|
|
|
|
|
|
|
|
|
|
|
|
|
|
Using dynamically generated HTML to thwart spam email address harvesting (continued)
Crop-busting techniques
First, let's look at two separate techniques to obfuscate email addresses from harvesters, then we'll combine them into an easy to use crop-busting package that you can deploy in any Domino application. Wmail addresses are pretty easy to spot in Web pages. Harvesters generally look for two characteristics. The first is any string in the format "xxx@xxx.xxx"; (or /.+@.+\..+/ if you're familiar with regular expressions). The second marker is the mailto: tag used to create HTML links to email addresses in Web pages.
What follows are a few ideas you might try out to prevent harvesting on your Web site.
Technique #1: Image interpolation
When you're creating a new Web page or application, create two GIF files (once you've selected all your stylesheet parameters); one containing a graphic representation of the "@" character and one containing a similar graphic for the "." character. Use these images instead of writing out email addresses. So instead of writing (or generating) myuser@domain.com in your HTML source, write (or generate with Domino) myuser<img src="/myat.gif">domain<img src="/mydot.gif">com. If you don't use obvious names for your image files it becomes almost impossible for a harvester to decipher an email address in this format, but human users won't notice a difference.
Hint: make sure the font and size used for the graphic match those of your page.
Technique #2: Dynamic creation
Image interpolation is great for displaying addresses, but unfortunately it won't work in a mailto URL. In fact the mailto URL itself will indicate to harvesters that there is an email address to be harvested. Luckily, it is very inefficient for harvesters to interpret and execute all the JavaScript in each Web page they encounter, so they generally just do a quick scan of the underlying code looking for email addresses. We'll exploit this design weakness by using JavaScript to dynamically build mailto links for us.
This is slick!
When called, the following JavaScript function returns an email address formatted with graphics instead of the "@" and "." characters as described above, it also creates a mailto link around the email address. Obviously, the line numbers in the code won't be in your final version. They're included for the commentary that follows the code.
function createAd (u,d,t) {
01: var atimg = "<img src='/myat.gif'>";
02: var dotimg = "<img src='/mydot.gif'>";
04: var cmd = "m"+""+"a";
05: var to = "t";
05: cmd = cmd + ""+""+"i";
06: to = to+"o:";
07: cmd = cmd +"l"+to;
08: loc = cmd+u;
09: loc = loc + "%40";
10: loc = loc +d;
11: loc = loc +"." +t;
12: return("<a href='"+loc+"'>"+u+atimg+d+dotimg+t+"</a>");
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Advertisement --
Learn Notes and Domino 8 at your place and pace!
Learn Notes and Domino in your office and/or home! TLCC's highly acclaimed distance learning courses for users, developers, and admins will enhance your career and your resume.
The many included activities and demos will make you a pro! Expert instructor help is a click away.
Click here to try a FREE demo course!! |
-- Advertisement --
Mark your calendar for in-depth Lotus training, May 12-14, Boston
Join experts and peers May 12-14 in Boston for educational and networking events that deliver real-world Lotus training so you can increase productivity and efficiency in your company, advance your skills, and squeeze the most from your current environment. One registration gets you into THE VIEW's Admin2010 and Lotus Developer2010.
Register by April 10 to save $200. |
|
|
|
|
|
|
|
|
|
|
