Wednesday, December 23, 2009

Hide Your Website Email Address from Spam Bots

By David Broadhead, Ph.D.

Do you want to hide the email address you use for your website to stop spammers from harvesting it?

If you want your viewers to be able to contact you, then you must have a "mailto" link containing your email address on your web pages.

But if you put your email address on your webpage, this is an invitation to the robots used by spammers. These bot are programmed with one goal: find email addresses. All they have to do on your website is look in your HTML code -- the code that tells your browser what to put on the page. And they will easily find your address right there in the "mailto" link.

The two most common methods of "hiding" the email address:

* Munging. In this technique, the viewer must type in the address to send an email to the website. That's because real words are used instead of the usual symbols. Example: harold AT aol DOT com

* Encoding. The most common code used is standard ASCII code. Each letter or symbol in the email address is replaced by its equivalent. A simplified address a @ b.com would be coded as:

& #97; & #64; & #98; & #46; & #99; & #111; & #109; ( spaces were put in to prevent the browser from printing the actual address )

One can still use the mailto: link, since the browser recognizes this code, and prints out the actual address on the webpage.

But these techniques are no longer good enough.

Alas - the spambots have become more intelligent. The hackers who teach them have programmed them to recognize these two methods, and decode them.

As you might imagine, good programmers exist that can think of other numerous ways to cloak an email address. Searching Google for "hide email address" shows over 2,000,000 results. Many of these likely are better methods than the two above.

So what can I do now?

Without going through all of the Google entries, I can predict beyond a reasonable doubt that the method I use myself does a better job of protecting your email address than any other. How can I be so sure? Because I doubt that any hacker would have the time or skill to write a bot that would allow him to grab my email address -- it's that well hidden!

My method has the email address in the middle of a javascript, which is in turn located off the webpage itself, in a file that's located in a different folder. So the robot would need to discover both the name of the folder and the name of the file. Yet even though the address is not located anywhere in the HTML code of the page, it DOES appear - almost like magic - on the page itself. But a robot doesn't have eyes to see it!

Are you convinced? So-called "experts" have told me that it can't be done. Well, take a look for yourself. Just visit my webpage shown in the next paragraph, and you'll see how it works.

About the Author:

No comments: