Prevent Spam Bots Scraping Your Email Address

[judyofthewoods]

If you provide an email address on your website for your readers, you need to protect it from spam robots, or "bots". A spam bot is a piece of software which is, in effect, an automated web surfer which travels at lightning speed around the internet, clicking from one page to another, across to the next website, and so on. It searches for any text that looks like an email address. It collects the address, and then you receive emails offering substances to enhance your manhood or great riches at the casino.

Fortunately, spam bots don't see the page like a human eye does, and they can be easily fooled. There are several methods you can use to foil their evil plan.

First, lets look at what an email address looks like in the html source code. The portion in capital letters is the visible part, i.e. it shows on the page (the capital letters are only used for clarity, but would normally be lower case)

Code: Select all

<a href="mailto:yourname@yourwebsite.com">YOURNAME@YOURWEBSITE.COM</a>

There are two security risks here. One is inside the link (anchor) tag, the other is the visible address. The reason is that the bot reads everything in the source code, so even the part which appears on the page will be visible to it.

Here are some of the methods you can use to protect your email address

• create gaps (not clickable)
• write the address as you would say it (not clickable)
• image (not clickable)
• encrypt or encode the address
• create an image link (used in conjunction with encoding)

Lets look at each in more detail.

The simplest method to disguise your email address is by simply showing a broken up version and instruct your readers to paste it into an email form and close the gaps. There is no link, and the text would read yourname @ yourdomain . com

As bots get more sophisticated, and may be trained to look for the @ character and a .com, and instructed to close gaps on adjoining words, it may be better to split the word up even more, though it would get ever more annoying for your reader. Another way would be to show the text of the address with characters as spoken, and again, instruct readers to close gaps and replace words with characters yourname at yourdomain dot com .

Yet another simple way would be to create an image with the text of your email address and instruct readers to enter it into an email form as they see it. Spam bots can not read text in images.

The above three methods work, are simple, but may put off some readers from contacting you because of the extra work involved.

A better method would be to encode the text so that the bot can not read it, but the mailing program can. This is done with java script. There are free encoding services online if you are not able to encode it yourself (you probably wouldn't be reading this now, right?). One such service is by Syronex. I have used it for several years on two websites and never received any spam through those email addresses. You may still get the occasional spam email written by a real human who obtained the address by going to your website. This has been very rare.

You write your email address in the first form field on the Syronex site, and the text you want to appear on the page in the second field. This must not be your email address, as this text is not encoded, only included in the java script, and the bots could still read it in the source code. There is no need, of course, as you can simply use words like email me. You can also add text for the subject line. This may help you spot an email from your reader in your inbox, if the subject line included a word you would recognize. A simple example would be Feedback, though it might be safer to add something else, as spammer and phishers often use typical subject lines to trick people into opening an email.

I have also tried another type of encoding service, which did not work in the Firefox browser. I include it here so you know which type it is, and to best avoid it. This service generates the code for the email address and the text showing on the page, so you could have the email address visible, but you can't see anything in Firefox. It is a simple method, and you may have thought of trying it yourself. It uses the special character code for each letter and character, so the browser can read it, but the bots just "choke" on it. This website, emailaddresses.com, offers the service, but actually redirects you to another website, SiteUp, which sends you an email with the code to past into your page. If you do want to try it out, a small bit of warning. First, make sure that you select "No Thanks" in the box above the form if you don't want to receive two newsletters. Also, when you get the email, you may get a warning that it is a phishing email. It probably isn't. It is likely that your anti-virus software will see the encrypted code and interpret it as phishing.

There are a few other services you might like to try. I have not tried these, so it is at your own risk.

http://scr.im/ - this turns your email address into a short url for sharing

http://mailhide.recaptcha.net/ creates code for a captcha your reader has to solve to see your email address.

Please let us know if there are any methods or services you have used successfully.

[AlisonKerr]

I use Contact Forms, which require someone to enter several fields on my page and do not give out my e-mail address. I do still get a little spam this way, usually a handful of e-mails a week once a site has been running for 6 months or so.

