Re: [WSG] accessible ways to avoid spam
I'm wondering if any of you have any tips on creative ways to keep spambots from harvesting email addresses on you page, and still keep then accessable to diabled people and text-browsers. Here's my thoughts If you only need to protect a small number of email addresses, there's another approach: throwaway email addresses. I use www.sneakemail.com email addresses on various sites (not to mention email lists with public archives)... when an email address gets too much spam, I just kill it off. The real email addresses are never visible, so they can't be harvested. For the user, the only downside is the email address looks a bit odd. It's not suitable for long-term contacts, but then it shouldn't need to be used more than a couple of times before that relationship is established. Of course you can protect the email address using encoding tricks and forms, etc; it still makes a good fallback position to be able to get rid of the email address. Just a thought, anyway :) h -- --- http://cheshrkat.blogspot.com/ --- The future has arrived; it's just not --- evenly distributed. - William Gibson ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
[WSG] accessible ways to avoid spam
I'm wondering if any of you have any tips on creative ways to keep spambots from harvesting email addresses on you page, and still keep then accessable to diabled people and text-browsers. Here's my thoughts * You could do something like me[AT]foo[DOT]bar but the problem with this is that many none geeks are not familiar with this kind of anti-spam thing and may give up trying to contact you when the get a bounce back saying (surprise, surprise) me[AT]foo[DOT]bar does not exist. * You could do something like mespan style='display:none'nospamplease/div@foo.bar, but this wouldn't work for people without basic css support, and goes against some basic accessabilty rules. * You could use javascript, but then you block non-js users which is no better than the above solution * You could use an image, but then you have to decide what to put in the alt attribute. If you put the address there then you pretty much defeat the point of the image because i'm pretty sure most (or enough) spambots can't take addresses from alt attributes. If you don't, then you break accessability with text-browsers. Anyone else have any good solutions? Alan Trick ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] accessible ways to avoid spam
Hi Alan I prefer to use the [EMAIL PROTECTED] method, as it's pretty self-explanatory and easier to understand that me[-at-]foo[-dot-]bar. There are other options, such as using a simple (ie: plaintext, no image-generation) CAPTCHA that then directs the site visitor to a page with the email address. Speaking of CAPTCHAs, can someone explain why we need image-based ones for blogsites and low-traffic sites? I seriously doubt that site spammers are going to write even the simplist of Visual Basic (or worse) to parse an XHTML file to extract a plaintext CAPTCHA. Since employing paintext CAPTCHAs on my sites, I haven't seen any increase in spam. -- -David R -- Original Message -- From: Alan Trick [EMAIL PROTECTED] Reply-To: wsg@webstandardsgroup.org Date: Tue, 22 Feb 2005 09:33:51 -0500 I'm wondering if any of you have any tips on creative ways to keep spambots from harvesting email addresses on you page, and still keep then accessable to diabled people and text-browsers. Here's my thoughts * You could do something like me[AT]foo[DOT]bar but the problem with this is that many none geeks are not familiar with this kind of anti-spam thing and may give up trying to contact you when the get a bounce back saying (surprise, surprise) me[AT]foo[DOT]bar does not exist. * You could do something like mespan style='display:none'nospamplease/div@foo.bar, but this wouldn't work for people without basic css support, and goes against some basic accessabilty rules. * You could use javascript, but then you block non-js users which is no better than the above solution * You could use an image, but then you have to decide what to put in the alt attribute. If you put the address there then you pretty much defeat the point of the image because i'm pretty sure most (or enough) spambots can't take addresses from alt attributes. If you don't, then you break accessability with text-browsers. Anyone else have any good solutions? Alan Trick ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help ** ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] accessible ways to avoid spam
On Tue, 22 Feb 2005 09:33:51 -0500, Alan Trick [EMAIL PROTECTED] wrote: I'm wondering if any of you have any tips on creative ways to keep spambots from harvesting email addresses on you page, and still keep then accessable to diabled people and text-browsers. Anyone else have any good solutions? You can encode mail with URLencode and then with decimal and hexadecimal HTML entities, example implementation: http://wiki.pornel.ldreams.net/encje It's 100% valid and accessible, but should fool some spambots. Other method is to create bot-trap (hidden link) that catches and bans bots not respecting robots.txt and then giving e-mail addresses only on pages blocked in robots.txt. Yet another method is to write email links like: a href=/mail/user/domain and then postprocessing links with JS to transform them into mailto:[EMAIL PROTECTED] For compatibility with non-JS browsers you can have /mail/ page that generates mail form or uses some other unharvestable form of displaying address. -- regards, Kornel Lesiski ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
RE: [WSG] accessible ways to avoid spam
