Page 1 of 1

Right way to show email -addresses

Posted: Wed Sep 05, 2007 7:12 am
by KalleL
Hopefully this is right section for this one. I think it's in some way security matter.

've been developing portal for gaming community. As email is probably the best way to contact people in these circles (along with IRC), it's important for people to share their email addresses. The problem is, how to display email addresses in the page? Okay, I know format "username [at] domain [dot] exp" would be secure one, when it comes to spam bots. But this isn't for my eye, and definitely not for random user's eye the best solution. Is there any other way to fight against spam bots? And is it really so that spam bots can't simply convert [at] to @ and [dot] to ., as it's so easy to do for example in PHP?

Couple years ago, when I was starting my coding "career" I found some Javascript code from the internet, where email address was generated by function, like printing "adf" + ".em" + "ail" + "@" + "dom" + "ain" + ".com". If PHP would slice the address, and pass it to JS function, will it help? Does this kind of solution make any sense? Does it help anything?

Is just showing address as text better option than using mailto -link?

Of course users are allowed to hide their email, but can I anyhow fight against these spam bots with those users willing to share their email addrresses? Please share any comments/thoughts.

Posted: Wed Sep 05, 2007 7:31 am
by superdezign
There are a lot of different ways to try to save email addresses from spam bots... breaking up the address, using JavaScript (assuming the bots don't have access to JavaScript), generating images (like a CAPTCHA), etc. However, I think the best way is to just find a way to hide them from bots, period. Make it members only and prevent bots from getting that far after the registration process by proving they are human.

Posted: Wed Sep 05, 2007 8:49 am
by KalleL
Yeah, they're already mostly behind registration, even though registration process, is quite simple still. But good points, thanks for them!

Posted: Wed Sep 05, 2007 9:38 am
by xpgeek
The best way - it is to hide emails.

See sent email functionality on this forum as example.

Posted: Wed Sep 05, 2007 10:35 am
by Z3RO21
Personally I don't even show the e-mails to members unless that specific has their e-mail address public where at that point they have the ability to control exposure of their address. As for users that do not allow their e-mail address to be publicly viewed can use a form and a script on my server to send member 2 member e-mail where only the script is allowed to see the e-mail. Then the receiver of the e-mail can e-mail back exposing their e-mail or choose not to respond and still keep their e-mail secure.