Email Link Safety

For those of you who develop your own websites, you should know there are "bots" out there reading the web looking for information to exploit. What is a "bot?" In this instance we refer to computer programs written to automaticall surf the internet looking for information. The enter a site and basically read ever bit of code trying to find things to exploit. One common exploit is grabbing email addresses from email links and selling them to spammers.

Below is a script to protect your email address. We will soon add alternatives that you can mix and match to fool the "bots"

If you have a web site, and you put an email link on the site, there are "bots" that surf the internet 24/7 reading pages and looking for (or .net, .org, .us, whatever). To avoid the "bots" many website creators use a brief java script that looks like this...

<script language=javascript>
var contact = "email here"
var email = "anybody"
var emailHost = ""
var subj = "Here%20is%20a%20subject"
document.write("<a href=" + "mail" + "to:" + email + "&#64;" + emailHost + "?Subject=" + subj + ">" + contact + "</a>")

So... what does it mean?

Well the first line is kind of obvious, it says to your browser "Yo, I have a javascript here for you" thus telling the browser how to read it.

The lines starting with "var" set variables in memory that can be called back later to assemble something like a sentence.

It goes like this - var (variable) blah (name of variable to be called later) = more blah (the value to be called).

If you look at the "subject" variable you notice several times the characters "%20" which is sthe same as a space.

Next comes the line "document.write(blah)"

Inside the parenthesis is something to be assembled only when called upon. In this caes it is an html tag that forms a link. As you read the link, anything in quotes is written verbatim, while unquoted items call back to the value of those pesky variables we set earlier. The "+" sign seperates text from variables to be added together to form the document (or in this case link) that we want to write.

Spam bots have not yet figured out how to read this and determine that it is an email link.

You may wonder about the "&#64;" in the middle. That is a 7-bit ASCII code representation of the @ sign used in email links. More to fool the "bots" with!

There is another method that may be used that does not require scripting. It simply encodes all the characters of the address as either decimal or hexadecimal code or a mix of both. I may switch to this type on encoding once I have a chance to research it better.

This site ©2004 BYTE Wizards, LLC - All rights reserved

All information and programs subject to our linked disclaimer