Alan Trick I'm wondering if any of you have any tips on creative ways to keep spambots from harvesting email addresses on you page, and still keep then accessable to diabled people and text-browsers. Interestingly, there were similar discussions this month on two other lists: http://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind0502L=web-supportT=0F=S=X=3B8ECB71D95F394803Y=p%2Eh%2Elauke%40salford%2Eac%2EukP=1150 and http://lists.w3.org/Archives/Public/w3c-wai-ig/2005JanMar/0281.html In both cases, I suggested that there may only be 2 realistic, sustainable options: 1) use a contact form (and keep the actual email address of the recipient on the server side...for instance, have a database of email addresses, and only pass an ID/primary key in a hidden field to identify which email address from the db it should go to) 2) (and/or) invest in some good spam filtering (both mailserver and client side) Anything else will have drawbacks for users with disabilities (and all other users as well, to an extent). IMHO anyway. Patrick Patrick H. Lauke Webmaster / University of Salford http://www.salford.ac.uk ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
RE: [WSG] accessible ways to avoid spam
Kornel Lesinski You can encode mail with URLencode and then with decimal and hexadecimal HTML entities, example implementation: http://wiki.pornel.ldreams.net/encje The problem with this type of method: once a method gets popular (because it temporarily works), bot writers are more than likely to simply update their bots (which should be fairly trivial in this case). Other method is to create bot-trap (hidden link) that catches and bans bots not respecting robots.txt and then giving e-mail addresses only on pages blocked in robots.txt. But then be careful that users of assistive technology don't stumble onto the trap by mistake. Yet another method is to write email links like: a href=/mail/user/domain and then postprocessing links with JS to transform them into mailto:[EMAIL PROTECTED] For compatibility with non-JS browsers you can have /mail/ page that generates mail form or uses some other unharvestable form of displaying address. Cute...particularly like the fallback mechanism. Again, though: once this catches on, bot writers will simply change their algorhythms. Patrick Patrick H. Lauke Webmaster / University of Salford http://www.salford.ac.uk ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
RE: [WSG] accessible ways to avoid spam
Alan, I've looked at this for a while and there is no guaranteed way of throttling spambots; however, you can confuse the simpler efforts and certainly slow the more determined scrapers. I wrote a server side app to encode email and mailto: addresses in ISO, Hex or mixed obfuscation. It's at: http://www.seowebsitepromotion.com/obfuscate_email.asp Mike Pepper Accessible Web Developer Internet SEO and Marketing Analyst [EMAIL PROTECTED] http://www.visidigm.com Administrator Guild of Accessible Web Designers [EMAIL PROTECTED] http://www.gawds.org -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alan Trick Sent: 22 February 2005 14:34 To: wsg@webstandardsgroup.org Subject: [WSG] accessible ways to avoid spam I'm wondering if any of you have any tips on creative ways to keep spambots from harvesting email addresses on you page, and still keep then accessable to diabled people and text-browsers. Here's my thoughts * You could do something like me[AT]foo[DOT]bar but the problem with this is that many none geeks are not familiar with this kind of anti-spam thing and may give up trying to contact you when the get a bounce back saying (surprise, surprise) me[AT]foo[DOT]bar does not exist. * You could do something like mespan style='display:none'nospamplease/div@foo.bar, but this wouldn't work for people without basic css support, and goes against some basic accessabilty rules. * You could use javascript, but then you block non-js users which is no better than the above solution * You could use an image, but then you have to decide what to put in the alt attribute. If you put the address there then you pretty much defeat the point of the image because i'm pretty sure most (or enough) spambots can't take addresses from alt attributes. If you don't, then you break accessability with text-browsers. Anyone else have any good solutions? Alan Trick ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help ** -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.3.0 - Release Date: 21/02/05 ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
Re: [WSG] accessible ways to avoid spam
Thanks for the replies. I've desided to just go with something like this:
mspan style='display:none'{remove this text for email address, it is
inserted to avoid spam}/span [EMAIL PROTECTED]
The number of people who will ever see the invisible text is pretty
small and I think it's pretty self explanitory how to get the address
out of there if their UA doesn't support 'display:none'.
Mike, I like that idea about strap.asp, but I use php, do you now any
places were I could find equivilant php code for the page?
-Alan Trick
Mike Pepper wrote:
Alan,
I've looked at this for a while and there is no guaranteed way of throttling
spambots; however, you can confuse the simpler efforts and certainly slow
the more determined scrapers.
I wrote a server side app to encode email and mailto: addresses in ISO, Hex
or mixed obfuscation. It's at:
http://www.seowebsitepromotion.com/obfuscate_email.asp
Mike Pepper
Accessible Web Developer
Internet SEO and Marketing Analyst
[EMAIL PROTECTED]
http://www.visidigm.com
Administrator
Guild of Accessible Web Designers
[EMAIL PROTECTED]
http://www.gawds.org
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Alan Trick
Sent: 22 February 2005 14:34
To: wsg@webstandardsgroup.org
Subject: [WSG] accessible ways to avoid spam
I'm wondering if any of you have any tips on creative ways to keep
spambots from harvesting email addresses on you page, and still keep
then accessable to diabled people and text-browsers. Here's my thoughts
* You could do something like me[AT]foo[DOT]bar but the problem with
this is that many none geeks are not familiar with this kind of
anti-spam thing and may give up trying to contact you when the get
a bounce back saying (surprise, surprise) me[AT]foo[DOT]bar does
not exist.
