Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 months ago.
Improve this question
I'm creating a public internet facing website which contains the email address of their salespeople.
What kind of programming options do I have to generate the "mailto" and display the email from that address but limit the spambots from picking up the address?
Recaptcha has an excellent capture based email protection. You can see it implemented at the bottom of any page in my website using the Site Feedback link.
I know that Facebook does it by displaying an image instead of text. Sure, they could use OCR on the image, but why bother for just one email address?
If you really didn't want spam bots to get an email address, the best way is to never show it to anyone. Show a link to "Contact this person" which brings up a form. On the server side, send the contents of that form to the recipient, with a reply-to of the sender's email address. Include a little blurb at the bottom of their message that "if this email is spam, please 'click here' to block this user", which will then block the IP of the sender. I've used this method on a number of occasions and have never had a single complaint.
You can obfuscate it but IMHO whatever you do, one day spammers will get your email address. The future is in spam filters, not trying to keep email addresses secret.
What I have done in the past is use javascript to build the mailto: link. This is nice for the users because they can just click on the link and I don't know of any spambots that take the time to execute javascript yet.
I think I got the idea from Jakob Nielsen's useit.com website.
In the page header I have this piece of javascript:
<script name="mailto" language="JavaScript">
//<![CDATA[
function load()
{
c1 = "bcl"
c2 = "brian"
c3 = "lane"
c4 = "com"
// Fill in the addresses
document.getElementById("contact1").innerHTML = "" + c1 + "#" + c2 + c3 + "." + c4 + "";
}
//]]>
</script>
Tell it to load it when the page loads:
<body onload="load()">
And then in the body of the page I put a link to a spamtrap:
<span id="contact1">spam#brianlane.com</span>
If this is not a static HTML page, but a ASP.NET, JSP, Coldfusion, or PHP page then you could have a drop down box with a list of all your sales people, a text box for comments, and a "Contact Us" (ie, Submit button). When the button is clicked, it will call a server-side code which creates the email and sends it to your local mail server for delivery. The outside world will never know the email address of your sales people, nor the email format (ie, firstname.lastname#yourcompany.com) of your company.
Have a look at PrivateDaddy - I think it does exactly what you're looking for: fully automatic, unobtrusive email cloaking that even works with browsers where JavaScript support is disabled. You can get it here (free of course)
I have a solution, well, more of a theory.
Problem is, the bots parse the page. they can get the text. even if it's being put
into the page in some sophisticated way through Javascript.
So, just you CSS3 pseudo element! it won't be a link, but your email will be visible, and will never be an actual text. something like this:
.email::after{ content:'myemail#gmail.com'; }
Again, it's a theory, I've no idea how far these evil people can go to get it, but I think this be pretty safe.
Update (JULY 19')
I now in the opinion this isn't a problem since email servers have become good at filtering spam and there's no reason to make any elaborate tricks to "protect" email text on webpages.
You can use something like email obfuscation
This is a difficult problem. If you post an e-mail such that it can be parsed by a web browser so that it's clickable, then it can be parsed by a spambot. If it's not clickable (e.g. if it's an image), it's more difficult for users. On one side is perfect, seamless experience for users and on the other side is perfect spam-blocking. A simple CSS or javascript to take in an email address as separate tokens is usually better than nothing, though.
You could only show a part of the e-mail address "us...#mail.com" as a link that redirects to a captcha, then display the full e-mail address like Google Groups does.
We used to do classic ASP string cat for email addresses, the grand idea being that spambots read source, but don't parse server-side code. I have NO idea if that actually works.
Would something that I wrote work for you?
http://kevin-le.appspot.com/viewSource/sourceShare/asmRevealer.js
...and you could see the demo here:
http://kevin-le.appspot.com/extra/contact
It works with mailto, so it's convenient for users, but spambots won't be able to pick up which is your requirements. It'll be obvious once you spend 1 minute looking at the demo.
I got the same problem too and i came up with a quick but effective method to help my website out.
Basically bots just read the content of the web page but in 99.999% they do not trigger events, it would require a great amount of dedication and work, things hacker don't usually do in favor of bigger numbers and quicker effects.
So i came up with this function:
function emptyMail() {
let mail = document.querySelector('#your_mail');
let mailValue = mail.href;
mail.href = "";
mail.addEventListener('mouseover', function() {
mail.href= mailValue;
})
}
This worked for me i hope it can help you too.
I see the mailto: protocol almost dead anyway... It is convenient, but too easy to parse and gather.
Plus it has its downsides: if you are on a Web cafe, it won't work because it will call whatever default e-mail client it has (if it has any!) and it is not set up on your account. Same if you use exclusively online e-mail managers...
A possible workaround is to decorate e-mails, relying on users to type or correct them: foo (at) example.com or foo-NOSPAM#REMOVE-THIS-example.com are common schemes (hoping spammers doesn't try to decipher these common schemes!), graphical e-mail addresses are another way.
Or, as pointed out, if you can, the best option is to have a contact form, with some reasonable form of protection against robots, that would be usable from everywhere. Although people might be defiant on forms asking for e-mails (for response!), so a disclaimer might be useful too... :-)
Related
I want to embed an iframe inside an email that contains the 10 most recent chat messages. Is there a way to make this iframe dynamic so that it always shows the latest 10 chats regardless of when the email is opened? If the iframe is not the correct way to do this, is there a better way?
