blocking email harvesters

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

blocking email harvesters

Post by McGruff »

I need to create a script to block email harvesters.

Instead of the mailto in the <a href> it's easy enough to src="myscript.php?id=X", then use the id to retrieve an address stored in a db.

So far so good - I think. Presumably that would block the harvesters?

Next, I could email using php but I wondered if there is a type of header call you can send which opens the users email program like the mailto: in an href link.

Thanks.
AbrasiveRock
Forum Commoner
Posts: 40
Joined: Sat Feb 08, 2003 10:47 pm
Location: Olympia,WA
Contact:

Post by AbrasiveRock »

Is there a reason that this does not work? I think this works well for me, but if there is a reason that this is not a good solution let me know. Thanks.

Code: Select all

<html>
<head>
<title>Mcgruff Contact page</title>
</head>
<BODY bgcolor="white" TEXT="darkred" LINK="mediumblue" VLINK="mediumblue" ALINK="red">

<table border="0" width="100%">
<tr><td valign="top" align="center" width="15%">
<!--- start menu -->
<?php
include 'menu.htm';
?>
<!--- end menu -->
</td>

<td valign="top" align="center" width="85%">

<?php

if ( !isset( $_POST&#1111;'comments'] )) &#123;

?>


<FORM METHOD=POST ACTION="email.php"> 
<TABLE> <TR height="20"> 
<TD colspan="2">Just fill out the form below and we will get back to you as soon as we can.

</TD></TR> 
<TR height="50"> 
<td></td></TR> 
<TR><TD><b /><FONT SIZE="-1" face="verdana">Your Name:<INPUT TYPE="text"NAME="name"></td></tr> 
<tr><td><b /><FONT SIZE="-1" face="verdana">Your E-Mail Address:<INPUT TYPE="text" NAME="email"></td></tr> 
<tr height="20"><td>
Type your message below. <br>
<TEXTAREA wrap="virtual" name="comments" cols="50" rows="10">
</TEXTAREA> 

</td></tr> 

<tr><td><hr></td></tr>     

</table>
<input type=submit>
</form>




<?php
&#125;
else &#123;
?>

<center><FONT SIZE=-1 face=verdana>Thank you <?php echo $name ?> for sending us your message, It has been sent
</center>

<?php
$name = $_POST&#1111;'name'];
$email = $_POST&#1111;'email'];
$comments = $_POST&#1111;'comments'];

mail("support@Mcgruff.com", "Requst-McGruff"
, "$name has made a request \nTheir e-mail is $email \nTheir Comments are:\n $comments "
, "From: " . $email); 

&#125;?> 



</body>
</html>
evilcoder
Forum Contributor
Posts: 345
Joined: Tue Dec 17, 2002 5:37 am
Location: Sydney, Australia

Post by evilcoder »

thats not really what he was looking for rock. He was asking whether it was possible to open up the clients mail program like Outlook express but through the script, as opposed to a link which robots can see.
AbrasiveRock
Forum Commoner
Posts: 40
Joined: Sat Feb 08, 2003 10:47 pm
Location: Olympia,WA
Contact:

Post by AbrasiveRock »

Yeah, I think I use my form because I understand it (It's very simple). Something that opens up the web surfers email program would be nice once I understand a little more about this fancy PHP stuff.
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

After experimenting discovered that:

Code: Select all

<?php
header('location: mailto:email@address.com');
?>
.. pops up a "new mail" email window, but leaves you stranded on a blank page.

If I add another header:

Code: Select all

<?php
header('location: mailto:email@address.com');
header('location: http://www.mysite.com/test.php');
?>
.. now the email window won't pop-up.