* You could do something like mespan
style='display:none'nospamplease/div@foo.bar, but this wouldn't
work for people without basic css support, and goes against some
basic accessabilty rules.
* You could use javascript, but then you block non-js users which is
no better than the above solution
* You could use an image, but then you have to decide what to put in
the alt attribute. If you put the address there then you pretty
much defeat the point of the image because i'm pretty sure most
(or enough) spambots can't take addresses from alt attributes. If
you don't, then you break accessability with text-browsers.
Anyone else have any good solutions?
Alan Trick
**
The discussion list for http://webstandardsgroup.org/
See http://webstandardsgroup.org/mail/guidelines.cfm
for some hints on posting to the list getting help
**
RE: [WSG] accessible ways to avoid spam
Alan Trick The number of people who will ever see the invisible text is pretty small and I think it's pretty self explanitory how to get the address out of there if their UA doesn't support 'display:none'. The problem is not UA (browser, in this case) support for display:none; it's the extra step that you're now requiring from users when they hit a mailto link and have to go back to manually edit the email address. This may become an issue for users with cognitive disabilities, or even those of us who are in a rush and don't pay too close attention to the to field after clicking said link. Patrick Patrick H. Lauke Webmaster / University of Salford http://www.salford.ac.uk ** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list getting help **
RE: [WSG] accessible ways to avoid spam
Alan, I'll mail you the ASP source off-list. PHP is almost a sibling to ASP
and most of the routines are array storage and iteration. You should be able
to translate it easily. I presume you're using the [EMAIL PROTECTED]
Cheers,
Mike
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Alan Trick
Sent: 22 February 2005 16:40
To: wsg@webstandardsgroup.org
Subject: Re: [WSG] accessible ways to avoid spam
Thanks for the replies. I've desided to just go with something like this:
mspan style='display:none'{remove this text for email address, it is
inserted to avoid spam}/span [EMAIL PROTECTED]
The number of people who will ever see the invisible text is pretty
small and I think it's pretty self explanitory how to get the address
out of there if their UA doesn't support 'display:none'.
Mike, I like that idea about strap.asp, but I use php, do you now any
places were I could find equivilant php code for the page?
-Alan Trick
Mike Pepper wrote:
Alan,
I've looked at this for a while and there is no guaranteed way
of throttling
spambots; however, you can confuse the simpler efforts and certainly slow
the more determined scrapers.
I wrote a server side app to encode email and mailto: addresses
in ISO, Hex
or mixed obfuscation. It's at:
http://www.seowebsitepromotion.com/obfuscate_email.asp
Mike Pepper
Accessible Web Developer
Internet SEO and Marketing Analyst
[EMAIL PROTECTED]
http://www.visidigm.com
Administrator
Guild of Accessible Web Designers
[EMAIL PROTECTED]
http://www.gawds.org
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Alan Trick
Sent: 22 February 2005 14:34
To: wsg@webstandardsgroup.org
Subject: [WSG] accessible ways to avoid spam
I'm wondering if any of you have any tips on creative ways to keep
spambots from harvesting email addresses on you page, and still keep
then accessable to diabled people and text-browsers. Here's my thoughts
* You could do something like me[AT]foo[DOT]bar but the problem with
this is that many none geeks are not familiar with this kind of
anti-spam thing and may give up trying to contact you when the get
a bounce back saying (surprise, surprise) me[AT]foo[DOT]bar does
not exist.
* You could do something like mespan
style='display:none'nospamplease/div@foo.bar, but this wouldn't
work for people without basic css support, and goes against some
basic accessabilty rules.
* You could use javascript, but then you block non-js users which is
no better than the above solution
* You could use an image, but then you have to decide what to put in
the alt attribute. If you put the address there then you pretty
much defeat the point of the image because i'm pretty sure most
(or enough) spambots can't take addresses from alt attributes. If
you don't, then you break accessability with text-browsers.
Anyone else have any good solutions?
Alan Trick
**
The discussion list for http://webstandardsgroup.org/
See http://webstandardsgroup.org/mail/guidelines.cfm
for some hints on posting to the list getting help
**
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.3.0 - Release Date: 21/02/05
**
The discussion list for http://webstandardsgroup.org/
See http://webstandardsgroup.org/mail/guidelines.cfm
for some hints on posting to the list getting help
**
Re: [WSG] accessible ways to avoid spam
I'm not including it as a link, so people are going to have to copy and paste it anyways. I'm including a form on the page so that those who want to contact me directly, can. And Mike, just email me at this address, thanks :-) Patrick Lauke wrote: Alan Trick The number of people who will ever see the invisible text is pretty small and I think it's pretty self explanitory how to get the address out of there if their UA doesn't support 'display:none'. The problem is not UA (browser, in this case) support for display:none; it's the extra step that you're now requiring from users when they hit a mailto link and have to go back to manually edit the email address. This may become an issue for users with cognitive disabilities, or even those of us who are in a rush and don't pay too close attention to the "to" field after clicking said link. Patrick
