Samrc Posted February 12, 2006 Share Posted February 12, 2006 I am building a site for a small company that has provided me with a list of 16 individuals that need to be identified on their website. The owner of the company will not allow me to make a PHP form for them. He insists that he wants individual email links for these 16 people! Though I have tried to explain the result of this very poor decision, he insists. I have looked at encoders, obfiscators, etc even found a very cool version that allows you to require the user to fill in the letters shown in the picture (the challenge) which bots would not be able to do.... http://w2.syronex.com/jmr/safemailto/ BUT....Couldn't I go the easy way.... List the names, addresses, phones for each person and provide link that says GET EMAIL ADDRESS. Tell them to fill in the password (text shown in a jpg image) to access the email link. The password code could be ASP or PHP for the individual email address page, and the code would not show in the webpage itself. Even if linked from an outside source, a password would still be necessary to access the page. The protected page would have regular mailto: links on it. Bots would not be looking for a password like that and since the email links themselves would be unavailable to the bots, they would be safe from harvesters. Anyone see a downside to this? Do I need to post a sample? Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted February 12, 2006 Share Posted February 12, 2006 If you explained the downside and he still insists he wants it why not just do it? What does he think of your new idea? Encode it or come up with a javascript solution. Of course lots of folks have disabled javascript too. Quote Link to comment Share on other sites More sharing options...
Samrc Posted February 12, 2006 Author Share Posted February 12, 2006 I was not going to ASK him about the new idea...just implement it. Then have him test it. If it is simple he will agree. He thinks it would cause 2-3 spams a day to a few addresses and will not accept that it's possible to get more than that per day! He has never published the addresses in print and has never had a site before. If he only wanted one general address, I would go ahead and make it public. If I just throw his 16 employee emails out on the web, live open links, spammers will eat them up. In good conscience, I can not do that for so many addresses. Sometimes you just have to protect someone from that kind of MAJOR problem! Yes the encoding issue has the downside that some people have things turned off and do not know how to turn them on. That's why I thought of the simple password to get to the email address page. No problems with blocking...allow customers in, keep spam bots out. Can you see any downside to doing that? Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted February 12, 2006 Share Posted February 12, 2006 I understand your frustration. The only downside to your idea is they have to give out the password to have people access it. So if you have to contact the people with the password why not just give them the email address and thus not have to put it on the site at all. Never mind I just re-read what you wrote about making the password a jpg image. So no I don't see a downside except for the extra step people have to make to send an email. Quote Link to comment Share on other sites More sharing options...
Deverill Posted February 12, 2006 Share Posted February 12, 2006 The downside is, as Bruce said, an extra step for people to muddle through. Weigh the alternative and see if it's worth it. If you have time, which it seems you may not, make a fake/temp email account on your TCH account and throw that address in a plain mailto: on the front page of one of your most popular pages and let it sit a couple of weeks and report back to him the tens or hundreds of spams you get in that time. Right now I only have one address in plain text on the web and that's because it is in links to my client's site from other fishing directories. There's only about a dozen places it is listed and most are just text, not a mailto, but I have 3800 spams in my spam folder and they go away after 30 days. This means that I'm averaging about 127 per day and at least 90% are from that one address. My church gets only the ones that someone manually harvests. Dunno if it will help make your case but feel free to use the example and if you need anything else just PM me. Quote Link to comment Share on other sites More sharing options...
Pendragon Posted February 14, 2006 Share Posted February 14, 2006 How about a contact form? One that just lists say thier names (or departments), the person enters THEIR email address and text and out it goes. They (or bots) never know or see the address the email gets sent to. When the person gets the email, then they can reply if they want. Quote Link to comment Share on other sites More sharing options...
jayson Posted February 14, 2006 Share Posted February 14, 2006 I user email encription. it uses the hexadesimal coding and been using that for about 2 years, and have not gotten spam, or anything. Just a thought Quote Link to comment Share on other sites More sharing options...
Samrc Posted February 14, 2006 Author Share Posted February 14, 2006 The owner of the company will not allow me to make a PHP form for them (my preference). Will make a sample that offers the encryption and the password technique and give him the choice. Even if it is not as secure in the long run, I expect he will go with encryption because it will not be obvious to his visitors. Thanks for input folks! Quote Link to comment Share on other sites More sharing options...
Pendragon Posted February 14, 2006 Share Posted February 14, 2006 The owner of the company will not allow me to make a PHP form for them (my preference). Then don't use PHP, use CGI... http://www.gulfcoastriders.com/contact.html Quote Link to comment Share on other sites More sharing options...
Samrc Posted February 14, 2006 Author Share Posted February 14, 2006 Then don't use PHP, use CGI... Clarification..... NO contact form of ANY type. Quote Link to comment Share on other sites More sharing options...
TCH-JimE Posted February 15, 2006 Share Posted February 15, 2006 Hello, At the end of the day, nothing is going to stop a spammer from sending an email to an email address, they don't even have to know it exists, e.g. many people who have sites have say administrator@mydomainname.com or webmaster@domainname.com and hence spammers just pick the "mydomainname" and just send it, regardless of whether they have seen it or not. Whilst I can not see a problem with the JPEG its just another step. I would suggest using javascript. I have one that jumbles it all up on the page / code but clicking on the link actually gives the correct @ address. Just a thought Jimuni Quote Link to comment Share on other sites More sharing options...
Samrc Posted February 16, 2006 Author Share Posted February 16, 2006 Final result... No password/image or javascript either. Used the complete MAILTO obfuscation - combination of Hexadecimal and ISO characters from this page. http://www.seowebsitepromotion.com/obfuscate_email.asp Client likes result: - visually plain email link, using staff name for link - has floating tooltip for each link that says "click here to email Bill", etc. - preloaded subject in email I have warned him that eventually a spambot will capture those addresses. (hopefully it will be a while) He accepts that and is content. In the end, if he is happy, that is all that counts. Thanks for the input and opinions. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.