By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,334 Members | 1,861 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,334 IT Pros & Developers. It's quick & easy.

Q. on a PHP based Email Address Obfuscator for website Mailto: tags

P: n/a
I found a PHP based email obfuscator for use in websites, where the
source HTML (PHP, actually) file doesn't contain the actual email
address in the Mailto tag, but generates it and that generated page
(containing a full and conventional Mailto: tag) is what is ultimately
presented to the user.

The intent is to thwart Spam bots and spiders, by NOT having the email
address in the original HTML Source, but ultimately presenting it to
the person browsing the site.

But here's my question.... Even though the program works exactly as
advertised, isn't this a case of flawed logic on the part of this
scripts author? PHP runs server-side, so won't the PHP be
interpreted, whether it's requested by a bot, a spider, or a legit
website visitor? (and thereby, presenting the bot with the full
Mailto: tag and email address anyway)? Or is there something basic
I'm missing here?

Thanks in advance...

John
Jul 16 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a

"john Q" <jo**************************************@yahoo.co m> wrote in message
news:d3********************************@4ax.com...
I found a PHP based email obfuscator for use in websites, where the
source HTML (PHP, actually) file doesn't contain the actual email
address in the Mailto tag, but generates it and that generated page
(containing a full and conventional Mailto: tag) is what is ultimately
presented to the user.

The intent is to thwart Spam bots and spiders, by NOT having the email
address in the original HTML Source, but ultimately presenting it to
the person browsing the site.

But here's my question.... Even though the program works exactly as
advertised, isn't this a case of flawed logic on the part of this
scripts author? PHP runs server-side, so won't the PHP be
interpreted, whether it's requested by a bot, a spider, or a legit
website visitor? (and thereby, presenting the bot with the full
Mailto: tag and email address anyway)? Or is there something basic
I'm missing here?

Thanks in advance...

John


Nope you're absolutely spot on. Unless the PHP script is detecting a bot using something like the
user-agent, or IP? Even then, a bot simply has to present itself as though it were a browser.

Javascript commonly used to obfuscate email addresses in web pages. The other method is to use a
form, which posts to a PHP script that sends an email.
Jul 16 '05 #2

P: n/a
On Mon, 14 Jul 2003 11:13:10 +0800, "powerboy"
<po******@rarextreme.com> wrote:

Nope you're absolutely spot on. Unless the PHP script is detecting a bot using something like the
user-agent, or IP? Even then, a bot simply has to present itself as though it were a browser.

Javascript commonly used to obfuscate email addresses in web pages. The other method is to use a
form, which posts to a PHP script that sends an email.


Thanks for the reply... I'm new to PHP, but I suspected there was a
missing ingredient there...

What do you think of this theory... (I'm trying to find a balance
between convenience to the end user (a lot of people hate forms), 100
percent browser compatibility (enough people keep Javascript turned
off)

Theory:
When you click on the "Contact us" link on a page, you're presented
with a short and simple form with two radio buttons, "Yes" and "No",
defaulted to "No", and you're asked nicely to "Click "Yes" if you
would like to email us"

That form runs a PHP script in an execute only directory, and if the
user selected "Yes", the script presents a generated page containing
all the "Mailto:" tags our heart desires. (I'm willing to accept that
this (or just about anything) can't and won't stop people from
manually harvesting the site, but it's the bots/spiders that I figure
I can fight).

This spares the user from filling in a form, it would only be one or
two extra clicks. This seems like it would work to me, but I'm (I'm
fuzzy on whether "execute only" is applicable in the case of an
interpreted scripting language like PHP)

Thanks
Jul 16 '05 #3

P: n/a
> Theory:
When you click on the "Contact us" link on a page, you're presented
with a short and simple form with two radio buttons, "Yes" and "No",
defaulted to "No", and you're asked nicely to "Click "Yes" if you
would like to email us"


Thats annoying for the user though - to have to click on further links to
get to be able to send you an e-mail is not at all ideal - I would be very
put off by that.

For what its worth, I have had several sites in the past, for which I use a
different e-mail address which is only used for website feedback. In over a
year since getting my most recent e-mail address I use for this, i've never
had a single piece of junk mail come through, which would indicate that bots
just aren't interested in websites - why would they bother checking possibly
hundreds or thousands of pages on a website to find a single e-mail address
of the owner when they could get possibly a thousand e-mail addresses from a
couple of hundred pages from newsgroups and such?
If you are intent on hiding your e-mail address then you could use something
like that, but try to do it in a single link (ie have the link to your
contact page as a form button with the radio buttons there with it, so its
done in one step - or have it so it pops up a small window with the e-mail
address in when they click on your yes button as you have it so that they
aren't having to reload the entire page, which may be a problem for people
with modems.

Personally though, I just wouldn't bother trying to hide it - nothings ever
come to my e-mail address that i use on several sites! If you are
concerned, try it with a different e-mail address first for a few months -
if it does get a lot of junk mail try your methods again and just scrap that
address, if it doesn't then you're fine.

David
Jul 16 '05 #4

P: n/a
On Mon, 14 Jul 2003 20:05:11 +0100, "David Walker"
<wb*********@hotmail.com> wrote:

....<snip removed>...
For what its worth, I have had several sites in the past, for which I use a
different e-mail address which is only used for website feedback. In over a
year since getting my most recent e-mail address I use for this, i've never
had a single piece of junk mail come through, which would indicate that bots
just aren't interested in websites - why would they bother checking possibly
hundreds or thousands of pages on a website to find a single e-mail address
of the owner when they could get possibly a thousand e-mail addresses from a
couple of hundred pages from newsgroups and such?
...<snip removed>...
There must be an element of good luck / bad luck on whether or not a
person gets hit, because I definitely get tons of spam at several
addresses only used on websites of mine. One or two even send
guesswork spam, where they send to "sales" @ my domain name, even
though I don't/never had a mailbox named "sales". (fortunately, not
that many do that).
If you are intent on hiding your e-mail address then you could use something
like that, but try to do it in a single link (ie have the link to your
contact page as a form button with the radio buttons there with it, so its
done in one step FYI, that was what I meant to write, even if how I phrased it didn't
turn out right
- or have it so it pops up a small window with the e-mail
address in when they click on your yes button as you have it so that they
aren't having to reload the entire page, which may be a problem for people
with modems.


Great idea! I'll probably do a blend of javascript with a noscript
option that does the small popup window. Also, good point on the
single (and disposable) website feedback address. I have to admit
that I've used primary email addresses on websites, which is bad
strategy since it can be a pain to change your primary address.

Thanks again,

John
Jul 16 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.