Preventing email harvesting

Preventing email harvesting (Full Version)

All Forums >> [Web Development] >> General Web Development

Message

hzarabet -> Preventing email harvesting (6/9/2009 19:43:26)
Hi all: I am building a page that will be a listing of information that includes email addresses for a number of organizations. I know about JS etc to prevent email harvesting for my own email address, but how can I prevent this from happeining to 100+ email addresses on the page that are not mine? If I built the page (ASP) where the email addresses would only appear if a QueryString was used, would that prevent harvesting as the havester would not catch the QueryString? For example: MyPage.asp would not show email addresses MyPage.asp?Email=Y would show emails addresses

Tailslide -> RE: Preventing email harvesting (6/10/2009 1:17:34)
Would the email page be accessible from a normal link? I'm wondering if it's just another page then the bots will find it... Maybe you could have a question - "Would you like to see the Email addresses (please type Yes)" and when they do that and press the button then the emails become visible (i.e. you go to the email page). You could beef it up by having a honeypot question in that little form which, if they fill in, it dumps them out (hide it using CSS). Then you could use sessions or something like that to add a unique token passed to the new page so that no token, no emails.

womble -> RE: Preventing email harvesting (6/10/2009 6:08:41)
quote: ORIGINAL: Tailslide You could beef it up by having a honeypot question in that little form which, if they fill in, it dumps them out (hide it using CSS). Then you could use sessions or something like that to add a unique token passed to the new page so that no token, no emails. Or if you've got a page that's only accessible from correctly filling in the honeypot question (which could either forward on instantly, or display a "new page will displayed in a moment" type message), on your page that's got all the email addresses on it you could do a simple referrer check - referring page isn't the form's confirmation page? No email addys - emails page doesn't load and they're booted off to somewhere else. Right page - email page loads. The problem I can see with both Tail's suggestion and something like my suggestion (maybe I'm missing something with the ASP QueryString thing though - I've not fully woken up yet [:D]) is that if the email addresses are on a 'normal' page, if it's accessible to visitors it's also accessible to bots, as bad bots will ignore any instruction not to access or index. Actually, thinking about it though, it wouldn't be a 'normal' page though would it? Am I right in thinking that if you're using ASP and a QueryString you'd have your script which would loop through your email addresses with Response.Write and spit them out for display? I know the processing would be done server-side and sent to the browser, but I'm wondering if, if the script's somewhere accessible (i.e. in a directory above the domain root) if the bots would still be able to access the email address from the script? (I'm afraid I'm not sure on that one, and it's a while since I did any ASP and I only just scraped a pass in the ASP course I did [:D]). The only other solution I can think of is to hold your email addresses in a database, and your script could loop through the records in your database, which would make it a lot harder to access the info for bad bots because you could use the honeypot question/token idea Tail suggested to make sure only genuine visitors get to the page where your database connection info's in your script. No token, no database connection, no emails. (Feel free to totally ignore me - I'm rambling and only half awake [;)])

Donkey -> RE: Preventing email harvesting (6/10/2009 7:26:38)
If you want a simple answer, I've combined the JS with obfuscation using a combination of Hexadecimal and ISO characters which you can generate here: Email Obfuscater I realise it would be a lot of work to use this method on 100 or so addresses, I used it for 12 addresses and it took me a couple of hours, but perhaps the process could be automated by someone who knows php or perl. BTW it seems to be working.

hzarabet -> RE: Preventing email harvesting (6/10/2009 10:15:27)
The email address are not hard coded. They are pulled in using ASP. I am using the form method. If the person clicks on a submit link then a variable is passed commanding the emails to appear. No querystring is being used as that would require me to have the page&qs written somewhere in my code. Does this hold water? http://www.SigningsHotline.com/AE/AE.asp

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.125