While this works, it doesn't get to the root of the problem: if your email address is on the internet, spammers will get it. But with that being said, there are a few tactics you can use to slow down your intake of spam. Most of them are very simple, and take only a few seconds of your time.
- Choose non-generic email addresses
I've run far too many domains and email addresses to not notice that if you have a [email protected], spammers will try to send email to it -- even if you don't have it set up. So don't set it up! Use more creative addresses such as [email protected], or [email protected]. - Don't have a "catch-all" email address
You may also have a "catch-all" email address in place, so emails sent to any address @mydomain.com will show up in your inbox anyways. Turn that off too. Spammers will more than happily send email to generic/random addresses @mydomain.com, in hopes of scoring a hit. Don't let that happen. - Don't use your email for the domain registration
If you register a domain name and use your email address for the registrant, administrative and/or technical contact email, you're just asking to get spam. Yes, some sites like DNSStuff.com will censor your email address from a WHOIS request. Yet still others, like Whois.net, won't. Also, you can usually pay for a "unlisted" domain registration, what will keep your contact info private. - Use online forms for email communication
If you have the technical ability, allow your website visitors to contact you via email using an online form. That way, the form sends the email to you and the visitor has no idea what address it's sending it to. But be careful, online mail forms are tricky and can be subject to code injection. This can lead to your sever actually sending out spam. - Encrypt your email address
If you must have your email address live on the web, don't just use a simple mailto: link -- you can encode it using JavaScript. That way a web browser can display it correctly, but a spammer trying to scrape your site won't be able to read it. Note: the spammer still may be able to extract your email address from the HTML code, but using this method makes it a lot harder.
To do this, I'd recommend any one of the free online tools. My personal favorite is Mailto Encoder. Just use their system, fill in some variables, and you're done. For instance, rather than have the usual mailto link,mailto:[email protected], you insert some custom JavaScript that builds your address dynamically for you.
Definitely agree about online forms...great alternative to having an email address onsite. It's also necessary though to have some king of bot-blocking program, whether simple .htaccess or more complex.
Another huge thing you can do to reduce spam: Switch your email to Google Apps - it has awesome spam filters.
Another email encoder you can use: https://fantomaster.com/fantomasSuite/mailShield/famshieldsv-e.cgi
Hey there,
Defintely gotta be careful with online forms. The amount of forms we see that u can pop in info to the 'cc' field (why is that necessary anyways??) and just mail someone from....scary.
We use the javascript and html email obfuscate as well....seem to be 95% effective too....
https://efront.com.au/obfuscate.php
CheersMark
Using online forms involves risk, too. Recently I received a spam message from my online form. I believe it just had the purpose of grabbing my email address from the automated confirmation email which was sent out to the spammer. I added a captcha image after that but probably too late for that address...
Hi all
i have been using this for the last month or so, to see if it helps
i havent used it on a new account so i cant measure it, but i will set one up in the morning and see what happens,
my overall traffic has increased well over 100% this month with some new sites, all with the same email, but spam is about the same level as normal. so i thinks its working, and, if it does, its an easy fix.
what do you guys think?
Kindest Regards
Phillip
Philski - ach! I tried to edit your post to remove the spacing and the WYSIWYG lost your commented code.... so sorry.
Hi all,
I think that most secure way to publish e-mails etc is using services like protectmy.info . Spambots aren't very clever, so they won't be able to parse images with noice or solve CAPTCHA task:)
Hopefully this will paste OK.........
Edit - Javascript was removed, will post the link instead.
Check https://www.mad4mobilephones.com/about.php3 to see how the email address is hidden.
Rand/Fluxx feel free to post the actual code in the blog somewhere.
There has been a ton of discussion about this over the last 7-10 days at the LED Digest. Yes, I publish it and it's self-interest for me to mention. But I didn't write any of the posts and those authors are the ones to give props to.
No links, but you can use google for these issue #'s:
led digest 2305 led digest 2306
Other good info can be found in #2310 and 2311.
Strategies mentioned include obfuscation by encoding w/ javascript, using images and php to create clickable addresses, secure forms, and lots of other stuff way over my head.
Sorry for the self promotion, but this is some great information on hiding email addresses from spam bots.
Aaudette - by all means, please do provide links. Since they're nofollowed, we don't consider any relevant outbounds to be spammy and appreciate you adding to the conversation.
Cheers, Rand. Here they are:
https://www.led-digest.com/content/view/1395/5...
https://www.led-digest.com/content/view/1397/5...
And then further details here:
https://www.led-digest.com/content/view/1406/5...
https://www.led-digest.com/content/view/1410/5...
Hope these help, Adam
I'd actually disagree with not using your email address for domain registration. Any issues with the domain and any renewal notices are done via the administrative contact. I've had many clients almost lose their domain because they had an old email address in place and were not getting the renewal emails.
Last I knew, domain transfers that went unanswered for 4 days were automatically processed as well. So if your domain was unlocked and you didn't have a proper email address in there, your domain could be transferred away without you even knowing. Most registrars have domain locking now though so that isn't as much of an issue.
I actually use the catch-all system for a few of my websites as I like being able to know where my spam is coming from. For example, I would sign up here with an email address of [email protected]. If all of a sudden I was getting spam to that address I would know where it was coming from and then turn off that address so no more spam came in.
Oh I'd totally use an email address for your domain, just not the one you want to use on a day to day basis.
Agreed, use your email address, just Use something like Domains by Proxy to hide your info.
Creating a simple good looking graphic of your email address is a good way.
character encoding is another way to hide your mailto: address and is a lot cleaner than the javascript solutions.
eg. [email protected] would be:
[email protected] (check source code of this email)
has worked for me, just google 'character encode email address' for some simple translators.
sorry! above sample isn't working :-) but you probably get my point.
I used to do that, until I realized that I could just run the page through the html_entity_decode() function in PHP and I can see your mailto: link.
One can use javascript document.write('mailto:mailbox@domain-name). The end-use will still be able to click on it to send you am email from their default email program but the email harvesters program won't. If you are using a contact form I advise adding a captcha feature to ensure the message is sent by an actual visitor.
In this javascript the email harvester can still pick up the email address.
On an old version of my site, I had a bit of javascript that did something like this but constructed the email from a number of variables. Clever little thing. But I lost it and haven't been able to find it since.
But it was basically - bad pseudo code to follow:
$name = 'mailbox'; $domain = 'domain-name'; $told = 'com';
document.write('mailto:$name@$domain.$tld')
Hi, I have been looking at disposable email addresses. You literally use 1 for every time you fill in a web form. They all link back into a central email address but anytime you get spam you can track back, see where it came from and then delete that specific email address. Seems a good idea, but not yet committed. Its sold by anonymizer.com and they call it "Nyms". It makes me laugh every time Rand says "Link condom applied"...well this is a way to apply a condom to your email address.:-) Although this doesnt directly address managing email adds displayed on web sites ..it is a neat trick when you have to fill in web forms etc