Let's say I have the email address joe@joesite.com

In the HTML, what tags do I use so that spam bots don't pick it up?

The <a href="mailto:"> are the tags which make the address clickable, even without these tags the bots will still pick up the address.

What you do, is called "e-mail obfuscation" which involves using a Javascript to decode e-mail addresses for human users, bots get garbage:

http://www.seowebsitepromotion.com/obfuscate_email.asp

Cool link. Thanks.

You can also use contact forms.

In spite of an e-mail address I've had for years and use exclusively as my "online" address, I receive very little spam between using Spam Assassin with my web hosting provider and using Mail Washer for the things it misses.

http://www.safeemail.org/ is handy for converting to html.

I usually use Dan Benjamin's Enkoder (http://automaticlabs.com/products/enkoderform) script for this sort of thing.

It's a good idea to use a form when you can, but if you must display an email address one option is to combine email obfuscation with some javascript. So if you wanted to put my@email.com it would be something like:

<script language=javascript>
<!--
var username = "my";
var hostname = "email.com";
var linktext = username + "@" + hostname;
document.write("<a href=" + "mailto:" + username +
"@" + hostname + ">" + linktext + "</a>")
//-->
</script>
(had to enclose that in PHP because CODE translates the hex codes into the actual characters.. :))

ubernostrum - thanks for the link to DB's Enkoder! Interesting concept there.. :)

Just adding into the discussion...

I'm a supporter of [url=http://projecthoneypot.orgproject honeypot[/url] . They're putting on an effort to help slow down, and counter email address harvesting bots. If you're interested in helping out, you can install their script on your site, and you'll be helping in the fight. If you want to provide even more help, you can donate an MX entry on whatever domain you have, and that'll be used in targetting machines that are used to send spam.

Java Script hides the e-mail address from the spam bots, but I understand there have been recent studies which indicate that a significant percentage of users turn off Java in their browsers. Thus, they never see the e-mail address using Java, and all communication with them is lost. It seems there are two choices-- form mail, or spam control.

Paul

Originally posted by M Paul
Java Script hides the e-mail address from the spam bots, but I understand there have been recent studies which indicate that a significant percentage of users turn off Java in their browsers. Thus, they never see the e-mail address using Java, and all communication with them is lost. It seems there are two choices-- form mail, or spam control.

Let's not confuse Java with Javascript, they are two separate technologies. When obfuscating e-mail addresses, there are different approaches. The sites linked to above use Javascript to obfuscate the addys, the result of which is copied and pasted into a page.

This works for everybody. Another approach is to automate the procedure, for instance in a blog or forum environment, in which case people with javascript off won't see a readable address. This is considered acceptable by many who believe it's more important to hide the addresses from the bots than to ensure people can see them.

Originally posted by BigBison
Let's not confuse Java with Javascript, they are two separate technologies. When obfuscating e-mail addresses, there are different approaches. The sites linked to above use Javascript to obfuscate the addys, the result of which is copied and pasted into a page.

This works for everybody. Another approach is to automate the procedure, for instance in a blog or forum environment, in which case people with javascript off won't see a readable address. This is considered acceptable by many who believe it's more important to hide the addresses from the bots than to ensure people can see them.

I don't know if I'm following you. (I had meant in my original post JavaScript, and I used "Java" in short after the first reference, not thinking it might be confused with something else). I'm not uploaded yet online, as I just set up and I'm waiting for my host to recognize me, but originally I coded my e-mail using the JoeMailer (I think that's the name, but I have the URL if necessary) JavaScript method of hiding it. Then I heard that a study indicated many viewers turned off JavaScript--I think it was done by Yahoo last year. I don't want to lose the possiblity of communciation with them, so I went to straight html, but using an e-mail address I don't really care about--kind of like a test to see if I really get spammed to death, and if so, then I'll change the address and go to form mail. I don't like form mail myself, as it seems too impersonal. However, I've read a number of posts in forums of people who say they have used html on e-mail addresses for years with no problem.

So what do you think?? Is my approach consistent with what you are saying?? When I upload in a day or two, it will be my first web site.

