I am trying to keep people from harvesting an email address on a friend's site. A while back I grabbed some code that said it would do this. Here is the code I got and it is supposed to go between the head tags..

<SCRIPT language="JavaScript">
function unScramble(eMail1,eMail2,linkText,subjectText,stat usText){
var a,b,c,d,e;a=eMail1;c=linkText;b=eMail2.substring(0 ,eMail2.length-5);
if(subjectText!=""){d="?subject="+escape(subjectTe xt);}else{d="";}
if(statusText!=""){e=" onMouseOver=\"top.status=\'"+statusText+
"\'\;return true\;\" onMouseOut=\"top.status=\'\'\;return true\;\"";}else{e="";}
document.write("<A HREF=\"mai"+"lto:"+a+"@"+b+d+"\""+e+">"+c+"</A>");}
</SCRIPT>


But I wasn't real great with my notes and I also had this next code below (I had it a few lines below the above code) and I am wondering, will the above code between the head tags work alone, or do I need this code below also? If so, where does the code below go?

<script language="JavaScript">unScramble("me","mydomain.co mplete","Email me","","");</script><noscript>Email me: me/ÄT/mydomain/DÖT/-c-o-m-/</noscript>


Or this this second set of code just ANOTHER way to encrypt my email address or hide it from the harvesters?

Also, has anyone heard of some software called "email scrambler". The file name is a zip named escramb.zip. If so, does it work good?

Any ideas on how to keep the spiders from harvesting an email would be appreciated. Thanks

I write my address like email[at]domain.com or something like that. You could even just say that "I use Yahoo and my name there is ScubaSteve." If you make it pretty clear what you're doing people can figure it out. And if they want to e-mail you they still will.

I once seen a creative mailto link (although I don't know if it works good or not) in which the mailto was url encoded. The way I seen it it was that every other charature was encoded...

HTML Code:

<a href="mailto:%6Be%69t%68%40k%6da%72s%68a%6cl%2E%63o%6D">keith at kmarshall dot com</a>

You can get the hex from just about any modern text editor, just add the % sign before the hex number.

The hex method and the [at] method are both completely useless against all but the simplest of e-mail harvesters. Don't even bother using them.

I'm not sure about the JavaScript ones, but I have heard of harvesters getting around them. I haven't tested it myself so I can't say for sure.

Personally, I either use an obfuscated image, or a server side contact form.

"server side contact form"

Me 2

Email address harvestors are becoming more sophisticated that it's probably best to not display your email address at all and do what other people are suggesting and create a contact form instead in which you can store your email address server side which will be hidden from view, provide a means for people to contact you without opening their email client up, etc.

This is probably a far better way than hiding your email address.

Harvestors can understand URL encoding, and some can now even interpret Javascript, so it's by no means effective.

Something that maybe effective is that say you have a mailto link to your email, instead of linking it to your email address, use the onclick attribute to call a javascript function (in a separate source file) which builds your email address as if they just clicked on a mailto link. I'm sure some of the harvestors are unable to perform click methods but that's just something I thought of at this moment. Haven't had the chance to think it through thoroughly yet.

Cheers,

MC

Thanks all for the replies. I personally think a contact form is the est way to go although, I realize some people may want to just get my email address and email me later. But this was for a friend's site and it is up to him if he will do that.

I think the only way to stop harvesters is to use an image to display your email addess, but of course then it won't be clickable. The contact form is probably the best way to go.

I agree that the best way is to use an image, you can also write down your email address without any actions, meaning outside an A HREF tag, it wont be clickable but it also it wont be indexable by bots. If some one really wants to contact you the will type in your email address.

Quote:

Something that maybe effective is that say you have a mailto link to your email, instead of linking it to your email address, use the onclick attribute to call a javascript function (in a separate source file) which builds your email address as if they just clicked on a mailto link. I'm sure some of the harvestors are unable to perform click methods but that's just something I thought of at this moment. Haven't had the chance to think it through thoroughly yet.

http://reliableanswers.com/js/mailme.asp

thats would do too

howabout a small flash button with a mailto: ?
even if its just plain text to blend with the rest of the html page...

Anywhere you have an e-mail address in plain text makes it possible to be picked up by spiders. At the end of the day, if one computer program can do it then so can another. (i.e. If the end users browser can pick up on an e-mail address and open the mail client, then a spam harvester can do the same thing) And mailto: has nothing to do with it - have you ever typed an e-mail address into a word processor to have it automatically turn into a link?

The difference with images is the human aspect. Harvesters can't read images but humans can.

Contact forms work because the e-mail address is never sent to the client. The e-mail text is sent to the server and the server deals with the e-mail processing.