One of my sites is done with CSS/html - you can see the contact form here http://greatfunbooks.com/contact-us.shtml. If anyone needs code for a CSS/html site I can try to explain it.

On my wordpress site I'm currently using a contact form plug-in Contact Form 7 http://contactform7.com/. I'm sure there are other Wordpress plugins and some, I think, include the captcha type requirement for submission. Contact Form 7 isn't very sophisticated, but it's free and is working well for me for now. Here is how it looks: http://lovingnaturesgarden.com/contact/

[Beth]

Good info, thanks!

And that reminds me that I never actually set up the contact info or e-mails or anything for my new site... putting it on the List! I'm leaning toward using a contact form, since stuff like yourname at yourdomain dot com doesn't appeal to me somehow.

Stupid spammers, making stuff hard for everyone!

[RachelM]

Oh bum, there was me thinking the mailto thing was fine with a clickable email me

It will be on my to do list to change!

Thanks Judy

[judyofthewoods]

Thanks for the information on contact forms, Alison. I didn't realize they were not standard issue with blog software. Good to know there are plug ins for the less technical minded.

The ideas I gave above were just simple ones to use on a static website as it does not involve special coding skills. From what little I know about contact forms, I think they are a server side feature. Did you have to do any php, Pearl or other weird coding an upload some script to your server to make it work? Are there easy to use copy and paste scripts you can recommend for a contact form for a static website?

I think the spam which still finds its way through is almost certainly some human browsing sites and contacting you directly. These methods do at least stem the deluge of casino, Viagra and what-not spam.

Beth, I agree, the gap method is a little clunky, though some people prefer it. Some people are also quite keen on keeping the use of javascript down or not use it at all. My personal preference is the javascripts version which people can simply click on and the mail form pops up. There is also a gap version for those who have javascript disabled. A contact page will not have much content on it, so the javascript slowing down the page load would not be an issue.

Rachel, I'd be interested what your spam situation is. I also wonder how often spam bots spider the web. If you have not been spammed yet, you may be in good time.

One other tip I forgot to mention, which is also useful for any email address anyone creates, not just for websites. Spam bots will also randomly generate email addresses and send out probably millions of these in the hope that some turn out to be real addresses. The best way to protect yourself from that kind of spamming is to create email addresses which also contain numbers and allowable characters as there would be just too many possibilities, and their software is just geared at probability.

[RachelM]

Considering my email address is out there on the web on two different websites for all to see, I hardly get much spam. I think it's because the webhost I use for that account is excellent. If anyone is looking for a good webhost I can't recommend Vision Internet http://www.visn.co.uk/ highly enough! Whenever I email them - even on a Sunday, the guy who runs it - Dave emails me back, usually within an hour. They don't charge a lot for the service and have a very efficient spam protection service that comes with each web package account.

When I first joined them (about 8yrs ago) their spam filter was a bit too efficient and the odd email went astray - but usually a couple of days later I got the email with an apology that it got sifted out - doesn't happen now. I should probably become an affiliate but not got around to it yet!

[AlisonKerr]

"From what little I know about contact forms, I think they are a server side feature. Did you have to do any php, Pearl or other weird coding an upload some script to your server to make it work? Are there easy to use copy and paste scripts you can recommend for a contact form for a static website?"

Judy, I'm not entirely sure. My static sites are done with CSS and html - no php or scripts. I code them using the Notepad ++ text editor. The code for the contact forms is done that way, along with the rest of the code for the static pages.

My sites are hosted with GoDaddy.com. I upload the CSS, html and graphics files using ftp, but I don't do the GoDaddy admin management - I have technical help for that. I believe there was something to do on the admin management side to set up the e-mail address to work with the contact form.

I don't know if that helps.

[AlisonKerr]

I was getting some spam using the Contact Form 7 Wordpress plugin so I changed plugin today. I am now using WP Contact Form which is supposed to have some Askimet spam checking.

For anyone on Wordpress needing a Contact Form plugin here is a site which reviews three: http://themelib.com/2009/01/3-common-contact-form-wordpress-plugins/