Spambot Beware

Avoidance - HTML Tricks

There are many ways of hiding your email on a web page. Most of the tricks described here can be combined, and all of them will benefit from some CGI tricks as well.


Mailto tags

The most important rule to remember is that most spambots do not really care what is on the page itself, but are only looking for mailto tags. The easiest solution is just to not use them at all. Some convenience is lost, as people cannot simply "click-and-mail" you, but it's a small price to pay. Originally, the mailto tag was a great invention, but, like so many things on the Internet, it has now been abused. Using some of the HTML tricks described below in combination with some CGI tricks can make the web page look and act exactly as if it did have mailto tags.

Not all spambots look exclusively at mailto tags, but also scan the text of the page (what users see) for email addresses. See below for ways to hide those as well.

Using a Graphic

The simplest, most effective way to hide your email is to make it into a graphic. There are no spambots that can read graphics. Indeed, most of them do not even load graphics, as it just slows them down. A graphic is just a jpg or a gif file that contains your email address on it. Almost any graphics program can create one - make it as simple or as fancy as you like.

Here are some simple examples: Example email graphic 1
Example email graphic 2

This solution has a major drawback, however: the user must be able to view the image to see your email. One solution is to use the ALT tag to display a mesage such as:

Using HTML Entities

One trick is to replace the "@" symbol with the html character entity for it. Here are two email addresses: can you tell the difference?

Most people cannot, without looking at the source code. Here's what they really look like:


jqpublic@example.com
jqpublic@example.com

The "@" is another way of writing the "at" character - the "at" in an email address. This may fool some spambots, however, it is very easy for a spambot to "learn" this trick, so use it sparingly.

Spelling It out

This is similar to what is done sometimes on usenet. The idea is to communicate the email address without actually using the format of "name@place.com". Here are some simple examples:

(Be careful with the last approach, however. You do not want to use an actual domain name, ever. See the What NOT to do section for more about that.)

The variations on the spelling theme are endless. Be creative.

Fun with tables

Tables are a great way to show your email without revealing it to spambots. Nowadays, you'd be hard pressed to find a browser that does NOT support tables, so this trick should work almost everywhere.

Where the text appears in relation to the nearby html tags is very important in a table. Consider this table. (I added a thick border for illustration, but you may want to consider a border=0 for a more subtle effect). Also note the use of a graphic in place of the "@" symbol. The source code for the table is next to it.

greg Send me email!!
@ turnstep.com

<div align="center">
<table cellpadding="1" cellspacing="1" border="4">
  <tr>
   <th rowspan="2" valign="bottom">greg</th>
   <th align="left" colspan="2">Send me email!!</th>
  </tr>
  <tr>
   <th><img alt="@" width="47" height="47" src="Images/at.gif" /></th>
   <th valign="bottom">turnstep.com</th>
  </tr>
  </table>
</div>

The image is probably a bit large, but you get the idea. In this case, the spambot has nothing to go on whatsoever. Even if you used a text "@" symbol, the order of the tags would give the spambot this string: greg Send me email! @ turnstep.com

Pull down menus

By using pull down menus in conjunction with javascript and CGI, you can allow access to other pages on your site, but confuse spambots who will not be able to reach those pages. Consider this HTML:

<form method=post action="/cgi-bin/jumpto" name="Location">
<select name="Month" onchange = 
window.location.href="http://yoursite.here/Month/"+
document.Location.Month.options
[document.Location.Month.selectedIndex].value+"/index.html">
 <option value="January">Please pick a month
 <option value="January">View January
 <option value="February">View February
 <option value="March">View March
</select>
<input type="submit" name="ByMonth" value="Go">
</form>

This will bring up a pull down menu. If the user has javascript enabled, they will jump to the new page as soon as they choose a month. If they do not have javascript enabled, they can click on the "Go" button and achieve the same effect. Some notes on this example:

JavaScript

You could also use JavaScript to create your mailto link on the fly. Spambots are not intelligent enough to use javascript, nor are they ever likely to, because it would not be worth it for them too. The disadvantage is that not all people have javascript, or have javascript turned off. One workaround is the above, where the javascript is "backed up" by a CGI script.

Here's a javascript example that creates a "mailto:" tag on the fly. The source code is to the right.


<script language="javascript">
<!-- 
var Domain = "turnstep.com"
var Mailme = "mail" + "to:" + "greg@" + Domain
document.write("<form>");
document.write("<input type=\"submit\" value=\"Send me some email\" ");
document.write("onclick=\"parent.location=Mailme\"> ");
document.write("</form>");
// -->
</script>

Java

Same as javascript, but with more warnings. Only use Java if you know that most of your viewers are able to, and do , use Java while they view your page. There's no specific "Java trick" for displaying your email address. You can do it any hundreds of ways with Java. Be creative. But remember that you limit your audience by using Java.

Using a feedback form

As an alternative to email, consider using a feedback form, i.e. a guestbook program. Not only do you avoid giving out your email to spambots, but allow an easy way for people to reach you, without clogging up you mailbox. In addition, people without an email address can reach you too (although with web-based free email accounts that excuse is not as common as it used to be)


Spambot Beware: Main page <> Detection <> Avoidance <> Harassment <> Glossary

Avoidance: Main page <> Social <> HMTL <> CGI

Written by Greg Sabino Mullane (greg "at" turnstep.com). Last update March 30, 2003.

Valid XHTML 1.0!