How to show email addresses on the website to avoid spams?

I show email on my website as following

 <a href="mailto:inf@example.com">Email</a>

But I read the following while analysing my website using woorank.com, what should I do to avoid this?

Malicious bots scrape the web in search of email addresses and plain text email addresses are more likely to be spammed.

85956 次浏览

Yeah it means use a php form for visitors to contact you through. It is much safer and stops bots sending emails to you like thousands of times. Look around Google for a contact form tutorial there will be plenty!

A tutorial will tell you to use php and so when the user fills out a form it will be emailed to you with the details they filled out in the form. However most forms use like a "Captcha" entry and it stops the bots, almost like a "Are you Human?" test.

Hope this helps.

Solution 1:

You can use many publicly available email address encoders like (first result on google):

http://www.wbwip.com/wbw/emailencoder.html

This encodes the emails into their character entity value, this will require more logic form scrapers to decode it.

So an email like: test@gmail.com becomes &#116;&#101;&#115;&#116;&#064;&#103;&#109;&#097;&#105;&#108;&#046;&#099;&#111;&#109; which can be used in a mailto as well.

Solution 2:

Use an online email to image converter (again first result on google):

http://www.email2image.com/Convert-Email-to-Image.aspx

To make it as an image. Other services enable you to do this automatically via an API like:

https://www.mashape.com/seikan/img4me-text-to-image-service#!endpoint-Main

There are multiple different choices for hiding emails on websites, commonly using either the HTML entity version of the email address (as Aziz-Saleh suggested), but from an actual web design point of view, just putting the email address like that on a website isn't the most user friendly thing to do.

For instance, the mailto: link automatically triggers the browser to open the user's Email Application of choice - but consider this. Not everybody has a dedicated email application. For instance, I don't use Outlook (I'm a Windows user), and unless I have Windows Live Mail installed, my computer can't open that link. I think Chrome can open the links into GMail if you're signed in, but I would need to check that.

Ultimately, by using mailto:, you are potentially alienating a portion of your userbase that will not be able to use that link in the first place.

I would suggest using email forms, and there are plenty of easy-to-follow tutorials available for both PHP and your language of JSP, such as this link here: Sending Email in JSP and even on StackOverflow

By using your server to send the email, you get tighter control over how the email is generated, what data the user is allowed to put in, and you could even send them a return email (generated by the server) to confirm that you have received their message. This is a tried-and-tested real-world method of allowing customers and visitors to contact you, whilst still giving you protection and control over the entire process.

TL;DR: Raw mailto: links might alienate people without dedicated email programs, whereas if you use JSP forms, you can control how they contact you, with what information (you can use fields and the HTML5 required attribute to mandate certain input fields) and you can even respond with a do-not-reply email so they know their message was heard (just don't forget to ask for their email address)

In the past I have seen this done with javascript. Basically you assign the email address to javascript variables and change the contents of an element using these. You can also provide a fallback for users with javascript disabled which points them in the direction of a form if you need to. Here's an example

var user = 'foo',
domain = 'bar.com',
element = document.getElementById('email');


element.innerHTML = user + '@' + domain;
//OR
//'<a href="mailto:' + user + '@' + domain + '">Email</a>'

This way bots never see the email address as they do not load javascript.

I use email encoders like http://www.wbwip.com/wbw/emailencoder.html . Just put your address to the source and between the "a" tags. Something like this

<a href="mailto:&#105;&#110;&#102;&#111;&#064;&#101;&#120;&#097;&#109;&#112;&#108;&#101;&#046;&#099;&#111;&#109;">&#105;&#110;&#102;&#111;&#064;&#101;&#120;&#097;&#109;&#112;&#108;&#101;&#046;&#099;&#111;&#109;</a>

It is encoding of info@example.com

Well, you can figure out a different way every day. Here's one using jQuery.

<a class="mail" href="mailto:john@badmail.mydomain.com">e-mail</a>

Then handle the click with jQuery.

$('a.mail').on('click', function(){
var href = $(this).attr('href');
$(this).attr('href', href.replace('badmail.', ''));
});

The reason I like this is that I can let the spammers spam the dummy mail domain thinking they got yet another e-mail harvested. If I was maintaining my own spam filter, I could collect samples to my bad bucket.

Also, this approach allows you to render the page quite clean with dynamic data and simply have the javascript snippet only once on the whole site to handle the real user clicks.

Works also on mobiles.

Personally, I came up with this, pretty straightforward and kinda funny solution. I throw this code where I want my email address to appear:

<script>(function whatever(){var s='@',n='nabil',k='kadimi.com',e=n+s+k,l='<a href=mailto:\{\{spam@uce.gov}}>\{\{spam@uce.gov}}</a>'.replace(/\{\{.+?(}})/g,e);document.write(l)})()</script>

Explanation

Bots that crawl websites and look for emails using regular expressions will grab the FTC (Federal Trade Commission) email address (spam@uce.gov). Legit visitors will see your email address after it's constructed with that code.

