Frank H wrote:so, what are the proofs that using javascript really 'disables' the spambots?
well, we've been using the JavaScript cloak on this site for nearly three years now, and I have received very little spam on my email address which is shown there; sometimes maybe 1-2 mails per week or so, which is very good by today's standard, and I'm pretty sure these came from other sites where my email address might have been displayed. We do not use any kind of spam filtering on our server. I get as many virus mails as the next guy of course, but this will happen regardless, as anyone with your email address in their address book who gets hit by a virus, will start distributing your email address to other hosts and infect those etc., but that's another discussion really.
Frank H wrote:I would never ever publicate an email adress of mine on the internet if I never want spam in that...
you and I are smart enough to know that this is the only way to be truly safe, but most people are not - so the question is, do we care about those less fortunate people, or is "their own damn fault"? I am passionately against spam, and anything I can do to screw things up for the spammers, I am happy to do
Frank H wrote:but, I don't see why one javascript would make is "safe" ... safety is more or less just a time issue IMHO ... how long will it take for those that can 'sense' that this kind of javascript is in action, and still parse the email adresses? I don't think too long... as spammers make money, and they want to get new fresh mails ... and when parsing... it's easy to find that javascript ...
easy to find, but certainly not easy to run - I doubt if any of them will really make their own JavaScript parser just to get those few extra email addresses ... there are MASSES of completely unprotected pages from which they can rip billions of email addresses daily; a few hundred or even a few thousand email addresses won't make any difference to these people.
even if they did care enough to do it, I doubt they'd be able to do it in the first place - a JavaScript parser is not simple ... bear in mind, in order to get the email address, you have to not just parse, but actually execute the JavaScript, and if they did that, they'd also be running tons of other scripts; and there would be loads of other stuff they'd have to take into account then, like stopping popups, emulating the browser object and the entire DOM to keep scripted menus and effects from breaking the execution, etc.
Frank H wrote:IMHO, there's only one way to be "safe" from spam, and that's not to show the mail in any way...
still true, but still not an excuse to sit back and not do anything about the problem - quite the contrary ... and if the only other option is to not allow people to show their email addresses at all, then I'd rather take the second-best option and at least leave them with a choice.