• From: Denmark
  • Registered: 2004-05-11
  • Posts: 195

Topic: cloak e-mail addresses!

E-mail harvesters are collecting users' email addresses from the mailto links on the profile pages! What I usually do is, on the server side, replace the @ in the e-mail address with "_at_" (or some other symbol), and then replace it back in JavaScript, outputting something like this:

<SCRIPT>email='<A HREF="mail'+'to:'+'someone_at_somewhere.com">someone_at_somewhere.com</A>'; document.write(email.replace(/_at_/gi, '@'))</SCRIPT>

Most browsers will be able to display this correctly - meanwhile, the e-mail harvesters will have problems, as they look only at the source HTML without first running the scripts. I have been using this method since over two years now to cloak e-mail addresses on various sites, and it's been incredibly effective smile

mindplay's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: cloak e-mail addresses!

Well yes and no. The reason I don't like it is because you can't make mailto: links that actually work the way they are supposed to. People will have to edit the To field in their e-post software. Also, you can choose in your profile whether the e-mail address should be visible or not. People who choose to have their e-mail address visible (it's not the default setting) do so at their own "risk".

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

  • From: Denmark
  • Registered: 2004-05-11
  • Posts: 195

Re: cloak e-mail addresses!

Rickard wrote:

The reason I don't like it is because you can't make mailto: links that actually work the way they are supposed to. People will have to edit the To field in their e-post software.

huh?

look here, works fine:

http://www.synapse-audio.com/contact.php

Rickard wrote:

People who choose to have their e-mail address visible (it's not the default setting) do so at their own "risk".

yes, that's the problem - not all users are aware of the risk.

mindplay's Website

  • From: Denmark
  • Registered: 2004-05-11
  • Posts: 195

Re: cloak e-mail addresses!

also, being able to safely display your email address would just be nice, wouldn't it? smile

mindplay's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: cloak e-mail addresses!

mindplay: Have a look at your page with JavaScript disabled. Approximately 6% of all Internet users have JavaScript disabled or are using browsers that do not support JavaScript.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

6 Reply by Andy

  • Andy
  • PunBB Donor
  • Offline
  • From: UK
  • Registered: 2003-08-23
  • Posts: 338

Re: cloak e-mail addresses!

Rickard wrote:

mindplay: Have a look at your page with JavaScript disabled. Approximately 6% of all Internet users have JavaScript disabled or are using browsers that do not support JavaScript.

...and its nice to appeal to even the minorities of browser users...

  • From: Denmark
  • Registered: 2004-05-11
  • Posts: 195

Re: cloak e-mail addresses!

Actually, it's more like 8%, but good point wink

How about using the <NOSCRIPT> tag together with the JavaScript, and display the e-mail address for those 6% without using "mailto:" - at least that way, everyone will see the e-mail address, only those few without JavaScript will have to manually copy the e-mail address into their mailer. Something like this:

<SCRIPT>
email='<A HREF="mail'+'to:'+'someone_at_somewhere.com">someone_at_somewhere.com</A>';
document.write(email.replace(/_at_/gi, '@'))
</SCRIPT> 
<NOSCRIPT>
<FONT>someone</FONT>@<FONT>somewhere</FONT>.com
</NOSCRIPT>

This should be safe against most harvesters, I bet for the most part they won't be clever enough to remove HTML code and decode numbered entities before parsing for e-mail addresses.

Additionally, you could HREF the e-mail address in the <NOSCRIPT> tag to the user's PROFILE page, and in a <NOSCRIPT> tag on the profile page, next to the e-mail address, you could put a short explanation like:

"This e-mail address could not be safely displayed as a link, because your browser does not support JavaScript - please select and copy the e-mail address into your e-mail application manually."

It's only a 92% perfect solution, but it's better than ignoring the fact that 50% of the world's e-mail is spam, isn't it? wink

mindplay's Website

8 Reply by Jansson (edited by Jansson 2004-05-13 08:07)

  • Jansson
  • Former PunBB Developer
  • Offline
  • From: Sweden
  • Registered: 2003-01-06
  • Posts: 856

Re: cloak e-mail addresses!

I think the current solution is much better. And it's a 100% perfect solution :)

That kind of "hack" doesn't fit into PunBB, but that's my opinion. Maybe as a mod if someone desperately needs it.

  • From: Denmark
  • Registered: 2004-05-11
  • Posts: 195

Re: cloak e-mail addresses!

The current solution is 100% perfect, yeah - for the spammers, not for the users.

Rather than looking for an argument to ignore the problem, I choose to look for solutions.

mindplay's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: cloak e-mail addresses!

mindplay wrote:
Rickard wrote:

People who choose to have their e-mail address visible (it's not the default setting) do so at their own "risk".

yes, that's the problem - not all users are aware of the risk.

