Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

hiding emails from bots


Go to End
Reply

16 Posts   6106 Views

Avatar
Nicolaas

18 September 2007 at 3:57pm Forum Moderator, 213 Posts

Hi Folk

What is the silverstripe philosophy on hiding emails? Right now, when you make an email link it blatantly shows in the source code, meaning that email harvesters will pick it up. What is the best way or what sort of ideas do you have about hiding email addresses?

Perhaps I could write a little module for it that can be added to ss. In that case, someone needs to tell me a bit more on how to do that :-)

Nicolaas

Avatar
Sigurd

18 September 2007 at 4:11pm Forum Moderator, 628 Posts

Currently we've not created any obfuscation, but certainly suggest what you feel is a good contemporary way of doing it :)

Avatar
Nicolaas

18 September 2007 at 4:19pm (Last edited: 18 September 2007 5:10pm), Forum Moderator, 213 Posts

I have a small PHP function that takes the email address from the content and changes it into a bit of javascript that writes mailto:email@beemail.com. You can also write all characters as ascii code e.g. 'M etc... in combination with the above. Altogether this may provide a bit of obfuscation. Here is an example: http://www.cloud9.co.nz/ (see bottom of the page).

Not very sophisticated, but at least it shows that you have made an effort to prevent your clients from being spammed....

Usually, within days of publishing (without obfuscation), clients will find their email being spammed.

Hope that helps

Nicolaas

Avatar
Sean

18 September 2007 at 4:24pm (Last edited: 18 September 2007 4:29pm), Forum Moderator, 921 Posts

I found a pretty nice technique here:

http://viebrock.ca/code/11/

We could probably do something like this for bob@somewhere.com:

<a href="send/bob/somewhere.com">Bob's email</a>

[code php]
class Page_Controller extends ContentController {

function send() {
// ... do some checking of $this->urlParams here and perform an HTTP redirect to the mailto URI
}

}

That page has some nice examples of php code performing this sort of behaviour, instead of placing the mailto: directly in the source code. Perhaps this could be of some use?

Hope this helps!

Sean

Avatar
Nicolaas

18 September 2007 at 4:31pm Forum Moderator, 213 Posts

it may be nice to use something that is not commonly used, because if it is commonly used then the email harvesters have more incentive to crack it....

Avatar
Matt

18 September 2007 at 9:58pm (Last edited: 18 September 2007 10:03pm), Core Development Team, 84 Posts

I just committed the first revision of the hidemailto module for you guys to test :)

Run the following inside your silverstripe install:

svn co http://svn.silverstripe.com/open/modules/hidemailto/trunk hidemailto

Then, follow the instructions at the top of the hidemailto/code/HideEmail.php file to implement it :).

Summary: There are currently two ways to implement, either by passing a member ID or an email address in the format user/domain/subject.

If you're listing a bunch of members on your site, and want a link to email them, you can use the following code:
[html]<!-- This is some control that returns Member objects -->
<% control Members %>
<!-- No default subject -->
<a href="$HideEmailLink" title="Email $FirstName (opens your favourite mail client)">Email $FirstName</a>

<!-- A default subject of Hi there! -->
<a href="$HideEmailLink/Hi there!" title="Email $FirstName (opens your favourite mail client)">Email $FirstName</a>
<% end_control %>[/html]

You can also insert links manually - via the CMS or hard-coded into your templates - by using the format mailto/user/domain/subject, where:
- user means the part before the @ sign - e.g. for matt@silverstripe.com, it will be 'matt'
- domain means the part after the @ sign - e.g. 'silverstripe.com'
- subject is optional, and is the default subject that is loaded (it can be changed by the user)

Hope this helps someone :)

edit: I've tested this on SilverStripe 2.1.0, and it requires the DataObjectDecorator extensions that were built for the gallery module.

Avatar
Sean

18 September 2007 at 10:57pm Forum Moderator, 921 Posts

Nice work Matt, I've just had a quick test and it seems to be working quite well. I'll test a bit more, and see how it goes, but it seems to be working pretty well nevertheless, and is free of javascript like most other methods rely on. :-)

Sean

Avatar
Ingo

18 September 2007 at 11:10pm Forum Moderator, 801 Posts

cool stuff, matt!

why wouldn't spambots (who crawl a site anyway) be able to follow a link in the format "/ingo/silverstripe.com/testmail" and extract the plaintext email-address from the url? they don't even have to be javascript-capable, just parse their own crawl-logs (or http-headers).

as mentioned on http://viebrock.ca/code/11/, you would've to combine this solution with a captcha to make it spam-bot safe. this in turn isn't very friendly to the user, who expects a simple email link.

i don't see this solution (without captcha) as much more secure than javascript-obfuscation, which can be worked around by spambots with similiar (or even more) effort. on the long run, having a $Content-parser in the module replacing all email-links with a client-side obfuscation would be cool :) definetly a good start though!

Go to Top