using form buttons for spamproof email-addresses - forms

I have been looking at some methods for spamproof email methods here. I'd like to propose a more simple approach: Since I need a couple of different email addresses I considered just using a selectbox with JS or serverside redirect, as per examples on here.
Because google doesn't spider forms (dixit Matt Cutts), and spam-harvester script don't either (I think????) this would make sense to do.
I would love to be able to do this without using a script. So why not use one form per email?
<form action="mailto:test#domain.tld" method="get">
<input type="submit" value="test#domain.tld"/>
</form>
It seems the button text can be copied but not pasted, so that's a disadvantage.
Is this approach any good? or any other recommendations?

A robot uses the text of the page to get the email. It does not care if that text is in a button or within the body so using a button will not help.
Outside of using javascript, the only solution I know of would be written text, an image or Flash.
Create an image with your email or write out the email like: "test at domain dot tld"
Flash could provide you with a more secure (but not 100%) way of allowing people to click on an email but would not work on iPhone browsers and those that do not have the plug-in.
Another way is to use a simple captcha to before displaying the email in the PHP code.
Email: (1+2 = ?) then test#domain.tld

Because:
The email address is still in the page, and thus easily harvestable
mailto: URIs as form actions often fail
The reason server side form handlers stop email addresses being harvested is because the email address is not exposed to the user.

Related

IDEA: Do you think this would stop emails from being scraped?

I put a span class in the middle of the email, like so:
example<span class='scrape'>DELETE-THIS</span>#website.com
I set the scrape class to position:fixed and right:200%. The email address appears normally on the page. Then I added some Javascript that deletes the span on mousedown, since bots can't click.
What do people think? Would this stop an email from being scraped?
Most bots target a links with a regular expression looking for an # symbol and sufficiently complex ones are capable of parsing the content of a document as well as its html. While this might hinder the ability of a bot to parse it via html it does not hinder the plain text methods.
A better defense is to store the email address as a Data-Attribute and then use an event to transform it from the Data-Attribute into a MailTo: link or however you wish to use it. This will cause the page to be loaded asynchronously which will prevent most batch style bots.
This is called "email address munging". It would be cleaner to use display:none though.
It works on some bots but not all.

Send email when submit button is pressed

I have a really simple form that allows a user to input an email address here:
<form method="post" action="http://www.mydomain.com/page2/">
<input type="email" name="email">
<input type="submit" value="Submit">
</form>
This works correctly and it takes the visitor to www.mydomain.com/page2 when the submit button is clicked.
I am trying to get it to email me this input email address also when the submit button is clicked. I understand how to email using PHP but can the action have two urls?
Or is there a simpler way of doing this?
On /page2/ access the email in the global variable $_POST['email']. And then you can send it to yourself with PHP mail(). Example:
mail('myemail#domain.com', 'Someone submitted my form', 'Their email was: ' . $_POST['email']);
If you are stuck somewhere else, let me know and I can update the answer.
Once a form is submitted, you are no longer on that page. You've navigated away.
The other way you can do this is submit the first action via AJAX, then submit the form naturally to the second destination. I would suggest using jQuery to make your AJAX calls since most of the AJAX code is already there for you to use.
Another option is to have page2 be a php script, and have it perform the two actions once it receives the form data. See: Post to another page within a PHP script
I understand how to email using PHP
Then I would recommend writing some PHP code that sends the email to you.
but can the action have two urls?
No. A web browser can't make two requests at the same time. Which response would take precedence?
Nor does it need to. Now, you have a target already:
http://www.mydomain.com/page2/
Don't you control that page? That would be the page on which you'd put your PHP code for sending an email. If you don't control that page, then you would want an intermediary page. Something like:
sendmailandredirect.php
(Named solely to illustrate intent, you can call it what you like.) What this page would do is send the email, then issue a redirect to your final target. Something like:
header('Location: http://www.mydomain.com/page2/');
In effect, there would be "two urls" but they're invoked in serial instead of in parallel.
If you wanted to keep the code seperate and the action url as /page2/ you could fire off an ajax request on submit to your sendmail handler.