But it's not the default setting! I can't really see the point of replacing a simple <a href=""> with a 200 byte javascript hack just to prevent that people, who obviously wants their e-mail address to be visible, have their e-mail address in plaintext in the markup. Fact is that most people don't even edit their profile options at all and I'm betting the number of people who insist on having their e-mail address visible is very very small.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

  • From: Denmark
  • Registered: 2004-05-11
  • Posts: 195

Re: cloak e-mail addresses!

Rickard wrote:

Fact is that most people don't even edit their profile options at all

yes, about that - how about after you register, you get sent directly to the profile page? (or the activation link sends you there, depending on wether you have e-mail verification switched on) ... if people notice from the start that the profile page is there, they might bother filling it in? smile

Rickard wrote:

and I'm betting the number of people who insist on having their e-mail address visible is very very small.

yes, because it's not safe.

mindplay's Website

  • From: Denmark
  • Registered: 2004-05-11
  • Posts: 195

Re: cloak e-mail addresses!

I don't see what harm a little extra safety and comfort can do, especially at the cost of a measly 200 bytes, but never mind, I'll just make a mod for it smile

mindplay's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: cloak e-mail addresses!

Well, it isn't a big deal. It's just that I feel value of that little extra safety and comfort is so small in comparison to what it does to the source in terms of readability and simplicity. I'll consider it.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

  • From: Denmark
  • Registered: 2004-05-11
  • Posts: 195

Re: cloak e-mail addresses!

just add a function to functions.php, encode_email(email) or so, and reuse that. If there's a simple call to that function in one or two other places in the source code, that should hardly cripple the readability wink

mindplay's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: cloak e-mail addresses!

What about the readability of the HTML source then? :D

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

  • From: Netherlands
  • Registered: 2004-03-06
  • Posts: 77

Re: cloak e-mail addresses!

On a few big forums i'm on they are using the gd library to show the email adress.
You can't click the image.

This is an ideal solution IMHO, if someone really wants to mail you they won't stop just because they have to type the email adress smile

  • From: Denmark
  • Registered: 2004-05-11
  • Posts: 195

Re: cloak e-mail addresses!

that's maybe a bit overkill? it certainly will put considerable extra load on the server, having to generate and compress a GIF image every time an email address has to be displayed...

mindplay's Website

18 Reply by Falconey (edited by Falconey 2004-05-14 11:56)

  • From: Netherlands
  • Registered: 2004-03-06
  • Posts: 77

Re: cloak e-mail addresses!

Thats kind of true big_smile

Anyway, i'm happy with the way it works atm. Most of my users have form mail enabled.

Maybe there could be an admin option for forcing form mail?

  • Frank H
  • Former PunBB Developer
  • Offline
  • Registered: 2003-03-16
  • Posts: 1,423

Re: cloak e-mail addresses!

mindplay wrote:

that's maybe a bit overkill? it certainly will put considerable extra load on the server, having to generate and compress a GIF image every time an email address has to be displayed...

no, just render them when people register or change their email addys (not that often)

  • From: Denmark
  • Registered: 2004-05-11
  • Posts: 195

Re: cloak e-mail addresses!

Frank H wrote:

no, just render them when people register or change their email addys (not that often)

okay, so then you'll spend HD space and bandwidth on thousands of GIFs instead.

if something like this is implemented, it has to be optional, and IMO shouldn't be switched on by default.

mindplay's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: cloak e-mail addresses!

Using GD is out of the question. It not only puts strain on the server, it also makes the e-mail link "unclickable". I'm considering mindplay's suggestion. Just give me some time :)

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: cloak e-mail addresses!

I have a suggestion. How about just adding a little to the description of the option? I.e. changin:

[] Display your e-mail address.

to

[] Display your e-mail address (not recommended in public forums).

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

  • From: Spain/Germany
  • Registered: 2004-02-27
  • Posts: 107

Re: cloak e-mail addresses!

I'd go for something closer to "publicly displayed at your own risk", but not with those words. Or maybe not. But it's definitely a good idea, some people ar not aware of "collectors".

  • Registered: 2004-05-14
  • Posts: 8

Re: cloak e-mail addresses!

mindplay wrote:

okay, so then you'll spend HD space and bandwidth on thousands of GIFs instead.

Create them dynamically with a bit of PHP instead?

Get your UK business listed for free in the UK Business Index!
  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: cloak e-mail addresses!

webstar: You can either generate them dynamically every time and totally overload the server CPU/memory or you can generate them once and then store them. Either way is horrible.

Face it people, the whole image thing isn't going to happen.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website