Jump to:

17452 Posts in 4473 Topics by 1971 members

Archive

SilverStripe Forums » Archive » hiding emails from bots

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1 2
Go to End
Author Topic: 6059 Views
  • Nicolaas
    Avatar
    Forum Moderator
    213 Posts

    hiding emails from bots Link to this post

    Hi Folk

    What is the silverstripe philosophy on hiding emails? Right now, when you make an email link it blatantly shows in the source code, meaning that email harvesters will pick it up. What is the best way or what sort of ideas do you have about hiding email addresses?

    Perhaps I could write a little module for it that can be added to ss. In that case, someone needs to tell me a bit more on how to do that

    Nicolaas

  • Sigurd
    Avatar
    Forum Moderator
    628 Posts

    Re: hiding emails from bots Link to this post

    Currently we've not created any obfuscation, but certainly suggest what you feel is a good contemporary way of doing it

  • Nicolaas
    Avatar
    Forum Moderator
    213 Posts

    Re: hiding emails from bots Link to this post

    I have a small PHP function that takes the email address from the content and changes it into a bit of javascript that writes mailto:email@beemail.com. You can also write all characters as ascii code e.g. 'M etc... in combination with the above. Altogether this may provide a bit of obfuscation. Here is an example: http://www.cloud9.co.nz/ (see bottom of the page).

    Not very sophisticated, but at least it shows that you have made an effort to prevent your clients from being spammed....

    Usually, within days of publishing (without obfuscation), clients will find their email being spammed.

    Hope that helps

    Nicolaas

  • Sean
    Avatar
    Forum Moderator
    921 Posts

    Re: hiding emails from bots Link to this post

    I found a pretty nice technique here:

    http://viebrock.ca/code/11/

    We could probably do something like this for bob@somewhere.com:

    <a href="send/bob/somewhere.com">Bob's email</a>

    [code php]
    class Page_Controller extends ContentController {

    function send() {
    // ... do some checking of $this->urlParams here and perform an HTTP redirect to the mailto URI
    }

    }

    That page has some nice examples of php code performing this sort of behaviour, instead of placing the mailto: directly in the source code. Perhaps this could be of some use?

    Hope this helps!

    Sean

  • Nicolaas
    Avatar
    Forum Moderator
    213 Posts

    Re: hiding emails from bots Link to this post

    it may be nice to use something that is not commonly used, because if it is commonly used then the email harvesters have more incentive to crack it....

  • Matt
    Avatar
    Core Development Team
    84 Posts

    Re: hiding emails from bots Link to this post

    I just committed the first revision of the hidemailto module for you guys to test

    Run the following inside your silverstripe install:

    Then, follow the instructions at the top of the hidemailto/code/HideEmail.php file to implement it .

    Summary: There are currently two ways to implement, either by passing a member ID or an email address in the format user/domain/subject.

    If you're listing a bunch of members on your site, and want a link to email them, you can use the following code:
    [html]<!-- This is some control that returns Member objects -->
    <% control Members %>
    <!-- No default subject -->
    <a href="$HideEmailLink" title="Email $FirstName (opens your favourite mail client)">Email $FirstName</a>

    <!-- A default subject of Hi there! -->
    <a href="$HideEmailLink/Hi there!" title="Email $FirstName (opens your favourite mail client)">Email $FirstName</a>
    <% end_control %>[/html]

    You can also insert links manually - via the CMS or hard-coded into your templates - by using the format mailto/user/domain/subject, where:
    - user means the part before the @ sign - e.g. for matt@silverstripe.com, it will be 'matt'
    - domain means the part after the @ sign - e.g. 'silverstripe.com'
    - subject is optional, and is the default subject that is loaded (it can be changed by the user)

    Hope this helps someone

    edit: I've tested this on SilverStripe 2.1.0, and it requires the DataObjectDecorator extensions that were built for the gallery module.

  • Sean
    Avatar
    Forum Moderator
    921 Posts

    Re: hiding emails from bots Link to this post

    Nice work Matt, I've just had a quick test and it seems to be working quite well. I'll test a bit more, and see how it goes, but it seems to be working pretty well nevertheless, and is free of javascript like most other methods rely on.

    Sean

  • Ingo
    Avatar
    Forum Moderator
    801 Posts

    Re: hiding emails from bots Link to this post

    cool stuff, matt!

    why wouldn't spambots (who crawl a site anyway) be able to follow a link in the format "/ingo/silverstripe.com/testmail" and extract the plaintext email-address from the url? they don't even have to be javascript-capable, just parse their own crawl-logs (or http-headers).

    as mentioned on http://viebrock.ca/code/11/, you would've to combine this solution with a captcha to make it spam-bot safe. this in turn isn't very friendly to the user, who expects a simple email link.

    i don't see this solution (without captcha) as much more secure than javascript-obfuscation, which can be worked around by spambots with similiar (or even more) effort. on the long run, having a $Content-parser in the module replacing all email-links with a client-side obfuscation would be cool definetly a good start though!

    6059 Views
Page: 1 2
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.