Hey Minaki,

Thanks for that link, it clears some things up, except, I don't feel 100% sure that anything clientside would be effective considering that the onmouseover/onfocus, on(any action) still relies on generating information using javascript. Since javascript can easily be processed by a harvestor, so even if these actions don't happen, they can still evaluate your javascript and get back the expected results. Even Shawn agrees it's not foolproof and can be broken

Serverside and images would be the only effective measure you could take to address this, though now I'm questioning whether CSS would be effective against this too, considering you can generate content with it and I'm not sure whether harvestors dive into this side of thing, or even bother about something that's considered presentational only.

Cheers,

MC

so just to clarify that...

your saying even with the mailto: (url) ...embedded in the flash movie button (not in the html), so it isnt visible in the source code whatsoever.

They can still pick the email address up?

i always thought you could never tell with flash, seeing as its not in the webpage source code and even with hovering over theres no way of seeing what your clicking to.

if you use the flash button like a simplge jpg button and add the link to the email on the flash button in html, then yes of coarse you can see the email address.

(if your about to tell me ive been wrong all this time, runs to his site, boots down door, and tears that flash email movie clip off his site) lol

Quote:

Thanks for that link, it clears some things up, except, I don't feel 100% sure that anything clientside would be effective considering that the onmouseover/onfocus, on(any action) still relies on generating information using javascript. Since javascript can easily be processed by a harvestor, so even if these actions don't happen, they can still evaluate your javascript and get back the expected results. Even Shawn agrees it's not foolproof and can be broken

Not knowing the internal workings of an e-mail harvester, it's impossible to say fo sure, but I would of thought if one happened to have an internal JS interpreter, it would most likely be a pre-written one and not made for the express purpose of harvesting e-mail addresses. Javascript can get incredibly complex when you think about the number of combinations of values could be passed to any number of functions, so trying to execute every function to see if it resulted in an e-mail address being created could easily overwhelm the bot.

Quote:

Serverside and images would be the only effective measure you could take to address this, though now I'm questioning whether CSS would be effective against this too, considering you can generate content with it and I'm not sure whether harvestors dive into this side of thing, or even bother about something that's considered presentational only.

Can you give an example?

Quote:

your saying even with the mailto: (url) ...embedded in the flash movie button (not in the html), so it isnt visible in the source code whatsoever.

They can still pick the email address up?

With flash, again, I can't say for sure because I don't know the internal workings of flash. You could try creating this then opening the flash file in a hex editor and see if your e-mail address is displayed in clear text anywhere...

ah ok, sounds like an interesting experiment


Online forms do seem like the best way, ...BUT only as long as you get an auto confirmation email straight away including the message you sent them.
Its the only thing as a user of these forms that i havnt liked.

Because then you think....(well i do anyway) lol

1. did it get to them
2. what did i send again?


anyway...ill try a hex editor on a flash file and see what it comes up with, it also might be different with the latest version of flash.

What I was thinking was using CSS with the :before or :after for content: 'contact me at youremail[at]domain.com'.

This does not show up within source code of your documents apart from inside the CSS, and it also isn't selectable so you can't copy and paste it. Now only harvestors that could understand styling would be able to grab this, but I think they bother with this because I feel most harvestors are not visual and just dig through content.

An example would be:

In your CSS file:

Code:

a#email:before { content: 'email'; }
a#email:after { content: 'yourdomain.com'; }

In your page:

HTML Code:

<a id="email">@</a>

And the results would go something like this:

Code:

email<a id="email">@</a>yourdomain.com

and be displayed like:

Code:

email@yourdomain.com

while source code will only show this:

HTML Code:

<a id="email">@</a>

Now you could use javascript to possibly allow it to be selected and copied for easier use.

Cheers,

MC

WOW, I didn't know that css had this type of function!

In some sense it's a good idea, however, I was a bit concerned about these additions with that fact it might open up more security issues, though this does not allow it to be rendered as HTML but plain text so it's safe in that respect.

Some things I would like to see in CSS is simple calculations with other styles inside an element, e.g. I want the width to be 10% more than the height, something like:

Code:

width: (height * 110%);

I mean there's probably more you could use calculations for but I would like something like this, especially if it helps you calculate sizes that are unknown like using things like thin, medium, thick, where you're uncertain what sizes browsers would use because you're not using absolute values.

Another thing I'm trying to push W3C into considering is the ability to use two or more languages in one site, as a site I want to do basically uses English and Te Reo O Te Maori (The Voice of Maori) just as a translation because it's the two main languages used here in New Zealand, instead of doing what they suggest and building different sites with different translations as it's not easy for me to maintain two sites of exactly the same, but with different translations, because you alter one thing, you must alter the other sites for it too, and I'm not sure of an easy means to translate one site from the other, so it must be done manually.

Cheers,

MC