebook

Posted in Web Development |

You can follow any responses to this entry through the RSS 2.0 feed. Trackback from your own site.

3 Responses to “Spam-proof MailTo Links”

  1. ValkRaider - Monday, July 16th, 2007 at 9:01 pm :

    Found this somewhere several years back - don't know where…

    You can wrap it all in a script which will break for many "scrapers" or bots that look for "me@site.domain" type addresses.

    ———
    <SCRIPT LANGUAGE="JavaScript">
    <!– Begin
    user = "s_jobs";
    site = "apple.com";

    document.write('<a href=\"mailto:' + user + '@' + site + '\" rel="nofollow">');
    document.write('contact me' + '</a>');
    // End –>
    </SCRIPT>

  2. Kenny - Monday, July 16th, 2007 at 9:16 pm :

    Thanks, Valk. I thought I remembered reading somewhere that modern bots could parse generated HTML from Javascript (that is, they read the renedered HTML rather than the source), but I could be wrong. That's a good tip either way.

  3. spam proof your e mail address - Wednesday, June 4th, 2008 at 7:08 pm :

    [...] for publishing email links for preventing spambots from scraping your email address for abuse.http://kennycarlile.net/2007/07/13/spam-proof-mailto-links/Quarella Limited - Spam-Proof email address generatorSpam-Proof Email address Generator. I want to [...]

Leave a Reply