|
| |
|
|
hzarabet
Posts: 1549
From: New Milford CT USA
Status: offline
 |
Preventing email harvesting - 6/9/2009 19:43:26
Hi all:
I am building a page that will be a listing of information that includes email addresses for a number of organizations.
I know about JS etc to prevent email harvesting for my own email address, but how can I prevent this from happeining to 100+ email addresses on the page that are not mine?
If I built the page (ASP) where the email addresses would only appear if a QueryString was used, would that prevent harvesting as the havester would not catch the QueryString?
For example:
MyPage.asp would not show email addresses
MyPage.asp?Email=Y would show emails addresses
_____________________________
http://www.SigningsHotline.com lists EVERY upcoming athlete autograph appearance in the US and Canada
|
|
|
|
womble
Posts: 6009
Joined: 3/14/2005
From: Living on the edge
Status: offline
|
RE: Preventing email harvesting - 6/10/2009 6:08:41
quote:
ORIGINAL: Tailslide
You could beef it up by having a honeypot question in that little form which, if they fill in, it dumps them out (hide it using CSS). Then you could use sessions or something like that to add a unique token passed to the new page so that no token, no emails.
Or if you've got a page that's only accessible from correctly filling in the honeypot question (which could either forward on instantly, or display a "new page will displayed in a moment" type message), on your page that's got all the email addresses on it you could do a simple referrer check - referring page isn't the form's confirmation page? No email addys - emails page doesn't load and they're booted off to somewhere else. Right page - email page loads.
The problem I can see with both Tail's suggestion and something like my suggestion (maybe I'm missing something with the ASP QueryString thing though - I've not fully woken up yet  ) is that if the email addresses are on a 'normal' page, if it's accessible to visitors it's also accessible to bots, as bad bots will ignore any instruction not to access or index. Actually, thinking about it though, it wouldn't be a 'normal' page though would it? Am I right in thinking that if you're using ASP and a QueryString you'd have your script which would loop through your email addresses with Response.Write and spit them out for display? I know the processing would be done server-side and sent to the browser, but I'm wondering if, if the script's somewhere accessible (i.e. in a directory above the domain root) if the bots would still be able to access the email address from the script? (I'm afraid I'm not sure on that one, and it's a while since I did any ASP and I only just scraped a pass in the ASP course I did ).
The only other solution I can think of is to hold your email addresses in a database, and your script could loop through the records in your database, which would make it a lot harder to access the info for bad bots because you could use the honeypot question/token idea Tail suggested to make sure only genuine visitors get to the page where your database connection info's in your script. No token, no database connection, no emails.
(Feel free to totally ignore me - I'm rambling and only half awake  )
_____________________________
~~ "A cruel god ain't no god at all" ~~
~~ Erase hate. Practice love. ~~
| |
|
|
|
hzarabet
Posts: 1549
From: New Milford CT USA
Status: offline
|
RE: Preventing email harvesting - 6/10/2009 10:15:27
The email address are not hard coded. They are pulled in using ASP.
I am using the form method. If the person clicks on a submit link then a variable is passed commanding the emails to appear. No querystring is being used as that would require me to have the page&qs written somewhere in my code.
Does this hold water?
http://www.SigningsHotline.com/AE/AE.asp
_____________________________
http://www.SigningsHotline.com lists EVERY upcoming athlete autograph appearance in the US and Canada
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
