Paluy on Miscellaneous

Of course I'm an optimist - I don't see much point in being anything else. - Winston Churchill

Protect Email From Spam Bots

TL;DR

Spam bots are getting a lot smarter at harvesting email addresses from web pages. Use encode option while using mail_to

Ways to protect your email: me@domain.com

  • Weak solution - substitute characters: me_at_domain_dot_com
  • Weak solution - HEX encoding: %6d%65@%64%6f%6d%61%69%6e.%63%6f%6d
  • Better solution - Javascript encoding:
1
2
3
4
5
mail_to "me@domain.com", "Contact us", :encode => "javascript"
# => <script type="text/javascript">eval(decodeURIComponent('%64%6f%63...%27%29%3b'))</script>
#
# The JavaScript evaluates the following:
# document.write('<a href=\"mailto:me@domain.com\">Contact us<\/a>');

Check more details here.

Another way to encode your mail_to with JavaScript

Email obfuscator script 2.1 by Tim Williams

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
<script type="text/javascript" language="javascript">
<!--
// Email obfuscator script 2.1 by Tim Williams, University of Arizona
// Random encryption key feature by Andrew Moulden, Site Engineering Ltd
// This code is freeware provided these four comment lines remain intact
// A wizard to generate this code is at http://www.jottings.com/obfuscator/
{
  coded = "B6@LSBeJv.ASB"
  key = "78ncPmS9z0hseXrvAKBlgi1OC6tjYU2qdIJw5MVfQyb3ZLH4ExRWNTpoFkuGDa"
  shift=coded.length
  link=""
  for (i=0; i<coded.length; i++) {
    if (key.indexOf(coded.charAt(i))==-1) {
      ltr = coded.charAt(i)
      link += (ltr)
    }
    else {
      ltr = (key.indexOf(coded.charAt(i))-shift+key.length) % key.length
      link += (key.charAt(ltr))
    }
  }
  document.write("<a href='mailto:"+link+"'>Contact us</a>")
}
//-->
</script><noscript>Sorry, you need Javascript on to email me.</noscript>

Important! You can’t protect your email 100%

If the bot evaluates JavaScript before harvesting email addresses, you can’t resist it.

For example, it can be done using PhantomJS

Comments