Protect e-mail from spambots.
Often, users wonder where their spammers find out their e-mail addresses and pour tons of spam on them. Leaving out of the scope of this article such methods of replenishing spammer bases, such as viruses, “flushing” of addresses by the owners of the mail server or listening to HTTP and ICQ traffic, consider the most common case.
One of the main sources of new e-mail addresses is the actual web page, on which careless users (and sometimes site owners) openly publish their e-mail, from which spambots (e-mail collectors) can easily extract it and use it in their bad purposes.
Next, we will review the basic techniques for encrypting e-mail addresses from spambots, as well as the results of measuring the effectiveness of each of the methods, by practically using each method for newly registered e-mail addresses and estimating the amount of spam.
At present, it is customary to protect the addresses published on the e-mail pages in the following main ways:
Advantages: relative ease of automation, laboriousness of recognition by robots (modern spambots take quantity, not quality, and it’s just not profitable to work with OCR - it’s better to collect a dozen open e-mails on a nearby site).
Disadvantages: users with disabled images will not be able to see the e-mail, and users with enabled images will not be able to copy it. In addition, the difficulty with fitting fonts / sizes of the text in the picture to the rest of the text.
Efficiency: high. The e-mail address published in this way on one popular site remained “unopened” by spammers.
Added: thanks to gudoshi for providing examples of automating this method:
mail2pic.org
www.mailonpix.ru
')
Example:
Advantages: ease of automation, independence from parameters such as the included graphics or JS user.
Disadvantages: ease of decoding, bypassing some modern spambots.
Efficiency: low. A box published in this way receives about 10 letters per day (it is obvious that some robots have “broken teeth” about this method, because several times more letters arrive at the openly opened box).
Example:
To more correctly use the features of the DOM instead of document.write, this example is given only as an illustration.
Advantages: relative ease of automation, the difficulty of recognition by robots. The address published in this way is clicked and copied without any problems, and also displayed to people with disabled graphics.
Disadvantages: the method does not work for users with disabled (for various reasons) JavaScript (yes, there are such users, and in certain cases their interests should be taken into account). The author was very surprised when a client declared that he did not see an e-mail address on the contact page.
Efficiency: high. No spam emails were sent to the test address.
Added: thanks to alkaruno for the link to the service of automatic generation of unpretentious JS-wrapper for e-mail.
An example from ecl that can be complicated to infinity:
In this example, when clicking with a mouse, the fake address is replaced with a real javascript.
In the section we put something like this css (class names and contents can and should be changed):
You can take it to an external file, it will be even more reliable, however, if the CSS is not uploaded, the address will be displayed incorrectly.
Further, in the code of the page in places where you need to insert an e-mail, we use something like this:
Explanations: The domain of the mail server must be “divided” in order not to attract the attention of semi-automatic e-mail collectors. Using display: none for "extra" characters is necessary to reduce the effectiveness of possible strip_tags functions. In all possible "hidden" places (and even the names of CSS-classes) it is better to use random (random) sequences of characters, which makes it difficult to automatically parse them.
The method works in all browsers, regardless of the inclusion of graphics and JavaScript.
Disadvantage: in some browsers, the address will have to be typed manually, since only the first letter will be copied (the question of how to overcome this has not yet been resolved). If this is important, you can combine this method with the previous one, putting it all in
Added: mcm69 suggested using javascript for Ctrl + C to work properly on such texts.
Efficiency: high. Spam letters did not come.
This very interesting method showed Alinaki
To build e-mail addresses, a CSS font is used (letters are composed of small div-squares).
The merits are obvious.
Disadvantages: not copied, not displayed in the case of not loaded CSS (it is unprofitable to render CSS in about 10 kb). In addition, some characters of such a font are not completely legible.
Outside the article, there are ways to use such methods as using forms to send mail with captcha (this is not always possible - for example, on a forum where a reckless user has published his e-mail), or displaying an e-mail address using Flash.
Added: any of these methods can be combined with the need to register on the site (display e-mail addresses only for registered (logged in) users, and for unregistered users - not to display them at all (asking for registration) or display them in the most severe way). Corresponding e-mail conversion for unregistered userbots can be done with simple regulars.
I hope that the article will encourage webmasters to equip all those places in which careless users can somehow leave their e-mail (forums, profiles, comments, etc.).
In this study, server-side ways of dealing with collectors of e-mail (for example, banned by IP) are not considered, this can be considered the topic of the following material.
Materials on the topic:
Hiding email addresses from spam robots (some simple ways are considered).
Protection from bots using PHP and JavaScript (article from Cord ). In practice, encryption is considered by applying to the picture and using JS.
