Spambot Beware

Avoidance - CGI Tricks

The best way to hide your email from spambots is to hide it by using cgi scripts:


The Nomailto Program

(A simple mail redirect program)

Here's a simple way to avoid mailto tags - use a cgi form instead, that outputs the mailto tag to the browser. This program works as a GET or as a POST. Note that spambots that ignore robots.txt can still get the emails from the GET request, so a POST is preferred. Here's the program in C and perl:

The program simply takes the first two arguments sent it as the name and the domain of the email address, then sends a "mailto:" to the browser with the email in a correct form.

Here's how the HTML would look for a GET method. Notice that there is nothing that a spambot can figure out, but it looks and acts like a normal "mailto:" link for the user.

<a href="/cgi-bin/Nomailto.pl?spambot=greg&beware=turnstep.com"
>Send me some email!</A>

This seems to work well, but there is one problem - the spambot may just follow the link like any other, and get a mailto tag. This assumes that the spambot ignores any directives in robots.txt to stay out of the cgi directory you have the Nomailto program in.

A far better way is to use a POST method. Spambots cannot follow a POST. If they did, they would have to parse apart every FORM tag and also try to set any input tags as well. We're approaching artificial intelligence at this point, so this method is pretty safe. Some example HTML code for a post method:


<form method="post" action="/cgi-bin/Nomailto.pl">
<input type="hidden" name="spambot" value="greg" />
<input type="hidden" name="beware" value="turnstep.com" />
<input type="submit" value="Send me email!" />
</form>

Note that this will work with non-graphical broswers as well. An even nicer way is to tie the submit button in with a button - such as a graphic with your email on it:

<input type="image" src="Images/email1.gif" />

Post gates

The idea of a POST gate is simple - spambots may be able to follow GET links (which are just of the form http://whatever?name1=value1&name2=value2) but they cannot form POST requests because it involves more than just following a link. A POST gate is simply a form that calls a CGI program that redirects the user to another part of the site. This allows you to "wall off" part of your site from spambots.

As an example, say that your site has a page at /names.html that contains a list of all you friends and their emails. Since you don't want spambots getting to this page, you "wall it off" by not providing a direct link to it anywhere. Instead, the user must click on a SUBMIT button, which calls up a cgi program that redirects the browser to the names.html page. Here's what the HTML would look like. The source is on the right:
(Note: the button will not work. It's an example only)


<form method="post" 
  action="/cgi-bin/redirect.pl">
<input type="hidden" name="url" value="/names.html" />
<input type="submit" value="View my friends page" />
</form>

Here's the program:


Spambot Beware: Main page <> Detection <> Avoidance <> Harassment <> Glossary

Avoidance: Main page <> Social <> HMTL <> CGI

Written by Greg Sabino Mullane (greg "at" turnstep.com). Last update March 30, 2003.

Valid XHTML 1.0!