Page 1 of 1

blocking email harvesters

Posted: Sat Jun 14, 2003 2:28 pm
by McGruff
I need to create a script to block email harvesters.

Instead of the mailto in the <a href> it's easy enough to src="myscript.php?id=X", then use the id to retrieve an address stored in a db.

So far so good - I think. Presumably that would block the harvesters?

Next, I could email using php but I wondered if there is a type of header call you can send which opens the users email program like the mailto: in an href link.

Thanks.

Posted: Sun Jun 15, 2003 12:43 am
by AbrasiveRock
Is there a reason that this does not work? I think this works well for me, but if there is a reason that this is not a good solution let me know. Thanks.

Code: Select all

<html>
<head>
<title>Mcgruff Contact page</title>
</head>
<BODY bgcolor="white" TEXT="darkred" LINK="mediumblue" VLINK="mediumblue" ALINK="red">

<table border="0" width="100%">
<tr><td valign="top" align="center" width="15%">
<!--- start menu -->
<?php
include 'menu.htm';
?>
<!--- end menu -->
</td>

<td valign="top" align="center" width="85%">

<?php

if ( !isset( $_POST&#1111;'comments'] )) &#123;

?>


<FORM METHOD=POST ACTION="email.php"> 
<TABLE> <TR height="20"> 
<TD colspan="2">Just fill out the form below and we will get back to you as soon as we can.

</TD></TR> 
<TR height="50"> 
<td></td></TR> 
<TR><TD><b /><FONT SIZE="-1" face="verdana">Your Name:<INPUT TYPE="text"NAME="name"></td></tr> 
<tr><td><b /><FONT SIZE="-1" face="verdana">Your E-Mail Address:<INPUT TYPE="text" NAME="email"></td></tr> 
<tr height="20"><td>
Type your message below. <br>
<TEXTAREA wrap="virtual" name="comments" cols="50" rows="10">
</TEXTAREA> 

</td></tr> 

<tr><td><hr></td></tr>     

</table>
<input type=submit>
</form>




<?php
&#125;
else &#123;
?>

<center><FONT SIZE=-1 face=verdana>Thank you <?php echo $name ?> for sending us your message, It has been sent
</center>

<?php
$name = $_POST&#1111;'name'];
$email = $_POST&#1111;'email'];
$comments = $_POST&#1111;'comments'];

mail("support@Mcgruff.com", "Requst-McGruff"
, "$name has made a request \nTheir e-mail is $email \nTheir Comments are:\n $comments "
, "From: " . $email); 

&#125;?> 



</body>
</html>

Posted: Sun Jun 15, 2003 1:34 am
by evilcoder
thats not really what he was looking for rock. He was asking whether it was possible to open up the clients mail program like Outlook express but through the script, as opposed to a link which robots can see.

Posted: Sun Jun 15, 2003 2:37 am
by AbrasiveRock
Yeah, I think I use my form because I understand it (It's very simple). Something that opens up the web surfers email program would be nice once I understand a little more about this fancy PHP stuff.

Posted: Sun Jun 15, 2003 12:08 pm
by McGruff
After experimenting discovered that:

Code: Select all

<?php
header('location: mailto:email@address.com');
?>
.. pops up a "new mail" email window, but leaves you stranded on a blank page.

If I add another header:

Code: Select all

<?php
header('location: mailto:email@address.com');
header('location: http://www.mysite.com/test.php');
?>
.. now the email window won't pop-up.

Kind of stumbling about here (http://www.w3.org/Protocols/rfc2616/rfc2616 wasn't much help) but it surely can be done?

