Preventing SPAM. Obfuscating email addresses in HTML code
Everyone has encountered SPAM and knows how annoying is deleting 30-40 unsolicited email messages every day. On the other hand it appears that mass mailing is one of most successful advertising tricks. That's why there are plenty of organizations that employ this.
Email addresses can be discovered using a few techniques. One of them is searching through the HTML code in searching for valid address. This is done by specially designed bots. That's why it is important to avoid direct address usage. This article covers a few ideas for this purpose.
Using domains that do not exsist
You can use this technique when you give an example for an email address. Typically, this may be default value of an form input field. Use example.com, example.net, domain.com, as all of these are forbidden for registration and do not point any IP.HTML obfuscating
The main idea here is to replace each symbol with its HTML entity. Here's a realization in PHP:<?php
function obfuscate_email_html($email)
{
$return='';
for($i=0; $i<strlen($email); $i++)
{
$return.='&#'.ord($email{$i}).';';
}
return $return;
}
?>
<a href="mailto:<?= obfuscate_email_html('mymail@example.com')?>"><?= obfuscate_email_html('mymail@example.com')?></a>
This method of obfuscating isn't quite reliable, as decoding entities is relatively easy process. However this is compatible with all browsers.
Javascript obfuscating
This method requires Javascript support enabled in the browser to output the address. Bots are text-processing programs, and thy cannot execute javascript code and collect the address.Here's a realization that separates account name, domain name and '@' sign in different variables and lets Javascript later concatenate them.
<?php
function obfuscate_email_js($email)
{
$return='<script type="text/javascript" language="Javascript">';
$return.='document.write(\'<a href="mailto:\'); ';
$email_arr=explode('@', $email);
$return.='a=\'@\'; b=\''.$email_arr[1].'\'; c=\''.$email_arr[0].'\'; ';
$return.='document.write(c + a + b); ';
$return.='document.write(\'">\'); ';
$return.='document.write(c + a + b); ';
$return.='document.write(\'</a>\'); ';
$return.='</script>';
return $return;
}
?>
<?= obfuscate_email_js('mymail@example.com')?>
Another method is to convert each letter to its ASCII code and later bring it back using Javascript. This technique is much more reliable and can be applied to random text:
<?php
function obfuscate_string_js($string)
{
$char_arr=array();
for($i=0; $i<strlen($string); $i++)
{
$char_arr[]=ord($string{$i});
}
$return='<script type="text/javascript" language="Javascript">';
$return.='document.write(String.fromCharCode('.implode(', ', $char_arr).')); ';
$return.='</script>';
return $return;
}
?>
<?= obfuscate_string_js('<a href="mailto:mymail.example.com">mymail.example.com</a>')?>
No comments yet
This page was last modified on 2024-12-05 07:41:15