Geek Answers Handbook

How to protect website email addresses from modern JS-enabled bots?

This is a recurring question on the website, but after a 20-minute review of old questions, I could not find a modern solution.

Earlier, I used this JS method to protect addresses. Before the JS method, I used image and flash based solutions. Below is my old way.

Animated codepen example: http://codepen.io/anon/pen/kIjKe/

HTML:

<span class="reverse eml"> moc.niamod@tset </span><br>

CSS

 .reverse { unicode-bidi: bidi-override; direction: rtl; } .eml { display: inline; }

JS:

 function reverseEmails() { if (jQuery(".eml.reverse").length > 0) { jQuery(".eml.reverse").each(function() { var that = jQuery(this); var email = that.text().split("").reverse().join(""); that.removeClass("reverse"); that.html("<a href='mailto:" + email + "'>" + email + "</a>"); }); } }

None of these methods currently works, since Node.js-based scrapers are capable of generating the image of the page they are cleaning, and then reading any data read by a person from the specified image - you can guess the rest.

Is there any method that works these days when users can still easily read / click / copy paste email addresses, but bots with JS support can't?

+7
email bots data-protection
source share
3 answers

Put your email address on a separate page, available only for CAPTCHA.

Provided, then the security is only the same as the CAPTCHA security.

Using your own obfuscation can be a serious alternative if you only have a limited number of addresses that you want to protect. Some ideas that I have used in the past;

  • Crossword. Do it very easily, with cues such as famous song titles with one missing word (easy for google and no arguing about possible second interpretations). You can fill in many letters to make them even easier.
  • Record sound with background noise. I didn’t want to use my own voice, so I used a speech synthesizer with a German accent (-: AT & T web demo IIRC) and mixed for a few seconds of music in the background (Frank Zappa Peaches en regalia worked very well for me, but the tastes were different )
  • Hand-drawn image. I like to draw letter outlines, but I doubt they are regular enough to transmit any OCR.

The real beef here is not the stellar brilliance of these decisions, but the various approaches that, I hope, will inspire you to think in new directions. In the end, you will always be safer if you come up with your own unique solution; anything that resembles the “new de facto standard” will be the lowest hanging fruit that scrapers will spend time trying to break out of.

By the way, I tried to think about usability for people with disabilities, so I actually deployed the audio version as a backup for people who have problems interacting with the other two, which are based on a visual layout.

Unfortunately, very few people want to email me these days anyway (or maybe they will, but will eventually be rejected as spam?), Which, frankly, is a relief. Those who usually use whois login information for my domain name (which uses the anonymous address provided by the whois registrar) are good guesses.

+2
source share

This is personally my favorite method, which, as I found, still works, it’s not a bulletproof, theoretically bot that can parse CSS3 and prepare a text search, it will still find it or a spambot that triggered events in order to collect email addresses the mail would need to feed the page mainly with a mute browser, somehow determine what might be JS-confused mail content, these scripts are a huge job that may not be useful, and no spammer will ever think about it , f Act: I did not have spam today, and it works great for people, both for reading and for clicks:

  <style> .email:after{ content:'@mydomain.com'; } </style> Contact me at:<div class="email">myemail</div> <script> $('.email').click(function(){ window.location.href='mailto:'+$(this).html()+'@mydomain.com'; }); </script>

The fact is that the letter is not a link, so bots never fire the click event, because they do not even know that it will do something.

+7
source share

I suspect that your intuition is correct if the page displays an email address and the bot can clear it.

It is best to use the server side in some way.

For example, if you just want visitors to be able to contact you, you can add a Contact Us form, like this one: https://store.theonion.com/t-contact.aspx

If you want visitors to be able to communicate with each other, you may need to create an anonymity system such as Craigslist.

+1
source share

More articles:


All Articles