Kind of stumbling about here (http://www.w3.org/Protocols/rfc2616/rfc2616 wasn't much help) but it surely can be done?
Last edited by McGruff on Thu Aug 11, 2005 5:43 am, edited 1 time in total.
Black Unicorn
Forum Commoner
Posts: 48
Joined: Mon Jun 16, 2003 9:19 am
Location: United Kingdom

Blocking email harvesters

Post by Black Unicorn »

Personally, I use a JavaScript to prevent email harvesters from picking up the emails from my site when I feel I have to, with something like this:
<script>document.write("<a href='mailto:me@here.com'>Mail me!</a>")</script>
Since this will only appear on the page when the page is executed, nobody can snatch it off the rest of the page. I see no reason why the php equivalent wouldn't work, <?php echo ("<a href=\"mailto:me@here.com\">Mail me!</a>"); ?> or, even:
<?php echo ("<script>\ndocument.write(\"<a href='mailto:me@here.com'>Mail me!</a>\")\n</script>"); ?>

In any case, the priciple is the same. I do like the first id, like using a redirect or header for the task but can't see myself using it. The script version is quite an old invention and I've never yet seen evidence that it doesn't work unless the JavaScript property is disabled on the browser.

I wonder if the email harvesters pick up email addresses from the meta tags, too?

Sincerely,
H
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

From my experience spam seems to come from the e-mail address I use for domain registrations being harvested from the whois directory rather than my other e-mails being harvested from sites they appear on. If only whois would implement some sort of protection for site owners.

Mac
Last edited by twigletmac on Mon Jun 16, 2003 10:43 am, edited 1 time in total.
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

Here, here, I'd be surprised if there are any (plain) email addresses on my (personal) sites, they are all in this format:

name at somedomain dot com

Why can't whois output them like that ! At least it would mean a human has to visit each whois record to get the addresses!

Regards,
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Actually most email harvesters can "read" and harvest the name at domain dot com format of "hiding" emails. Likewise any of the name@NOSPAM.example.net, the harvesters are smart enough to remove the NOSPAM.
User avatar
cactus
Forum Regular
Posts: 343
Joined: Tue Jun 10, 2003 4:16 am
Location: UK

Post by cactus »

Of course, doh, it just a regex! Cheers Eric. :oops:

Regards,
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Re: Blocking email harvesters

Post by McGruff »

Thanks everyone for your help.

With this:
Black Unicorn wrote: I see no reason why the php equivalent wouldn't work, <?php echo ("<a href="mailto:me@here.com">Mail me!</a>"); ?> or, even:
<?php echo ("<script>\ndocument.write("<a href='mailto:me@here.com'>Mail me!</a>")\n</script>"); ?>
.. an email address is printed in html: must admit I don't know exactly how the harvesters work but I thought they could probably read the html source. Perhaps, as twig, says, this isn't a big issue.

For years I was fairly spam free but nowadays I can't open OE without a stream of messages offering to make bits bigger or wonderful investment opportunities in Nigeria. The ones that REALLY **** me off are spam emails advertising anti-spam software.. lol. Been working on a land register site with thousands of estate contact emails so I don't want to inflict that on anyone else.

Anyway, if I can keep this thread alive for one last point, I'm still curious: can I use headers to pop up a new mail window without getting stuck on a blank page?
Brian
Forum Contributor
Posts: 116
Joined: Thu Apr 18, 2002 5:33 pm

Obscuring E-Mail Addresses

Post by Brian »

There is no fool-proof way to hide e-mail addresses from SPAMMER spiders (if a browser or a web server can read something, so can some other program), but if you are willing to use JavaScript, you can encode e-mail addresses then decode them on the fly when links are clicked. That should confound most SPAMMER spiders. For those without JavaScript available and enabled you could offer e-mail addresses as graphics. You can forward to a server for decoding, of course, but the URL might just be spidered and the response captured.
xfsunoles
Forum Newbie
Posts: 1
Joined: Mon Jun 16, 2003 1:46 pm
Location: Florida, USA
Contact:

Hey

Post by xfsunoles »

there are way to prevent it.

You had to replace @ to @ so bot can't read html special character
Brian
Forum Contributor
Posts: 116
Joined: Thu Apr 18, 2002 5:33 pm

Re: Hey

Post by Brian »

xfsunoles wrote:there are way to prevent it.

You had to replace @ to @ so bot can't read html special character
That is a good start, but it is easily defeated because the HTML/SGML entity codes are widely known, including by SPAMMERS. To keep an e-mail address safe from robots/spiders but still working for links, you really need to scramble it beyond recognition to anyone who does not pick apart the decoder algorithm, which needs to be called from JavaScript. That may exclude some visitors, but you can provide alternate means for those people to contact you, so it is worth the price to prevent SPAM.
Post Reply