PDA

View Full Version : Help with protecting my e-mail adress from spam



bassa
03-10-2009, 09:15 PM
Hello!

I've implemented a small JavaScript on my webpage that is supposed to protect my e-mail adress from e-mail harvesters and mailbots. I followed directions to the letter in how to add it to my webpages, but when I look at the webpage in a browser window, I'm seeing a new e-mail link in the top left corner of the page.

Can someone help, perhaps?

Here's the JavaScript code:


<script language="JavaScript"><!--
var name = "info";
var domain = "froso.dk";
document.write('<a href=\"mailto:' + name + '@' + domain + '\">');
document.write(name + '@' + domain + '</a>');
// --></script>

And here's the footer on my webpage:


<!-- Footer Start -->
<div id="footer">
Fr&oslash;s&oslash; K&oslash;kkenfornyelse &middot; Oldenvej 7 &middot; 3490 Kvistg&aring;rd<br/>
Tlf.: 4917 7728 &middot; Fax: 4917 7738 &middot; E-mail: <a href="removed for security" class="footerlink">removed for security</a></div>
<!-- Footer End -->

I've tried testing with removing the JavaScript above, and that seems to remove the odd link in the top left corner. Why does it get created?

PS: Also, I've noticed that whenever I click on the 'mailto:' e-mail link, the browser opens a new 'blank' window before proceeding to open a new mail in my mail software (in my case, Microsoft Outlook).

How do I change that so that the new pop-up window doesn't appear?


Cheers,
Bassa

Master_script_maker
03-10-2009, 11:16 PM
try:
<!-- Footer Start -->
<div id="footer">
Fr&oslash;s&oslash; K&oslash;kkenfornyelse &middot; Oldenvej 7 &middot; 3490 Kvistg&aring;rd<br/>
Tlf.: 4917 7728 &middot; Fax: 4917 7738 &middot; E-mail: <a href="#" class="footerlink" id="jse">removed for security</a></div>
<script type="text/javascript">
var name="info";
var domain="froso.dk";
document.getElementById("jse").href=name+"@"+domain;
</script>
<!-- Footer End -->

bassa
03-11-2009, 09:37 AM
Doesn't appear to work.

The e-mail now links to: http://www.froso.dk/test/removed for security.

Changing the 'href' to correct path: removed for security changes nothing, apparently.


Cheers,
Bassa

Master_script_maker
03-11-2009, 10:59 AM
have you tried this?
<!-- Footer Start -->
<div id="footer">
Fr&oslash;s&oslash; K&oslash;kkenfornyelse &middot; Oldenvej 7 &middot; 3490 Kvistg&aring;rd<br/>
Tlf.: 4917 7728 &middot; Fax: 4917 7738 &middot; E-mail: <a href="#" class="footerlink" id="jse">info@froso.dk</a></div>
<script type="text/javascript">
var name="info";
var domain="froso.dk";
document.getElementById("jse").href="mailto: "+name+"@"+domain;
</script>
<!-- Footer End -->

bassa
03-11-2009, 11:30 AM
That worked, but it's still showing the mail-link in the top left corner.

Here's the webpage: http://www.froso.dk/test/index.html


Cheers,
Bassa

Twey
03-11-2009, 11:43 AM
Um, that's not the right script. Of course it will display in the upper corner: that's where it document.write()s it to. Use the DOM-based ones the other people in this thread have suggested.

bassa
03-11-2009, 12:27 PM
Cool. Is it possible to have the mail adress just look like: info (at) froso.dk?

Right now, it reads: mailto:info (at) froso.dk in the browser.


Cheers,
Bassa

Twey
03-11-2009, 01:06 PM
If you mean what I think you mean, then no, the mailto: construct is an equivalent of http:: it tells the browser what to do with that string, and without it the URI is meaningless.

The best solution, of course, is to use a server-side mailing script, so that your address need never be exposed to the world at all. What you've got at the moment is still quite vulnerable to harvesting, and also blocks non-Javascript users from using the mailto link directly.

The existence of all those &oslash;es and &middot;s in your HTML would seem to indicate an encoding problem — you should be able to enter and directly in any properly–set-up environment.

bassa
03-11-2009, 01:55 PM
If you mean what I think you mean, then no, the mailto: construct is an equivalent of http:: it tells the browser what to do with that string, and without it the URI is meaningless.

Alright.


The best solution, of course, is to use a server-side mailing script, so that your address need never be exposed to the world at all. What you've got at the moment is still quite vulnerable to harvesting, and also blocks non-Javascript users from using the mailto link directly.

Good to know. Do you know of an alternative, and preferably better, solution?


The existence of all those &oslash;es and &middot;s in your HTML would seem to indicate an encoding problem you should be able to enter and directly in any properlyset-up environment.

Yes. I created another thread some weeks ago where I questionened whether it was necessary for me to "convert" these Dreamweaver automated changes myself.

Dreamweaver changes the letter '' into &oslash; by default.

I'm confident that my environment is just fine as it is, and I'm fairly sure that I'll change all these Dreamweaver changes back unto their original form, ie. , and .

Thank you!


Cheers,
Bassa

jscheuer1
03-11-2009, 02:24 PM
Note: Whatever you do to protect an email address that has already been compromised, spammers will still have it because these lists of harvested email addresses are constantly exchanged among spammers. However, once an address is protected, over time spam emails should gradually decrease, because these list eventually go out of date and/or are updated with data believed to be accurate as to the viability of the addresses they contain. Responding to any spam email you receive, even if only to opt out, only serves to confirm your email address on these lists.

While a server side solution is preferable for at least two important reasons:


If properly setup, it cannot be hacked to get the address.
It allows people without an email client configured to still email you without doing anything extra.


If a server side solution is not readily available, one may use my:

http://home.comcast.net/~ansiguy/emailen1.htm

Once encrypted, most spam bots will not be able to tell that it is an email link, however even those without javascript enabled will be able to email you easily if they have an email client configured. And, with or without an email client configured or without javascript enabled, most will be able to right click and copy the address for use with their third party email host (like hotmail, gmail, etc.).

The reason this works is that although all modern browsers will automatically 'decrypt' the address, most bots - though they easily could, won't bother because they won't know it's anything that they are looking for in the first place. No javascript is required, because it uses only tokens and entities which the browser may render as ordinary characters without the aid of javascript.

The encryptor itself requires that you have javascript enabled to use it though.

bassa
03-11-2009, 02:39 PM
That e-mail encryptor is awesome, man! Thanks!

Anyone knows why my browser INSISTS on opening a new browser window before it opens up the email client, though?

Damn it's annoying!


Cheers,
Bassa

jscheuer1
03-11-2009, 03:06 PM
It could be just a quirk of your email client working in conjunction with your browser. If it is your software, there may be one or more configuration options in one or the other or both programs that can change this behavior.

Or there could be something on the page that asks the browser to open a new window, like a base target or a target for that link or some javascript code. If so, that can be tracked down and either eliminated or worked around.

However, in either case, a new mailing window (with the email client in it) usually is opened by default so that the user doesn't lose track of the page that they are on. If the email client is the browser, this will be a new browser tab or window (usually configurable in tab and/or email behavior config of the browser), if the email client is a separate program, it will open in a separate system window (which may or may not resemble a browser window). If a new window in addition to this mailing window is being opened, your computer or browser may be confused as to which email client is actually the default.

I checked your page, and it only opened this 'mailing window' for me.

bassa
03-11-2009, 03:24 PM
Alright, cool.


Cheers,
Bassa