How to spamproof a mailto link?

喜你入骨 提交于 2019-11-29 20:35:59

JavaScript remains one of the best mailto obfuscator. For users with JavaScript disabled you may want to substitute the mailto link with a link to a contact form.

The following is a popular JavaScript anti spam email obfuscator:

There is also a php version of the above to be able to generate obfuscated emails from the server side.

This is the JavaScript code that the above tool would generate to obfuscate my email address (comments intact):

<script type="text/javascript" language="javascript">
<!--
// Email obfuscator script 2.1 by Tim Williams, University of Arizona
// Random encryption key feature by Andrew Moulden, Site Engineering Ltd
// This code is freeware provided these four comment lines remain intact
// A wizard to generate this code is at http://www.jottings.com/obfuscator/
{ coded = "lMnK@wMunFK8MDDMKKt.ktl"
  key = "1DtzZ8TGBuhRjJMKWI4gkUF2qidfOyPmSN7X30Vpso6xvErLnwQCbalA95HcYe"
  shift=coded.length
  link=""
  for (i=0; i<coded.length; i++) {
    if (key.indexOf(coded.charAt(i))==-1) {
      ltr = coded.charAt(i)
      link += (ltr)
    }
    else {     
      ltr = (key.indexOf(coded.charAt(i))-shift+key.length) % key.length
      link += (key.charAt(ltr))
    }
  }
  document.write("<a href='mailto:"+link+"'>Email Me</a>")
}
//-->
</script><noscript><a href='contact-form.html'>Email Me</a></noscript>

This looks like a really cool method that encodes the characters, which I assume would defeat basic spam bots:

http://robspangler.com/blog/encrypt-mailto-links-to-stop-email-spam/

So

<a href="mailto:test@test.com">Email</a>

becomes

<a href="&#x6d;&#97;&#105;&#108;&#x74;&#111;&#58;&#116;&#101;&#115;&#116;&#x40;&#x74;&#101;&#115;&#x74;&#x2e;&#x63;&#111;&#109;">Email</a>

It's appealing in that it doesn't require any Javascript.

Plunker example here.

jensgram

You could use the reCAPTCHA Mailhide functionality. This will render email addresses on the form use...@domain.tld where the ellipsis is a link to view the full address. It is a little cumbersome for the visitor but should give premium protection. Having said that, this technique will not let your visitors copy the address directly from your webpage.

I don't get the part about the "legit crawlers" like Google. At least, I am unable to see why Google should index the email address anyway. (See OPs comment below.)

Building on Daniel Vassallo's answer, one way to encrypt a mailto link that may avoid cleverer spambots that will evaluate JS document.writes (as pointed out by incarnate) would be to put the decryption in a Javascript function that is only evaluated when the link is clicked on. For example, using base64 as the "encryption":

<script>

  function decryptEmail(encoded) {

    var address = atob(encoded);
    window.location.href = "mailto:" + address;

  }

</script>

<a href="javascript:decryptEmail('dGVzdEB0ZXN0LmNvbQ==');">Email</a>

Working Plunker.

I don't claim to know whether this could or could not be outsmarted by a more sophisticated crawler.

You can use external services like aemail.com:

@email is a free e-mail hiding service that hides emails using short URLs redirecting senders to the mailto-url after clicking the link.

After entering an email at aemail.com, you will get a short URL, which can be used to replace your 'mailto' link. Once link is clicked, your user will be redirected to the 'mailto' URL without any notice of the aemail.com. API can be used to hide emails/get URLs dynamically.

Example:

<a href="mailto:info@itee.com">Contact</a>

Replaced With

<a href="https://aemail.com/q2">Contact</a>

Will Keep Email Link Working.

I simply use:

<script language="javascript" type="text/javascript">
var pre = "hideme";
document.write("<a href='mailto:" + pre + "@domain.com'>" + pre
+ "@domain.com</a>");
</script>
<noscript>Enable javascript to see our email!</noscript>
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!