Friday, 1 January 2010

Hide your email from the bots

I was doing some research into html formating for emails today and started thinking about all the "mailto" links that are spread out all over the web.

I remember seeing what crunchbase does to the email addresses the post to companies.
When I added LiteTest to the list companies on Crunchbase, they asked for the company email address. I thought nothing of it and added it.

Later on when I viewed the company profile I saw the email on the page, clear as day.
This spooked me a bit and I thought "surely they can't just post our email address out in the open like that? Bots will have a field day trolling the company pages for emails."

I took a closer look at the source of the page but the email address were nowhere to be found.
An even closer look showed me that they just url encode the javascript to print out the email on the page.

"That's clever" I thought. This should be available to everyone who wants to put their email on the site.

It did occur to me that if someone wanted to, they could still just grab all the pages, and url decode the email addresses and have them all at their spammy disposal.

What is needed is a way to make it less obvious and to give the user a bit of flexibility to how they change the email address.

I wrote a very simple script for this that I posted on LiteTest (or you can just download the script right here).

The idea is that we don't want to put the word mailto anywhere in the actual html.
Since the bots will only scrape the html looking for either at signs (@) or the mailto property in the <a> element, we simply conceal the link by changing the href attribute.

<a href="mailto:name@domain.com">Send me an email</a> can be changed to
<a href="name*domain.com" class="mailto">Send me an email</a>.

There is no hint for a bot that this is an email address, and when it tries to follow the link all it will get is a 404 page and think nothing more of it.

By including the lt.emailencode.js in your page, you can simply add this script snippet:
$(document).ready(function() {
    $(".mailto").emailencode();
});

No more bots stealing your email, and your visitors can still benefit from having instant access to mailing you without going through a contact form.
Posted by LiteTest at 19:03

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)