Show/Hide content in a Gmail email body

Our organization is completely on Gmail (Google Apps), and we are trying to figure out a way to show/hide content in the body of the email and have the recipient decide whether to show the content or collapse it to hide it.
The reason why we need to do this is because we send out generic emails in various languages, so we want the recipient to simply click on their language and have the email show the text in that language.
Things we want to avoid:
Sending multiple emails out in different language (and have to manage email recipients languages and multiple emails).
Display the content for all the languages one after another in the body of the email and have the user scroll down to their language.
One way I thought of doing this is by using Javascript to show/hide a div in the email that would hold the content for each language. For example, I would have an "English" hyperlink, a "Spanish" hyperlink, a "Chinese" hyperlink, etc and on click, the JS would show the div associated to the language that was clicked.
However, I was not able to get Javascript to run in Gmail when I sent a HTML email from an email client (Thunderbird).
The solution I'm looking for should ideally only require Gmail as some of the users do not have access to browse any other site outside of Gmail from their Chrome browser.
The simple solution would just be an HTML (no javascript) email with a "table of contents" at the top showing the various languages. Clicking a language in the table of contents would jump to that language's anchor in the HTML (and thus, the correct language message body).
The hard way to do this would be to write a Gmail contextual gadget:
https://developers.google.com/google-apps/gmail/contextual_gadgets
Options that don't work:
JavaScript doesn't work in Gmail
Pseudo-selectors aren't supported, so you can't do anything like :active td { height:100px }
display:none and visibility:invisible aren't supported
Ideas that might work
Point the image to your server, and get the HTTP headers. With a combination of HTTP_ACCEPT_LANGUAGE and the IP address, you should be able to serve up the appropriate image.
In Gmail labs, there is an option to add apps by XML. You could write an app that lets you do more advanced stuff, and tell your users to install that.
Personally, I wouldn't worry about just displaying the content one after the other. Put an index of the languages at the top of the email, with anchor links to the relevant language.

Prevent hyperlinks in HTML emails (namely Outlook)

We've got some HTML emails that get sent out that show email addresses our service has blocked. When viewing the email in Outlook (and presumably in other clients as well) these plain-text email addresses get turned into clickable links that would compose a new message to this address when clicked.
Is there a way to prevent this from happening? Perhaps a meta tag with a flag that would prevent Outlook from converting these into clickable links?
Most email clients strip out META tags, Javascript, and other types of code not necessary for email. Outlook is going to do what it wants with your email, so what you may want to do is wrap the addresses with your own anchor tag and use a blank HREF. Then, style the link to look like the rest of your text.
I think a better answer is to formulate anything that you think a mail client might try to generate a link for in a way that breaks up the string a bit like this: https://stackoverflow.com/a/7625887/470749

