1 Alternative

Thanks.
Would a possible alternative be to read the visitor’s browser type and only write real email addresses for human-operated browsers? It might not be perfect as you’d have to be quite studious about including all possible browser alternatives, but I think it would work quite nicely and not need a lot of code.
(However, it wouldn’t surprise me if some spambots disguise themselves as browsers)

posted at 05:14 pm on November 6, 2007 by Ian Ferguson

2 Hivelogic's Enkoder

Thou shall not forget Hivelogic’s Enkoder .

It’s easy to implement, and works great. It’s a Javascript-required solution… but many things are.

posted at 05:18 pm on November 6, 2007 by Mauricio Sandoval

3 easy for determined harvester

Does this not rely slightly on security by obscurity? Now you’ve published the code, a determined spam harvester could update their bots to check for that regexp, and if it matches, decode the true address?

posted at 05:21 pm on November 6, 2007 by herman c

4 Great idea!

I came to this article expecting some kind of ineffective hex-encoded email address obfuscation, but instead I found a great idea which could make a big difference to email harvesters (however big a part harvesters are to the overall spam problem).

Of course the best way to make this work is for everyone who uses this technique to implement is slightly differently – be that using a different URL base than “contact/”, or using different encoding for the address or something else. As soon as a bot writer can’t make assumptions about the information being hunted then it gets a lot harder to write an effective bot.

It’s definitely something I’ll be looking to implement soon.

posted at 05:22 pm on November 6, 2007 by Gareth Adams

5 Untitled

Would it not be easier to just encode the email address with HTML entities like this?:

not@home.com

run thru this encoder – http://www.wbwip.com/wbw/emailencoder.html (with full explanation)
to produce:

not@home.com

posted at 05:24 pm on November 6, 2007 by Sean Johnson

6 Untitled

What about addresses that have more than one . after the @?

The example code assumes that no one would have a TLD like .co.uk or .com.au etc.. In reality it is not possible to encode both . and @ with the same value.

Bart.

posted at 05:39 pm on November 6, 2007 by Bart Busschots

7 Untitled

I find it easier tojust sacrifice an email address and use Gmail – much nicer, much easier for everyone concerned, and uses the best Spam filter in the world.

I’d rather place the workload of trying to get in tuch at my end rather than the clients, and so I should be the one working to sift through the emails.

posted at 05:42 pm on November 6, 2007 by Ben Sekulowicz

8 Plus IS valid

This is one of my pet peeves: the plus sign IS a valid email address character. Postfix uses it by default to separate the “real user” from a meaningless suffix. So, for instance, mail to foo+bar@baz.com would actually be delivered to foo@baz.com. This would be a great way to track who sold the email address (e.g. by giving out foo+amazon@baz.com), if it weren’t for all the moronic sites who think the plus sign makes it invalid.

(In fact, a surprising amount of stuff is allowed to the left of the at sign, because only the user’s email server should be interpreting it. Not you!)

posted at 05:43 pm on November 6, 2007 by C. Daelhousen

10 + in email addresses

I have to point out that plus (+) is certainly allowed in the local part of an email address ( RFC 2822 )

It always annoys me when I try and sign up to a site with an email address with a plus in it, and can’t because there is some needlessly overly-restrictive regular expression sitting in the background.

posted at 05:51 pm on November 6, 2007 by Gareth Adams