##Expanded

<script>
(function whatever() {
var s = '@'
, n = 'nabil'
, k = 'kadimi.com'
, e = n + s + k
, l = '<a href=mailto:\{\{spam@uce.gov}}>\{\{spam@uce.gov}}</a>'.replace(/\{\{.+?(}})/g, e)
;
document.write(l);
})();
</script>

##Demo

<script>(function whatever(){var s='@',n='nabil',k='kadimi.com',e=n+s+k,l='<a href=mailto:\{\{spam@uce.gov}}>\{\{spam@uce.gov}}</a>'.replace(/\{\{.+?(}})/g,e);document.write(l)})()</script>

Put your email address on a transparent image in png or gif format and display that image on your web pages. Only a human reader would know the image is showing an email address. This will prevent bots from finding your email address on your website.

Google actually provides a service for this. Free to use and works pretty well: Mail ReCaptcha

I've been using CloudFlare's free Email Address Obfuscation feature: https://support.cloudflare.com/hc/en-us/articles/200170016-What-is-Email-Address-Obfuscation-

Email harvesters and other bots roam the Internet looking for email addresses to add to lists that target recipients for spam. This trend results in an increasing amount of unwanted email.

Web administrators have come up with clever ways to protect against this by writing out email addresses (i.e., help [at] cloudflare [dot] com) or by using embedded images of the email address. However, you lose the convenience of clicking on the email address to automatically send an email.

By enabling Cloudflare Email Address Obfuscation, email addresses on your web page will be obfuscated (hidden) from bots, while keeping them visible to humans. In fact, there are no visible changes to your website for visitors.

To prevent unexpected website behavior, email addresses are not obfuscated when they appear in:

  • Any HTML tag attribute, except for the href attribute of the a tag.
  • Other HTML tags
  • Any page that does not have a MIME type of "text/html" or "application/xhtml+xml"

I'm not affiliated with CloudFlare. I just appreciate all that they offer for free.

The trouble with the JavaScript solutions is that people with JS turned off will also not see the email address. Albeit a minority you need a combination of techniques for the best results.

Many of these techniques are detailed here, but I have provided the solutions only: https://www.ionos.co.uk/digitalguide/e-mail/e-mail-security/protecting-your-e-mail-address-how-to-do-it/

Comments

<p>If you have any questions or suggestions, please write an e-mail to:
us<!-- abc@def -->er@domai<!-- @abc.com -->n.com.
</p>

Hidden Spans

<style type="text/css">
span.spamprotection {display:none;}
</style>


<p>If you have any questions or suggestions, please write an e-mail to:
user<span class="spamprotection">CHARACTER SEQUENCE</span>@domain.com.
</p>

Reverse Strings This may not be friendly for multilingual sites.

<style type="text/css">
span.ltrText {unicode-bidi: bidi-override; direction: rtl}
</style>
<p>If you have any questions or suggestions, please write an e-mail to:
<span class="ltrText"> moc.niamod@resu</span>.
</p>

JavaScript as in many other answers

<script type="text/javascript">
var part1 = "user";
var part2 = Math.pow(2,6);
var part3 = String.fromCharCode(part2);
var part4 = "domain.com"
var part5 = part1 + String.fromCharCode(part2) + part4;
document.write("If you have any questions or suggestions, please write an e-mail to:
<href=" + "mai" + "lto" + ":" + part5 + ">" + part1 + part3 + part4 + "</a>.");
</script>

ROT13 Encryption JavaScript dependant but also helps with GDPR as it's encrypted.

<script type="text/javascript">
function decode(a) {
return a.replace(/[a-zA-Z]/g, function(c){
return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13)
? c : c - 26);
})
};
function openMailer(element) {
var y = decode("znvygb:orahgmre@qbznva.qr");
element.setAttribute("href", y);
element.setAttribute("onclick", "");
element.firstChild.nodeValue = "Open e-mail software";
};
</script>
<a id="email" href=" " onclick='openMailer(this);'>E-mail: please click</a>

Borrowed from here: Protect e-mail address with CSS only

<!doctype html>
<html>
<head>
<title>Protect e-mail with only css</title>
<style type="text/css">
.e-mail:before {
content: attr(data-website) "\0040" attr(data-user);
unicode-bidi: bidi-override;
direction: rtl;
}
</style>
</head>
<body>


<span class="e-mail" data-user="nohj" data-website="moc.liamg"></span>


</body>
</html>

Edit: Having used Formspree for a little over a year now, I have to say I'm not too happy. It's really easy for people to spam you all kinds of garbage.

2020 (and potentially beyond) solution:

  1. Register with Formspree, a free platform that forwards form data to an email of your choosing. Be sure to register using the email address on which you want to receive submissions.
  2. Copy the unique Formspree endpoint that gets generated.
  3. Create a contact form with this endpoint.

Congrats! Your email is officially masked from bots.