One of the main sources of new e-mail addresses is the actual web page, on which careless users (and sometimes site owners) openly publish their e-mail, from which spambots (e-mail collectors) can easily extract it and use it in their bad purposes.
Next, we will review the basic techniques for encrypting e-mail addresses from spambots, as well as the results of measuring the effectiveness of each of the methods, by practically using each method for newly registered e-mail addresses and estimating the amount of spam.
At present, it is customary to protect the addresses published on the e-mail pages in the following main ways:
1. Protection by writing e-mail in the picture (or individual letters, symbols @ and dots).
Advantages: relative ease of automation, laboriousness of recognition by robots (modern spambots take quantity, not quality, and it’s just not profitable to work with OCR - it’s better to collect a dozen open e-mails on a nearby site).
Disadvantages: users with disabled images will not be able to see the e-mail, and users with enabled images will not be able to copy it. In addition, the difficulty with fitting fonts / sizes of the text in the picture to the rest of the text.
Efficiency: high. The e-mail address published in this way on one popular site remained “unopened” by spammers.
Added: thanks to gudoshi for providing examples of automating this method:
mail2pic.org
www.mailonpix.ru
')
2. Protection by encoding e-mail addresses in mnemonics (entitles-characters).
Example:
adress@mail.ruAdvantages: ease of automation, independence from parameters such as the included graphics or JS user.
Disadvantages: ease of decoding, bypassing some modern spambots.
Efficiency: low. A box published in this way receives about 10 letters per day (it is obvious that some robots have “broken teeth” about this method, because several times more letters arrive at the openly opened box).
3. Protection using encoding via JavaScript, with (or without) the removal of parts of the code in an external file.
Example:
To more correctly use the features of the DOM instead of document.write, this example is given only as an illustration.
Advantages: relative ease of automation, the difficulty of recognition by robots. The address published in this way is clicked and copied without any problems, and also displayed to people with disabled graphics.
Disadvantages: the method does not work for users with disabled (for various reasons) JavaScript (yes, there are such users, and in certain cases their interests should be taken into account). The author was very surprised when a client declared that he did not see an e-mail address on the contact page.
Efficiency: high. No spam emails were sent to the test address.
Added: thanks to alkaruno for the link to the service of automatic generation of unpretentious JS-wrapper for e-mail.
An example from ecl that can be complicated to infinity:
send email
In this example, when clicking with a mouse, the fake address is replaced with a real javascript.
4. Protection using CSS, comments and method 2.
In the section we put something like this css (class names and contents can and should be changed):
You can take it to an external file, it will be even more reliable, however, if the CSS is not uploaded, the address will be displayed incorrectly.
Further, in the code of the page in places where you need to insert an e-mail, we use something like this:
a!#N#!dress@mail.<![if !IE]>r<![endif]>uExplanations: The domain of the mail server must be “divided” in order not to attract the attention of semi-automatic e-mail collectors. Using display: none for "extra" characters is necessary to reduce the effectiveness of possible strip_tags functions. In all possible "hidden" places (and even the names of CSS-classes) it is better to use random (random) sequences of characters, which makes it difficult to automatically parse them.
The method works in all browsers, regardless of the inclusion of graphics and JavaScript.
Disadvantage: in some browsers, the address will have to be typed manually, since only the first letter will be copied (the question of how to overcome this has not yet been resolved). If this is important, you can combine this method with the previous one, putting it all in
Added: mcm69 suggested using javascript for Ctrl + C to work properly on such texts.
Efficiency: high. Spam letters did not come.
5. Constructing text with CSS
This very interesting method showed Alinaki
To build e-mail addresses, a CSS font is used (letters are composed of small div-squares).
The merits are obvious.
Disadvantages: not copied, not displayed in the case of not loaded CSS (it is unprofitable to render CSS in about 10 kb). In addition, some characters of such a font are not completely legible.
Outside the article, there are ways to use such methods as using forms to send mail with captcha (this is not always possible - for example, on a forum where a reckless user has published his e-mail), or displaying an e-mail address using Flash.
Added: any of these methods can be combined with the need to register on the site (display e-mail addresses only for registered (logged in) users, and for unregistered users - not to display them at all (asking for registration) or display them in the most severe way). Corresponding e-mail conversion for unregistered user
I hope that the article will encourage webmasters to equip all those places in which careless users can somehow leave their e-mail (forums, profiles, comments, etc.).
In this study, server-side ways of dealing with collectors of e-mail (for example, banned by IP) are not considered, this can be considered the topic of the following material.
Materials on the topic:
Hiding email addresses from spam robots (some simple ways are considered).
Protection from bots using PHP and JavaScript (article from Cord ). In practice, encryption is considered by applying to the picture and using JS.
Source: https://habr.com/ru/post/22549/
All Articles