9.11. Preventing Email Address Harvesting

Problem

You need to protect the email addresses listed on your site so they don't fall prey to spammers.

Solution

Employ one or more of these techniques:

  • Don't list any unprotected email addresses on your site.

  • Disguise addresses you must list on your site, without sacrificing your visitors' ability to click or copy them for legitimate use.

  • Create a script that sends web site messages to your mail server using logic that hides the actual addresses.

  • Block known harvesting agents—or spambots—from accessing your site.

  • Set up a spambot trap.

Discussion

Taken all together, these methods are not guaranteed to stop spammers from getting addresses from your site. The only way to do that is to keep all email addresses—disguised or otherwise—off your site. But that's not practical for most web sites. And let's face it, the day when that becomes the only viable option will be the day the spammers have won.

One of the many ways that spammers get new addresses is with spambots, which crawl the web day and night to scrape web pages for email addresses. Spambots also scour Usenet and online forum postings, domain registrant information in whois databases, and poorly protected web-based mailing lists for new recipients their masters can barrage with junk. If you're not getting spam on at least one of your email accounts, you might want to check your pulse.

If you have unprotected email addresses in your web page code, remove them and consider ditching them altogether. ...

Get Web Site Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.