Nikita The Spider The Spider wrote: > On 10/18/07, Anders Nawroth <[EMAIL PROTECTED]> wrote: >> Hi! >> >> Nikita The Spider The Spider skrev: >>> You might be interested in an experiment I ran that compared a few >>> techniques for protecting one's email address from harvesting bots. >>> The short answer: entity references worked very well >> I think the time span of your study is to short. >> >> I have used the method you used for "äcklig", with mixed decimal and >> hexadecimal numeric entities. In about a year there was no spam, but >> somewhere at 1.5 years it started a little, and after 2 years there >> where 100+ spam/day. > > Hej Anders, > That's very interesting, thanks for letting me know! > >> So I think you just push the problem forward, which could be fine in >> some cases. But when a entity-decoding spam harvester finds the >> email-address, this will get listed in the same databases as all other >> emailaddresses. The more traffic your site has, the less difference the >> encoding will make. > > I agree. I assumed (wrongly) that the 200+ days of the study was long > enough to get found by any harvesters that bothered to decode > entities. I'm not surprised to learn, however, that once the address > was exposed that it received an ever-increasing amount of spam. This > is consistent with my intuition and also what I observed. > >> I think the htaccess-trick linked to by Dejan Kozina looks more >> promising. I have used this method, but abandoned it because of that >> some browser wouldn't send the mailto: address to the email client. But >> this was a few years ago, so this could possibly have changed. > > This method looks promising to me too but I haven't had a chance to > test it yet. > Hi all,
As a matter of preference, I generally try to eliminate all mailto: links on any site I've been asked to work on. In place, I use a contact form, usually with a password protected admin interface where the site owner, with creds, can add to, edit or remove what entities are listed in the drop-down for 'to'. Then using some php, I generate the mail, scripted on the server side to avoid open publication of users' email addresses. I understand that not everyone wants or is able to do server-side scripting, but for me it seems to be the best solution. It's far more work than adding mailto:, certainly, but I find that it's working well and while I don't charge more for that, my clients generally see it as a value-added service. Just my drop in the bucket :) Philip, I truly loved the article/research results on the obfuscation techniques. Very very informative...thank you. The .htaccess method is quite viable, imnsho, but does require a web server which follows the .htaccess/.htpasswd paradigm. I may well do some testing to see how the re-write directives affect accessibility (if at all). Interesting topic, this. Thank you all for some really informative insights. Kind regards, ~Ray ******************************************************************* List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] *******************************************************************
