Prevent Spam Bots Scraping Your Email Address
Page created 14th June 2011
If you provide an email address on your website for your readers, you need to protect it from spam robots, or "bots". A spam bot is a piece of software which is, in effect, an automated web surfer which travels at lightning speed around the internet, clicking from one page to another, across to the next website, and so on. It searches for any text that looks like an email address. It collects the address, and then you receive emails offering substances to enhance your manhood or great riches at the casino.
Fortunately, spam bots don't see the page like a human eye does, and they can be easily fooled. There are several easy methods you can use to foil their evil plan.
First, lets look at what an email address looks like in the html source code. The portion in capital letters is the visible part, i.e. it shows on the page (the capital letters are only used for clarity, but would normally be lower case).
<a href="mailto:firstname.lastname@example.org"> NAME@WEBSITE.COM</a>
There are two security risks here. One risk is the email address inside the link (anchor) tag, the other is the visible address. The reason is that the bot can read all text, whether it appears on the page or is just part of the code.
Here are some of the methods you can use to protect your email address
- create gaps (not clickable)
- write the address as you would say it (not clickable)
- image of text (not clickable)
- encrypt or encode the address
The simplest method to disguise your email address is by simply showing a broken up version and instruct your readers to paste it into an email form and close the gaps. There is no link, and the text would read
name @ domain . com
Write the address as you would say it
As bots get more sophisticated, and may be trained to look for the @ character and a .com, and instructed to close gaps on adjoining words, it may be better to split the word up even more, though it would get ever more annoying for your reader. Another way would be to show the text of the address with characters as spoken, and again, instruct readers to close gaps and replace words with characters
name at domain dot com
Image of text
Yet another simple way would be to create an image with the text of your email address and instruct readers to enter it into an email form as they see it. Spam bots can not read text in images.
The above three methods work, are simple, but may put off some readers from contacting you because of the extra work involved.
Encrypt or encode the address
A better method would be to encode the text so that the bot can not read it, but the mailing program can. This is done with java script. There are free encoding services online if you are not able to encode it yourself (you probably wouldn't be reading this now, right?). One such service is by Syronex (free service). I have used it for several years on two websites and never received any spam through those email address links. You may still get the occasional spam email written by a real human who obtained the address by going to your website. This has been very rare.
You write your email address in the first form field on the Syronex site, and the text you want to appear on the page in the second field. This must not be your email address, as this text is not encoded, only included in the java script, and the bots could still read it in the source code. There is no need, of course, as you can simply use words like email me. You can also add text for the subject line. This may help you spot an email from your reader in your inbox, if the subject line included a word you would recognise. A simple example would be Feedback, though it might be safer to add something else, as spammer and phishers often use typical subject lines to trick people into opening an email.
Encryption service which does not work
I have also tried another type of encoding service, which did not work in the Firefox browser. I include it here so you know which type it is, and to best avoid it. This service generates the code for the email address and the text showing on the page, so you could have the email address visible, but you can't see anything in Firefox. It is a simple method, and you may have thought of trying it yourself. It uses the special character code for each letter and character, so the browser can read it, but the bots just "choke" on it. This website, emailaddresses.com, offers the service, but actually redirects you to another website, SiteUp, which sends you an email with the code to past into your page. If you do want to try it out, a small bit of warning. First, make sure that you select "No Thanks" in the box above the form if you don't want to receive two newsletters. Also, when you get the email, you may get a warning that it is a phishing email. It probably isn't. It is likely that your anti-virus software will see the encrypted code and interpret it as phishing.
Encryption service which might work
There are a few other services you might like to try. I have not tried these, so it is at your own risk.
http://scr.im/ - this turns your email address into a short url for sharing
http://mailhide.recaptcha.net/ creates code for a captcha your reader has to solve to see your email address. The last time I tried the link it did not work. I'll leave it here anyway, as the site may only be temporarily out of action.