Blocking email harvesters

Posted: Mon Jun 16, 2003 9:19 am
by Black Unicorn
Personally, I use a JavaScript to prevent email harvesters from picking up the emails from my site when I feel I have to, with something like this:
<script>document.write("<a href='mailto:me@here.com'>Mail me!</a>")</script>
Since this will only appear on the page when the page is executed, nobody can snatch it off the rest of the page. I see no reason why the php equivalent wouldn't work, <?php echo ("<a href=\"mailto:me@here.com\">Mail me!</a>"); ?> or, even:
<?php echo ("<script>\ndocument.write(\"<a href='mailto:me@here.com'>Mail me!</a>\")\n</script>"); ?>

In any case, the priciple is the same. I do like the first id, like using a redirect or header for the task but can't see myself using it. The script version is quite an old invention and I've never yet seen evidence that it doesn't work unless the JavaScript property is disabled on the browser.

I wonder if the email harvesters pick up email addresses from the meta tags, too?

Sincerely,
H

Posted: Mon Jun 16, 2003 10:15 am
by twigletmac
From my experience spam seems to come from the e-mail address I use for domain registrations being harvested from the whois directory rather than my other e-mails being harvested from sites they appear on. If only whois would implement some sort of protection for site owners.

Mac

Posted: Mon Jun 16, 2003 10:33 am
by cactus
Here, here, I'd be surprised if there are any (plain) email addresses on my (personal) sites, they are all in this format:

name at somedomain dot com

Why can't whois output them like that ! At least it would mean a human has to visit each whois record to get the addresses!

Regards,

Posted: Mon Jun 16, 2003 10:47 am
by nielsene
Actually most email harvesters can "read" and harvest the name at domain dot com format of "hiding" emails. Likewise any of the name@NOSPAM.example.net, the harvesters are smart enough to remove the NOSPAM.

Posted: Mon Jun 16, 2003 11:11 am
by cactus
Of course, doh, it just a regex! Cheers Eric. :oops:

Regards,

Re: Blocking email harvesters

Posted: Mon Jun 16, 2003 12:33 pm
by McGruff
Thanks everyone for your help.

With this:
Black Unicorn wrote: I see no reason why the php equivalent wouldn't work, <?php echo ("<a href="mailto:me@here.com">Mail me!</a>"); ?> or, even:
<?php echo ("<script>\ndocument.write("<a href='mailto:me@here.com'>Mail me!</a>")\n</script>"); ?>
.. an email address is printed in html: must admit I don't know exactly how the harvesters work but I thought they could probably read the html source. Perhaps, as twig, says, this isn't a big issue.

For years I was fairly spam free but nowadays I can't open OE without a stream of messages offering to make bits bigger or wonderful investment opportunities in Nigeria. The ones that REALLY **** me off are spam emails advertising anti-spam software.. lol. Been working on a land register site with thousands of estate contact emails so I don't want to inflict that on anyone else.

Anyway, if I can keep this thread alive for one last point, I'm still curious: can I use headers to pop up a new mail window without getting stuck on a blank page?

Obscuring E-Mail Addresses

Posted: Mon Jun 16, 2003 12:49 pm
by Brian
There is no fool-proof way to hide e-mail addresses from SPAMMER spiders (if a browser or a web server can read something, so can some other program), but if you are willing to use JavaScript, you can encode e-mail addresses then decode them on the fly when links are clicked. That should confound most SPAMMER spiders. For those without JavaScript available and enabled you could offer e-mail addresses as graphics. You can forward to a server for decoding, of course, but the URL might just be spidered and the response captured.

Hey

Posted: Mon Jun 16, 2003 1:46 pm
by xfsunoles
there are way to prevent it.

You had to replace @ to @ so bot can't read html special character

Re: Hey

Posted: Mon Jun 16, 2003 2:21 pm
by Brian
xfsunoles wrote:there are way to prevent it.

You had to replace @ to @ so bot can't read html special character
That is a good start, but it is easily defeated because the HTML/SGML entity codes are widely known, including by SPAMMERS. To keep an e-mail address safe from robots/spiders but still working for links, you really need to scramble it beyond recognition to anyone who does not pick apart the decoder algorithm, which needs to be called from JavaScript. That may exclude some visitors, but you can provide alternate means for those people to contact you, so it is worth the price to prevent SPAM.