How to Avoid Email Harvesting from Evil Spambots
If you have a website, you are most likely familiar with "spambots." These are evil computer programs that troll websites looking for email addresses to harvest. The harvested email addresses are then used by the spam bot owners or sold to other spammers hawking "free software," "Viagra," and various "patches."
The spam bots identify email addresses by looking for specific characters (e.g. @ sign) or patterns on your website.
To deter the spambots, it seems a lot of companies have decided to eliminate email addresses all together on their websites - including the "contact us" pages. Instead, they've incorporated contact forms that ask us to complete a set of fields and then send the message.
Perhaps my mind could be improved on this, but I don't really care for websites that require you to complete a form to contact them.
It seems very impersonal (even more than support@site or info@site) and why should you give them your email address, if they choose not to provide their own? Trust is already difficult enough to earn on the web. To me, these impersonal contact forms where you're asked to "give up" personal info (e.g. name, email, etc.), without reciprocation, has a negative impact on building trust.
If you agree with this sentiment, here's how you can use email addresses on your website, but still deter the evil spambots. I've included a couple of the least technical strategies below:
...If you want to hide your addresses from spambots, you must understand how they work. Most spambots find addresses by looking for patterns of text that look like an email address. For example, email addresses always contain an @. Spambots therefore scan the text of a webpage to find any @s. If you eliminate the @ from addresses then most spambots won't be able to recognize that your addresses:
carol-at-example.com
carol(at)example.com
carol AT example DOT comWhile this hides your address from spambots, visitors to your site will often still incorrectly demung your address, or not even recognize it is an email address, and therefore be unable to contact you.
A more sophisticated version of hiding your address, which still allows human users to see the addresses without any apparent munging, involves using ASCII character codes. ASCII character codes are like machine language for representing characters on a web page. For example, if you want to represent an @ you can either use the character itself, or you can use it's ASCII character code: @ (ampersand number-sign six four semi-colon).
If you use the ASCII code then human visitors to your site will see an @ because their browsers automatically translate the character code. However, most spambots currently do not recognize the codes and therefore ignore addresses created with them. The following addresses will all appear the same if they are included in the HTML of your site:
carol@example.com
carol@example.com
carol@example.comNotice that the last address above uses an ASCII code not only to replace the @, but also the period (.). On the next page we'll show you even more advanced munging techniques, and provide an automatic address munging tool.
Comments