开发者

Protecting email addresses from spam bots / web crawlers

问答 作者:

How 开发者_运维知识库do you prevent emails being gathered from web pages by email spiders? Does mailto: linking them increase the likelihood of them being picked up? Is URL-encoding useful?

Obviously the best counter-measure is to only show email addresses to logged-in users, or to provide a contact form instead of an email address. But in terms of purely client-side solutions, what is available?

Most email spiders don't have javascript interpreters, so if you really need the mailto: you can inject it with javascript... just make sure the address is obscured in the javascript somehow, e.g. 

myLink.href='mai'+'lto:'+'bob'
           +'@'
           +'example.com';

If you need to display the email address on the page, a common solution is to generate an image using something like php's gd (although the javascript injection should work ok for this too).

The idea is to remove the email addresses from the HTML and inject them with javascript. That way the email address doesn't appear in its original form in any of the HTTP traffic, which is what the spider is looking at.

Years later, I've created the following jQuery for a different website:

$(".email").each(function() {
    $(this).html( $(this).html().replace("...", "@").replace(/\.\.\./g, ".") );
    $(this).attr( "href", $(this).attr("href").replace("...", "@").replace(/\.\.\./g, ".") );
});

Emails are then written as:

<a href="mailto:bob.smith...example...com" class="email">bob.smith...example...com</a>

It's not perfect, but it's very simple and seems to thwart most email harvesters. The advantage to this method is that someone not using JavaScript will probably be able to work out what the actual email address is.

Check out this study on various email obfuscation methods.

I tend to avoid a mailto as it makes it too easy for people to harvest email addresses.

If you are going to have contact pages on your website, then just have a form, and when they submit your server-side code and use the appropriate email address.

If you need to be able to have other people's addresses available, use numbers, names, usernames, some way to identify them.

If you just have an email address in a span it is likely to be picked up, even if you try to hide it, as these programs can be pretty complex, as finding email addresses is what they are about.

As with most secrets, if you don't want others to get them, don't put them on the page.

I usually split them up into separate parts and then re-combine them using javascript. The final javascript does a document.write to write out the html.

i.e. 

var mail = "mailto";
var namepart = "test.user";
var domainpart = "example";
var tld = "com"; 
var address = namepart + "@" + domainpart + "." + tld;
document.write("<a href=" + mail + ":" + address + '">' + address + "</a>";

If you don't need the mail link you could replace the @ symbol with [at]

Example: sam [at] example.com

继续阅读:email-spamspamspam-preventionweb-crawler

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9