ISP-Planet - Webhosting - ISPs Fight Spam Bots

Sections

• Best of the Lists
• Business
• CLEC-Planet
• Equipment
• Executive
Perspectives
• Fixed Wireless
• Investor
• Marketing
• Market Research
• News
• Notable Quotes
• Politics
• Profiles
• Resources
• Technology
• Value-Added
Services
• Webhosting
Also ...
• About Us
• Authors
• Letters
• Site Map
• Technology Jobs

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

internet.commerce

Be a Commerce Partner

Best of the ISP-Lists

ISPs Fight Spam Bots

Members of the ISP-Tech list share advice on protecting customers from programs that troll websites looking for e-mail addresses to sell to spammers.

[July 8, 2002]

On the ISP-Tech list in June, DC queried,

"I am looking to prevent or at least slow down the bots that harvest e-mail addresses from my ISP's Web pages. Any suggestions? My Web designers are pushing for JavaScript solutions."

A number of respondents offered simple suggestions:

[JM advised] "One of the best solutions is simply not to expose any e-mail addresses on your website. Use Web forms for e-mail. If you were formerly listing the e-mail addresses for each individual in your company, then allow people to continue to send e-mail directly to those individuals through the form. Make the form very simple: just To, From, Subject, and Message. You should probably leave one or two generic e-mails exposed, like sales@ or info@, so that potential customers aren't put off."

[SS added] "The simplest solution is to not use the @ sign. Instead, use the HTML entity for the @ sign, which is &#64. Harvesters don't seem to be able to harvest e-mail addresses done this way."

[PC noted] "We're using stuff like:

<a href="mailto:%20webmaster( Webmaster )@it%2eca">webmaster@it.ca</a> and

Please <noscript>info@</noscript> <script> var d='Information'; var c='contact us'; var b='it.ca'; var a='mailto:info'; document.writeln('<a href="'+a+'@( '+d+' )'+b+'">'+c+'</a>'); </script> <noscript>it.ca</noscript>!

It seems to work nicely."

Others recommended some solutions available online:

[PC offered] "Wpoison is something to add to your arsenal. It pollutes the harvester's database with invalid addresses."

[JL added] "The mailto obfuscator is another interesting approach."

PI warned that any simple way to block harvesters will be also be simple to overcome:

"Harvesters are written by people—sometimes relatively clever people. Simply replacing the @ character or translating cleartext into equivalent markup entities is insufficient. If there's a pattern, it will be noticed. I haven't found that JavaScript has been detected by harvesters yet, but I'm sure it's only a matter of time."

JL suggested that even a temporary solution is worth implementing:

"Nothing is forever. Ultimately, given sufficient time and resources, any locks anyone creates can be picked by someone else. There's no doubt that an e-mail address harvester will eventually be written which can defeat all approaches anyone comes up with. But any technique which makes the process too complex to bother with, however briefly, is a good one."

—End

Related articles:
	[April 4, 2002]	Fight Spam With VOP modusMail
	[March 26, 2002]	Stopping Spyware
	[Oct. 25, 1999]	Protect Your ISP With A Strong AUP (Acceptable Use Policy)

Feedback

ISP-Planet's RSS feed