What are some ways to protect emails on websites from spambots? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 months ago.
Improve this question
I'm creating a public internet facing website which contains the email address of their salespeople.
What kind of programming options do I have to generate the "mailto" and display the email from that address but limit the spambots from picking up the address?
Recaptcha has an excellent capture based email protection. You can see it implemented at the bottom of any page in my website using the Site Feedback link.
I know that Facebook does it by displaying an image instead of text. Sure, they could use OCR on the image, but why bother for just one email address?
If you really didn't want spam bots to get an email address, the best way is to never show it to anyone. Show a link to "Contact this person" which brings up a form. On the server side, send the contents of that form to the recipient, with a reply-to of the sender's email address. Include a little blurb at the bottom of their message that "if this email is spam, please 'click here' to block this user", which will then block the IP of the sender. I've used this method on a number of occasions and have never had a single complaint.
You can obfuscate it but IMHO whatever you do, one day spammers will get your email address. The future is in spam filters, not trying to keep email addresses secret.
What I have done in the past is use javascript to build the mailto: link. This is nice for the users because they can just click on the link and I don't know of any spambots that take the time to execute javascript yet.
I think I got the idea from Jakob Nielsen's useit.com website.
In the page header I have this piece of javascript:
<script name="mailto" language="JavaScript">
//<![CDATA[
function load()
{
c1 = "bcl"
c2 = "brian"
c3 = "lane"
c4 = "com"
// Fill in the addresses
document.getElementById("contact1").innerHTML = "" + c1 + "#" + c2 + c3 + "." + c4 + "";
}
//]]>
</script>
Tell it to load it when the page loads:
<body onload="load()">
And then in the body of the page I put a link to a spamtrap:
<span id="contact1">spam#brianlane.com</span>
If this is not a static HTML page, but a ASP.NET, JSP, Coldfusion, or PHP page then you could have a drop down box with a list of all your sales people, a text box for comments, and a "Contact Us" (ie, Submit button). When the button is clicked, it will call a server-side code which creates the email and sends it to your local mail server for delivery. The outside world will never know the email address of your sales people, nor the email format (ie, firstname.lastname#yourcompany.com) of your company.
Have a look at PrivateDaddy - I think it does exactly what you're looking for: fully automatic, unobtrusive email cloaking that even works with browsers where JavaScript support is disabled. You can get it here (free of course)
I have a solution, well, more of a theory.
Problem is, the bots parse the page. they can get the text. even if it's being put
into the page in some sophisticated way through Javascript.
So, just you CSS3 pseudo element! it won't be a link, but your email will be visible, and will never be an actual text. something like this:
.email::after{ content:'myemail#gmail.com'; }
Again, it's a theory, I've no idea how far these evil people can go to get it, but I think this be pretty safe.
Update (JULY 19')
I now in the opinion this isn't a problem since email servers have become good at filtering spam and there's no reason to make any elaborate tricks to "protect" email text on webpages.
You can use something like email obfuscation
This is a difficult problem. If you post an e-mail such that it can be parsed by a web browser so that it's clickable, then it can be parsed by a spambot. If it's not clickable (e.g. if it's an image), it's more difficult for users. On one side is perfect, seamless experience for users and on the other side is perfect spam-blocking. A simple CSS or javascript to take in an email address as separate tokens is usually better than nothing, though.
You could only show a part of the e-mail address "us...#mail.com" as a link that redirects to a captcha, then display the full e-mail address like Google Groups does.
We used to do classic ASP string cat for email addresses, the grand idea being that spambots read source, but don't parse server-side code. I have NO idea if that actually works.
Would something that I wrote work for you?
http://kevin-le.appspot.com/viewSource/sourceShare/asmRevealer.js
...and you could see the demo here:
http://kevin-le.appspot.com/extra/contact
It works with mailto, so it's convenient for users, but spambots won't be able to pick up which is your requirements. It'll be obvious once you spend 1 minute looking at the demo.
I got the same problem too and i came up with a quick but effective method to help my website out.
Basically bots just read the content of the web page but in 99.999% they do not trigger events, it would require a great amount of dedication and work, things hacker don't usually do in favor of bigger numbers and quicker effects.
So i came up with this function:
function emptyMail() {
let mail = document.querySelector('#your_mail');
let mailValue = mail.href;
mail.href = "";
mail.addEventListener('mouseover', function() {
mail.href= mailValue;
})
}
This worked for me i hope it can help you too.
I see the mailto: protocol almost dead anyway... It is convenient, but too easy to parse and gather.
Plus it has its downsides: if you are on a Web cafe, it won't work because it will call whatever default e-mail client it has (if it has any!) and it is not set up on your account. Same if you use exclusively online e-mail managers...
A possible workaround is to decorate e-mails, relying on users to type or correct them: foo (at) example.com or foo-NOSPAM#REMOVE-THIS-example.com are common schemes (hoping spammers doesn't try to decipher these common schemes!), graphical e-mail addresses are another way.
Or, as pointed out, if you can, the best option is to have a contact form, with some reasonable form of protection against robots, that would be usable from everywhere. Although people might be defiant on forms asking for e-mails (for response!), so a disclaimer might be useful too... :-)