What are some ways to protect emails on websites from spambots?
Solution 1
Recaptcha has an excellent capture based email protection. You can see it implemented at the bottom of any page in my website using the Site Feedback link.
Solution 2
I know that Facebook does it by displaying an image instead of text. Sure, they could use OCR on the image, but why bother for just one email address?
If you really didn't want spam bots to get an email address, the best way is to never show it to anyone. Show a link to "Contact this person" which brings up a form. On the server side, send the contents of that form to the recipient, with a reply-to of the sender's email address. Include a little blurb at the bottom of their message that "if this email is spam, please 'click here' to block this user", which will then block the IP of the sender. I've used this method on a number of occasions and have never had a single complaint.
Solution 3
You can obfuscate it but IMHO whatever you do, one day spammers will get your email address. The future is in spam filters, not trying to keep email addresses secret.
Solution 4
What I have done in the past is use javascript to build the mailto: link. This is nice for the users because they can just click on the link and I don't know of any spambots that take the time to execute javascript yet.
I think I got the idea from Jakob Nielsen's useit.com website.
In the page header I have this piece of javascript:
<script name="mailto" language="JavaScript">
//<![CDATA[
function load()
{
c1 = "bcl"
c2 = "brian"
c3 = "lane"
c4 = "com"
// Fill in the addresses
document.getElementById("contact1").innerHTML = "<a href=" + "mail" + "to:" + c1 + "@" + c2 + c3 + "." + c4 + ">" + c1 + "@" + c2 + c3 + "." + c4 + "</a>";
}
//]]>
</script>
Tell it to load it when the page loads:
<body onload="load()">
And then in the body of the page I put a link to a spamtrap:
<span id="contact1"><a href="mailto:[email protected]">[email protected]</a></span>
Solution 5
I have a solution, well, more of a theory. Problem is, the bots parse the page. they can get the text. even if it's being put into the page in some sophisticated way through Javascript.
So, just you CSS3 pseudo element! it won't be a link, but your email will be visible, and will never be an actual text. something like this:
.email::after{ content:'[email protected]'; }
Again, it's a theory, I've no idea how far these evil people can go to get it, but I think this be pretty safe.
Update (JULY 19')
I now in the opinion this isn't a problem since email servers have become good at filtering spam and there's no reason to make any elaborate tricks to "protect" email text on webpages.
Tutankhamen
Sometimes the simple things in life can actually be the most complicated. Afternoon: Wow, this formula which explains the world is so nice and complex. Evening: Wow, this dinner I made is delicious. It's better then any restaurant out there. Early Morning: Ok I'm all set to go, the is milk in the pantry; the cereal is in the refrigerator; the laptop case is in the car; and the laptop is locked inside the house.....DOH!
Updated on June 27, 2022Comments
-
Tutankhamen about 2 years
I'm creating a public internet facing website which contains the email address of their salespeople.
What kind of programming options do I have to generate the "mailto" and display the email from that address but limit the spambots from picking up the address?
-
PhiLho over 15 yearsI can be wrong, but I believe that nowadays it is inefficient. I doubt spammer's crawlers are unable to decode entities, since the trick is well known now.
-
PhiLho over 15 years? If you look at the source and see the plain e-mail, it won't work!
-
Raymond Martineau over 15 yearsThat may work against the simple bots, but a spider that understands enough Javascript (or parses the generated source code) can easily collect the e-mail addresses.
-
Raymond Martineau over 15 yearsIf you see a mailto: link, most browsers allow you to copy the link location or the e-mail address. Some browsers may also be configured to support webmail, even if you need a plugin or extension.
-
nickf over 15 yearsfor XHTML compliance so you can use < and &
-
Admin over 14 yearsI work on a community web site with many (10K+) email addrs in user generated content - was going to implement a server side parsing code + image generation to do the trick - ended up implementing it with Privatedaddy and left the data intact. -
Stefan almost 14 yearsI'm less likely to fill out a form than I'm to write an e-mail.
-
Saif Bechan over 12 yearsDo you think this method has an effect on indexing of the website. Is it maybe important that Google should index the email address, or is that not important. -
vsync about 11 yearsthis is the answer. well said lad.
-
vsync about 11 yearsmailto isn't dead! email is the core of internet, how could people talk to each other without it? it's so basic. you click a link, then write whatever to that person. how can it be easier?
-
pablofiumara almost 11 yearsThe method you mentioned in the second paragraph is great but sometimes those emails are filtered and sent to the spam folder automatically. In those cases, there is a risk that the recipient never see the message.
-
lorenzli almost 9 yearsUnfortunately, with the ne version of reCAPTCHA this feature does not exist anymore.
-
Lawrence Dol almost 9 years@lorenzli: Yes it does, I just changed my site email a couple of weeks ago using it. Now at tech.dolhub.com.
-
lorenzli almost 9 years@LawrenceDol google.com/recaptcha/mailhide gives a 404 error, subdirectories such as /admin/ are redirected to the new site without the mailhide feature.
-
Lawrence Dol almost 9 years@Lorenzli I found the mailhide page with a simple search. Added the link to my answer.
-
Geremia over 8 yearsThat's the reCaptcha solution above.
-
Hashim Aziz over 2 yearsMaybe I'm missing something, but not only does PrivateDaddy obfuscation appear to leave the text unobfuscated (which may be a benefit for some), but the example it gives does not seem to be obfuscating anything at all. I followed its advice and checked the page's source, and it showed the full email address both inmailto:and text form. -
Hashim Aziz over 2 yearsYet the harder you work to obfuscate it initially, cutting out the problem at the root, the less hard you will have to work at cutting out spam for the lifetime of your website.
-
Hashim Aziz about 2 yearsAs of 2022 - Mailhide, the service provided by Google that relies on reCAPTCHA - no longer exists and hasn't for some time. The only Mailhide services is a third-party service, and I'm personally skeptical about since the copyright footer on their website hasn't been updated in 2018. A small thing, maybe, but if they can't get such a small thing right, I'm skeptical they can do such a complex thing as email obfuscation on the modern web.
-
Hashim Aziz about 2 years@SaifBechan If you're trying to avoid spam, then you absolutely do not want Google or any other search engines indexing your email address.
