Help with protecting my e-mail adress from spam

**bassa** · 03-10-2009, 09:15 PM

Hello!

I've implemented a small JavaScript on my webpage that is supposed to protect my e-mail adress from e-mail harvesters and mailbots. I followed directions to the letter in how to add it to my webpages, but when I look at the webpage in a browser window, I'm seeing a new e-mail link in the top left corner of the page.

Can someone help, perhaps?

Here's the JavaScript code:

Code:

<script language="JavaScript"><!--
var name = "info";
var domain = "froso.dk";
document.write('<a href=\"mailto:' + name + '@' + domain + '\">');
document.write(name + '@' + domain + '</a>');
// --></script>

And here's the footer on my webpage:

Code:

<!-- Footer Start -->
<div id="footer">
   	Fr&oslash;s&oslash; K&oslash;kkenfornyelse &middot; Oldenvej 7 &middot; 3490 Kvistg&aring;rd<br/>
  Tlf.: 4917 7728 &middot; Fax: 4917 7738 &middot; E-mail: <a href="removed for security" class="footerlink">removed for security</a></div>
<!-- Footer End -->

I've tried testing with removing the JavaScript above, and that seems to remove the odd link in the top left corner. Why does it get created?

PS: Also, I've noticed that whenever I click on the 'mailto:' e-mail link, the browser opens a new 'blank' window before proceeding to open a new mail in my mail software (in my case, Microsoft Outlook).

How do I change that so that the new pop-up window doesn't appear?

Cheers,
Bassa

**Master_script_maker** · 03-10-2009, 11:16 PM

try:

Code:

<!-- Footer Start -->
<div id="footer">
   	Fr&oslash;s&oslash; K&oslash;kkenfornyelse &middot; Oldenvej 7 &middot; 3490 Kvistg&aring;rd<br/>
  Tlf.: 4917 7728 &middot; Fax: 4917 7738 &middot; E-mail: <a href="#" class="footerlink" id="jse">removed for security</a></div>
<script type="text/javascript">
var name="info";
var domain="froso.dk";
document.getElementById("jse").href=name+"@"+domain;
</script>
<!-- Footer End -->

**bassa** · 03-11-2009, 09:37 AM

Doesn't appear to work.

The e-mail now links to: http://www.froso.dk/test/removed for security.

Changing the 'href' to correct path: removed for security changes nothing, apparently.

Cheers,
Bassa

**Master_script_maker** · 03-11-2009, 10:59 AM

have you tried this?

Code:

<!-- Footer Start -->
<div id="footer">
   	Fr&oslash;s&oslash; K&oslash;kkenfornyelse &middot; Oldenvej 7 &middot; 3490 Kvistg&aring;rd<br/>
  Tlf.: 4917 7728 &middot; Fax: 4917 7738 &middot; E-mail: <a href="#" class="footerlink" id="jse">info@froso.dk</a></div>
<script type="text/javascript">
var name="info";
var domain="froso.dk";
document.getElementById("jse").href="mailto: "+name+"@"+domain;
</script>
<!-- Footer End -->

**bassa** · 03-11-2009, 11:30 AM

That worked, but it's still showing the mail-link in the top left corner.

Here's the webpage: http://www.froso.dk/test/index.html

Cheers,
Bassa

**Twey** · 03-11-2009, 11:43 AM

Um, that's not the right script. Of course it will display in the upper corner: that's where it document.write()s it to. Use the DOM-based ones the other people in this thread have suggested.

**bassa** · 03-11-2009, 12:27 PM

Cool. Is it possible to have the mail adress just look like: info (at) froso.dk?

Right now, it reads: mailto:info (at) froso.dk in the browser.

Cheers,
Bassa

**Twey** · 03-11-2009, 01:06 PM

If you mean what I think you mean, then no, the mailto: construct is an equivalent of http:: it tells the browser what to do with that string, and without it the URI is meaningless.

The best solution, of course, is to use a server-side mailing script, so that your address need never be exposed to the world at all. What you've got at the moment is still quite vulnerable to harvesting, and also blocks non-Javascript users from using the mailto link directly.

The existence of all those øes and ·s in your HTML would seem to indicate an encoding problem — you should be able to enter ø and · directly in any properly–set-up environment.

**bassa** · 03-11-2009, 01:55 PM

Originally Posted by Twey

If you mean what I think you mean, then no, the mailto: construct is an equivalent of http:: it tells the browser what to do with that string, and without it the URI is meaningless.

Alright.

Originally Posted by Twey

The best solution, of course, is to use a server-side mailing script, so that your address need never be exposed to the world at all. What you've got at the moment is still quite vulnerable to harvesting, and also blocks non-Javascript users from using the mailto link directly.

Good to know. Do you know of an alternative, and preferably better, solution?

Originally Posted by Twey

The existence of all those øes and ·s in your HTML would seem to indicate an encoding problem — you should be able to enter ø and · directly in any properly–set-up environment.

Yes. I created another thread some weeks ago where I questionened whether it was necessary for me to "convert" these Dreamweaver automated changes myself.

Dreamweaver changes the letter 'Ø' into ø by default.

I'm confident that my environment is just fine as it is, and I'm fairly sure that I'll change all these Dreamweaver changes back unto their original form, ie. Æ, Ø and Å.

Thank you!

Cheers,
Bassa

**jscheuer1** · 03-11-2009, 02:24 PM

Note: Whatever you do to protect an email address that has already been compromised, spammers will still have it because these lists of harvested email addresses are constantly exchanged among spammers. However, once an address is protected, over time spam emails should gradually decrease, because these list eventually go out of date and/or are updated with data believed to be accurate as to the viability of the addresses they contain. Responding to any spam email you receive, even if only to opt out, only serves to confirm your email address on these lists.

While a server side solution is preferable for at least two important reasons:

If properly setup, it cannot be hacked to get the address.
It allows people without an email client configured to still email you without doing anything extra.

If a server side solution is not readily available, one may use my:

http://home.comcast.net/~ansiguy/emailen1.htm

Once encrypted, most spam bots will not be able to tell that it is an email link, however even those without javascript enabled will be able to email you easily if they have an email client configured. And, with or without an email client configured or without javascript enabled, most will be able to right click and copy the address for use with their third party email host (like hotmail, gmail, etc.).

The reason this works is that although all modern browsers will automatically 'decrypt' the address, most bots - though they easily could, won't bother because they won't know it's anything that they are looking for in the first place. No javascript is required, because it uses only tokens and entities which the browser may render as ordinary characters without the aid of javascript.

The encryptor itself requires that you have javascript enabled to use it though.

Thread: Help with protecting my e-mail adress from spam

Thread Tools

Search Thread

Help with protecting my e-mail adress from spam

Bookmarks

Bookmarks

Posting Permissions