Content

• Home
• Action
• Blogging
• Croydon Residents Against Parking Plans
• CSS
• Flashmobs
• Gallery
• Garden Project
• Holidays and trips
• Life
• Listening
• Media Management MA
• News
• Opinion
• Pittock Reunion
• Rants
• Reading
• Simon Cox's
• Standards
• Tech
• Tickled
• Watching
• Web
• Webcam
• All entries
• Tag Cloud
• Loxley Barton Falls

Webcam

Home » Web » Hiding email addresses and harvesting

« Camberwick Green meets Life on Mars | Main | Muse at Wembley Stadium 16th June 2007 »

Hiding email addresses and harvesting

Hiding email addresses to stop bot email harvesting has interested me for a while now as I am constantly plagued with email spam. So I started to ask myself the question of how effective are the different methods of hiding email addresses on web pages if they are effective at all. Another relevant question: is anyone actually harvesting email addresses from web pages any more as there may be easier ways of obtaining them in bulk? I think the answer is yes but I want to test it. When I register domain names I often get spam email before I have built a site so they are harvesting the email addresses from the domain registries so I will start with a good technique for this.

Email addresses used for domain registrations

Don't use your primary email to register a domain name! I am going to assume a few things here - one is that you have the ability to set up email accounts for your domain name (easy if you have a Cpanel or Plesk set up). Set up an email account for the sole use of domain registrations. For example use domains@example.com. You can then whitelist your domain supplier and be very aggressive on anything else that comes in on that address. Sometimes some people might try and contact you using the email address registered with the domain so you had better ensure you have a contact form or communications channel on the website. If you don't have full control over your webservers then just get a googlemail account and use that specifically for domains.

Hiding email addresses

I am going to list several email address obfuscation methods and for this test I have set up several email addresses: emailharvesting1@example.com, emailharvesting2@example.com etc. Each address is actually forwarded to a single email account I have set up emailharvestingtest@example.com and I will pick up results from that. The reason I have done this is that my primary email address goes through Bopspam and I don't want to filter anything for this test.

1. Email address not hidden - asking for trouble!

This is the standard way of introducing an email link into the page - if any email addresses will get harvested it should be this one first. reaper3@simoncox.com. If you look at the source code you will see I have used a different address for each element, 1 for the link , 2 for the title and 3 for the text.

2. Hide your email address by replacing the @ symbol

Often favoured is to remove the @symbol but the spammers look for other things: reaper4(AT)simoncox.com. I am not using the mailto: link for this test - users would have to cut and paste the address if they wanted to use it..

3. Hide your email address using unicode characters

This is a technique I have often thought about using but have never tried. The characters are replaced with Unicode characters which appear to be normal on screen. reaper5@simoncox.com. It hides the email address but probably not difficult for an email harvester to interpret.

4. Hide your email address using the comment tag to hide your email address

Interesting one this - you can wrap comments around parts of your email address to confuse the harvesters. reaper6 @ simoncox.com

emailaddress<!-- comment -->@<!-- comment -->example.com

I am not convinced this one will work!

5. Hide your email address in an image

This technique should work until someone gets an AI to read images but the cost my be prohibitive. however it is not good for accessibility unless you put your email address in the alt tag...which defeats the whole point.

6. Hide your email address using JavaScript

A quick and dirty JavaScript. Quick because there is an on-line form to write the code over at the Hivelogic site. Dirty because it doesn't work for people not using JavaScript - think mobile phones...

7. Hide your email address using CSS

Naturally I have been looking to CSS for a way of doing this but so far all the techniques I have tried have not been that useful yet or really just repeat previous tests. More later.

Contact forms

The reality is that I always use on-line contact forms for the sites I build. This gives me far greater control and better ways to combat the spammers. It is also more user friendly as there are many people who may not have access to the email account they wish to use to contact you - they might be at work or at a friends house. For security the email address my contact forms go to is an intermediary one, contactform1@example.com, and this is forwarded to my primary address. If the contactform1@example.com address is ever compromised then I can quickly and easily change it to contactform2@example.com, I delete the contactform1@example.com address and the primary email account is never harvested or compromised!

Acknowledgement

Inspiration for this article goes to Sarven Capadisli who has written a great article on all the potential ways of hiding your email address.

Final word for now

I will report back on which email addresses get harvested and how quickly I start to get email! Should be interesting!

Posted by Simon at May 14, 2007 6:26 PM

---

Trackback Pings

---

Comments

1 May 15, 2007 5:46 PM Dean

Great article Simon. I look forward to the results of this experiment.

2 July 3, 2007 12:11 PM Varsha

This is very interesting. And you seem to be getting positive results!!
It is worth a try :)