Thanks,
Paul

The fact that many people (around 10%) disable Javascript in their browser is old news. If you're just talking about posting a contact e-mail on your site, then people having Javascript turned off doesn't matter. Pretend your e-mail address is joe@example.com. Copy that, paste it into one of the obfuscation pages linked to above, and you get this:

&#x6A;&#x6F;&#x65;@e&#x78;a&#x6D;&#x70;&#x6C;e.&#x63;&#x6F;m

Your customers' browsers will decode that, no Javascript required. If I paste the exact same thing, without putting it inside a php section, into this post it will look exactly like this:

&#x6A;&#x6F;&#x65;@e&#x78;a&#x6D;&#x70;&#x6C;e.&#x63;&#x6F;m

Now, view the source of this post and find that -- that's right, it looks exactly like what's inside the php section. The spambots see what's in the source code, not what you and I see as joe@example.com, and fail to recognize it as an e-mail address -- it's "obfuscated".

It doesn't seem like this should work, since the spambot just needs to look for the character codes representing an @ sign to get around this, but spambot coders are just lazy, I guess, because this does work.

those are all great codes but often what i just do is put up:

nightmaremax "at" gmail.com *

and then at the bottom of the page:

* replace "at" with @, this is done to prevent spam bots from sending me more spam than i already get. Because spam software is getting more and more advanced these days...its hard to keep up...

Even these methods can be got around by spambots, the best way is to include your e-mail in a image file imo. :)

Ok, BigBison, I appreciate your further explanation.

However, I've never been spammed, and I'm curious to learn on my own. So, I'm going to try to leave my address in the open on my website and then to see what happens. I don't care about the address, as it is an old one, and I'll be just as happy to have to get rid of it. If that happens, then I'll try to figure out this obfuscation thing, before going to form mail.

Thanks again,
Paul

Originally posted by MaxD
those are all great codes but often what i just do is put up:

nightmaremax "at" gmail.com *

and then at the bottom of the page:

* replace "at" with @, this is done to prevent spam bots from sending me more spam than i already get. Because spam software is getting more and more advanced these days...its hard to keep up... yep, that makes sense:)

hey guys, want to add one thing here. This is from my previous experience. DO not encode mailto: part of the link -- unfortunately some browsers do no process it right!

As for the tool to scramble, I've stumbled upon this one:
http://www.dennisbabkin.com/screnc
(I started a new thread on it also)

I had a few bad experiences obfuscating HTML with JavaScript, when browsers didn't process it right (and I'm mostly talking about small web browsers you probably didn't even hear about, but you may still be losing customers through them)

Originally posted by johndp
I had a few bad experiences obfuscating HTML with JavaScript, when browsers didn't process it right (and I'm mostly talking about small web browsers you probably didn't even hear about, but you may still be losing customers through them)

I'd be curious to know which browsers.

Here's one -- I got an agree email from a customer using Netscape 6 -- email address didn't work. Sad but true, people still use old stuff :( True life story.

Netscape 6 supports JavaScript pretty thoroughly. So I'd bet any amount of money you want to wager that it wasn't a lack of browser support that caused the problem.

No guys, it's not about JavaScript and Netscape 6 (although Netscape 6 as well as later ones really suck in it) -- I'm talking about scrambled mailto: part of the link. That's what doesn't work.

Er. Two things:

1. Netscape's underlying rendering engine (Gecko) and JavaScript engine (Venkman) pretty much beat the pants off everyone else with compliance to the published specifications for the Document Object Model and JavaScript (which is more properly referred to as ECMAScript when one is referencing the specs).

2. I'm not sure what you mean by "scrambled mailto", then, since most of the links here are to JavaScript-based solutions, but if you mean numeric character references or other such tricks, they're pretty well supported in all commonly- and uncommonly-used browsers.

I think he ment don't urlencode the 'mailto:' part

HEre's another way to do it in php...


<a href="mailto:<?php echo urlencode('email@example.com'); ?>"><?php echo urlencode('email@example.com'); ?></a>