You can implement an iframe into the email - but your mail will be recognized as spam by many providers.
You should try to render your content dynamically into an image and implement that image into the email.
There kind of is a solution. It is using Dynamic CSS with a fallback of a Dynamic image to pull the information. It is not elegant really as for some clients (e.g. Outlook) this is not available at all and will only display initial information. It also utilizes a link for a style sheet which also severely limits which clients this will work in.
The fall back dynamic image is a bit more comprehensive in client support, but much harder to maintain as you will need to build something that programatically pulls the tweets (HTML webpage potentially) and then also have something that creates and hosts an image for the email to pull. This is not a short, simple thing to set up and may not be worth the required back end work for a simple email.
See this link for a bit more in-depth info on how this can be done for adding a live twitter feed into an email: https://litmus.com/blog/how-to-code-a-live-dynamic-twitter-feed-in-html-email
Since there was no accepted answer i thought i would give my input as well.
Litmus had done something similar for their live twitter feed in emails sometime ago.
The method i can think off is to create a PHP page which takes 10 images and makes it into 1. PHP can have a loop that checks for increments from a specific number and if it exists then add to that 1 image. When there is a new chat image added, PHP will disregard the last one and add the new in the loop.
For anyone reading this in 2022, this is possible with AMP.
Instead of an iframe, you can create a dynamic email easily.
check out amp.dev
Note: AMP is not supported by many email clients
We're generating some emails programmatically. We need to include a hyperlink that takes people to a page on website A, but we want to use website B to track their click before redirecting.
Is it safe to show the URL to website A, but in a hyperlink that really takes them to website B? That is, something like this:
Here's the page you wanted:
<a href="http://website-b.com/someTrackingToken">
website-a.com/theThingYouWereExpecting
</a>
... or does this look sufficiently scam-like that some email clients might object to it?
Note:
We specifically do want the website-a.com URL to be visible to the email recipient.
The sites are on different domains.
You can set the visible link and the href property to be two totally different things and there's usually little to no consequences, this is pretty standard for most mailers that need tracking.
The thing is, why not just wrap some text instead of a literal link? Present it as a button if you're worried about "click ability".
If you want to present a link that's nearly the same, why not just append some parameters on the end that trigger the tracking action? Like /x vs /x?token=XXX where you can grab that and and process it at any point of handling the request. Just suppress the display of that in the raw URL you're showing.
All the email providers are placing zero pixel images at the end of the content for tracking opens. Is there any particular reason? For example:
<img src = "http://tracksamle.com/ssss/track.gif" width="0" height="0">
Someone may be able to explain to larger detail, but I'm guessing it is forcing the email client to fetch the image from said address (which I would guess is unique such that it can be cross linked to the intended receiver of the email).
By then, on server, you can determine if the email has indeed been opened, and the IP-address of the opening party.
How this interferes with spam filters and other in-transit email scanners, I do not know though.
Edit:
As #bartdude also mentions in comments, positioning at end imposes least inconvenience on load times for the reader, as by then rest of the email should already be loaded, albeit this depends on implementation of loading process.
Adding to the answer above, note that if someone opens an email and has the option to "load images" and they don't click the link to load them, it will not count as an open. This is true also for text only emails. So if someone is tracking opens, they will never be accurate because of this.
I have a form built into a block on one of my content types, the content type has a file connected to the node.
I currently have a form the will send an email to the address you put in with a default message (ie if you put into the form, me#myemail.com, this email will receive a message saying "thank you for your interest.. ..please find your document attached" etc) However I'm struggling when it comes to attaching the file attachment of that node to the form, I have downloaded the mimemail module but there isn't a lot of documentation on how to do it.
(I apologise for repeating this question from the Drupal specific SO but this area seems to get more traffic)
Firstly, I would recommend you transition to webform rather than your own bespoke solution - as great and admirable as that is.
In looking around for a webform strategy to test and recommend, I found something that should do the job for you.
Have a look at this tutorial.
I have been looking at some methods for spamproof email methods here. I'd like to propose a more simple approach: Since I need a couple of different email addresses I considered just using a selectbox with JS or serverside redirect, as per examples on here.
Because google doesn't spider forms (dixit Matt Cutts), and spam-harvester script don't either (I think????) this would make sense to do.
I would love to be able to do this without using a script. So why not use one form per email?
<form action="mailto:test#domain.tld" method="get">
<input type="submit" value="test#domain.tld"/>
</form>
It seems the button text can be copied but not pasted, so that's a disadvantage.
Is this approach any good? or any other recommendations?
A robot uses the text of the page to get the email. It does not care if that text is in a button or within the body so using a button will not help.
Outside of using javascript, the only solution I know of would be written text, an image or Flash.
Create an image with your email or write out the email like: "test at domain dot tld"
Flash could provide you with a more secure (but not 100%) way of allowing people to click on an email but would not work on iPhone browsers and those that do not have the plug-in.
Another way is to use a simple captcha to before displaying the email in the PHP code.
Email: (1+2 = ?) then test#domain.tld
Because:
The email address is still in the page, and thus easily harvestable
mailto: URIs as form actions often fail
The reason server side form handlers stop email addresses being harvested is because the email address is not exposed to the user.