21 RE: Irony

reefdog asks: “Do bots still obey robots.txt?”

The robot exclusion protocol is entirely voluntary, so it’s down to the bot programmers to decide whether or not to follow it. Many bots do, notably those of the most reputable search engines, and the likes of Alexa. But given the motives of disreputable bandits like spammers, it’s a bit too much to expect of them! I remember reading somewhere of someone who had put this very idea to the test – sadly I can’t remember where – and not surprisingly, it wasn’t long before they started receiving spam.

I wholeheartedly support the “kicking spammers in the nuts” idea, though. Just line ‘em up, and I’ll pull on my best steel toecapped boots.

posted at 01:29 pm on May 25, 2002 by Keith Bell

22 Two strikes and you're out

One possible (though somewhat complex) solution could be to give two different feedback addresses on the same page. And then have the mailserver or a client program delay and check the mail before forwarding it to you. The theory here is that no human will use both addresses to send the same letter twice, but a spamer is likely to do just that.

posted at 06:55 am on May 26, 2002 by Tommy

23 Using a mail script

Well, what my friend did, Zeke Runyon, (http://www.communistsquirrel.com/) was to wright a mailer perl script that made it so you had to enter in a name, email, and text to get it to send, with an email interface. Confusing, yet sucesfull. try it out at http://www.communistsquirrel.com/mail/

pretty cool…

posted at 12:04 pm on May 26, 2002 by Scott Allison

24 nothing beats an email address you can throw away

as greyduck has already mentioned, the best defense is simply to use disposable email addresses. however the method they link to is far more complicated than something like sneakemail (http://www.sneakemail.com/).

the address is pretty ugly, but it works and users don’t have to think about it – no removing NOSPAM (which I’m sure the bots can getaround now anyway) and just one click so the less savvy users aren’t put off.

posted at 11:02 pm on May 26, 2002 by heretic

25 My humble antispam recipe...

Hi,

I do actually use client-side redirection to provide spam-protected and still usable e-mail links. I use the PHP backend to split e-mail addresses in 3 parts (username, domain and top level domain name). The mailto URL is split in several concatenated strings and sensitive characters such as ‘@’ are URL-encoded. I believe this protection is robust until the day spambots will evaluate or scan pages for known patterns of JavaScript code. Now here it is :

[code]
function noSpam(n, d, tld)
{ [removed] = “mail”“to:”+n“@”d“.”+tld;
}
[/code]

The function is simply called in the anchor tag href attribute, i usually provide a link title with the “phonetical” representation of the e-mail address such as “john dot doe at example dot com” so the link is still usable for people who just want to peek the e-mail address since the status bar only shows an unfriendly “noSpam(‘john.doe’, ‘example’, ‘com’)”.

I hope it helps… and that spammers don’t read ALA forums! ;)

X

posted at 03:24 am on May 27, 2002 by Xavier Defrang

26 Break it apart a little more

I too use a php script and the mail() function to receive email from customers, so our address never sees the light of day. Originally though, we used a javascript with the email broken into variables and then the variables put into the .write() just to break it up and make it a little harder to piece back together.

function email(){ theName = “myName”; at = “@”; thePlace = “myPlace.com”; [removed](”<a href=\“mailto:”>Send Me No Spam!</a>”;
}

posted at 07:32 am on May 28, 2002 by Jeff

27 Can Spambots read meta tags?

When I first learned of these Spam bots searching sites for email addresses I quickly went to using a server-side form for contacting purposes. But I completely forgot to remove my meta reply-to tag with my email in it, should I take it out? Can these bots read meta tags too?

<meta http-equiv=“reply-to” content=“email@address.com” />

posted at 10:02 am on May 28, 2002 by David

28 re: meta tags

If it’s legal to use JavaScript to [removed] a meta tag, then you can use the same tricks for them as everyone is talking about for mailto links.

posted at 06:37 pm on May 28, 2002 by Slime

29 forms leave no trace

the problem with form submissions as a substitute for email is that then the sender has no record of the transaction or what was said. For example I have submitted email messages via forms to cbc.ca, ati.com, creativelabs.com and hp.com that have vanished into the great electron void in the sky. Now every time I am forced to use a form instead of email I keep a seperate text record so that I can phone the company and harangue them (which is necessary all too often). If that is too much work for the message (“your page at xxx is screwed up”) I often don’t bother.

So form-instead-of-mailto may protect your inbox, but it comes at a cost.

-matt

posted at 12:53 am on May 29, 2002 by matt wilkie

30 Robots have learnt javascript...

A robot which understands javascript is perfectly easy to create, and I’ve certainly got one that will get the email address in almost all of the techniques above, it’s not a harvester of email addresses for the purposes of spamming, but it does get email addresses of sites.

All these techniques have huge usability and accessibility issues – you’re requiring unwarranted levels of support for the fundamental requirement of providing a contact address.

If you want to fight spam, fight it on the mail-server, use good filters.

Jim.

posted at 06:40 am on May 29, 2002 by Jim Ley