Hello, On 06/13/2002 11:02 PM, Justin French wrote: >>>I don't think relying on JavaScript for something so integral as an email >>>address it THAT good an idea... >> >>Why not? I use this on mirror sites that only serve static pages so I do >>not need to depend on PHP. > > > Simply, if the user doesn't have JavaScript, they can't send the email.
Javascript-less represent less then 0.5% of the users in the World. > You could have this PHP script on one server, and call it from another, > without any problems at all. > > Yes, you can pump the email address onto the page in the format > justin_at_somewhere_dot_com_dot_au so that people can read it, but I KNOW > I've been spammed to a specific address I used on ONE site who used this > method, so I can only assume that the "bots" are getting smarter, and are > able to determine or guess the address, based on the _dot_ and _at_ bits. You are guessing. I am sure your address leaked from some other way. >>You know this is not perfect either because an harvester will follow the >>link and once he is redirected to a mailto: address he can collect the >>address as well. > > > Well, I'm at a loss. I don't want to use JavaScript at all!! > > Is there anything I could put in the mail.php that refused the script to > bots... I'm thinking it'd be difficult, because what you really want to do > is only allow browers, but an "allow" list would be miles long, and the bot > could fake a user-agent string anyway. No, the only way to absolutely avoid the problem is to have your site send the message without revealing the address even to the poster. I don't want to do this because the poster may abuse from your site to send hate mail or some other kind of inconvinient mail and your site will be blamed for that. I prefer to leave the less-than-0-dot-5-percent-non-Javascript-browser users fixing the address that had @ replaced. -- Regards, Manuel Lemos -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
