Good non-intrusive anti-spam email obfuscator?

2019-02-06 11:20发布

问题:

I'm trying to come up with a JavaScript email obfuscator to reduce the chance for spam in emails listed on a web site. Right now I've got a JavaScript based obfuscator that uses a combination of HTML encoding & JavaScript to convert an obfuscated email into a normal email transparently.

What I do is this:

Format the "mailto:" part of the href in links to be HTML encoded like:

mailto:

I also encode the email, replacing the @ sign with (a), so that the email reads something like:

stackoverflow(a)example.com

I then use some JavaScript to decipher all mailto links which have this (a) sign in the email and convert them to @ on page load.

This works fairly well. For people using browsers with JavaScript enabled, they see everything working normally. For people without JavaScript enabled, every mail client I know would consider the email address as invalid, however the user should be able to infer what is needed to correct the symbol.

I was wondering if there was any better (less intrusive (or at best, not very intrusive) but more spammer resistant) way of obfuscating emails on a web page.

As with any type of obfuscation, if a human or computer can easily de-obfuscate it, then a spammer could easily do the same. Because of this, I'm not expecting a foolproof obfuscation, however I was curious to see what other suggestions were out there. Searching Google didn't reveal any solutions that I consider better than my current solution. I was wondering if there were any other good alternatives.

回答1:

I've used HiveLogic Enkoder in the past with pretty good success. If anything you might want to take a look at how Dan's encoding works as it might give you some ideas to make an even more robust obfuscator.



回答2:

If you really want to protect email adresses there will be no other way then generating images for non-JavaScript users.
I used to use something like this:

<script type="text/javascript">
//<![CDATA[
     scrambler('c.arb@oof||mo');
//]]>
</script>
<noscript>
    <img src="scrambler.php?t=c.arb@oof||mo" alt="Emailadresse" />
</noscript>

scramble is a very simple JavaScript function, I think you easily could figure out what it does. (It will result in: <a href="mailto:foo@bar.com">foo@bar.com</a>) scrambler.php is the same, except in php and a gd backend to generate images.

Figure something out that is not about some encodingtricks or replacing something by something else.

EDIT: Here is my algo:

function scrambler (text) {
  parts = text.split("||");
  var reverse = function (s) {
    var ret ='';
    for (var i=s.length-1;i>=0;i--)
      ret+=s.charAt(i);
    return ret;
  }
  text = reverse(parts[0])+reverse(parts[1]);
  document.write(text);
}


回答3:

I have used this generator http://www.wbwip.com/wbw/emailencoder.html service for awhile and it works great. I usually use parts of the encoded address and part that are not.

For example ...

user@po.com == &#117;&#115;&#101;&#114;&#064;&#112;&#111;&#046;&#099;&#111;&#109;

I might change to...

user@po.com == u&#115;&#101;&#114;&#064;&#112;&#111;&#046;&#099;&#111;m



回答4:

One way to obfuscate the email for a computer would be to write the email as an image and not as text. This way it is still easy for a human to read the email adress and quite hard for a computer.

As stated by Steve Gilham it is not that hard to get the email with OCR. And text only browsers don't support them. Thus, Scott's solution is probably the best solution.