What is Digg?Sponsored by HowLifeWorks
New Food Sprinkle Convinces the Brain to Stop Over-Eating view!
howlifeworks.com - How sophisticated scents are helping people control their appetite and lose weight
62 Comments
- Flamekebab, on 11/09/2007, -4/+28*cuddles Gmail's spam filter*
- SeekerDarksteel, on 11/09/2007, -0/+21http://xkcd.com/208/
- slamtv7, on 11/14/2007, -1/+19http://en.wikipedia.org/wiki/Regex
- Nougat, on 11/11/2007, -5/+22The problem of spam stems from SMTP. SMTP was designed to be simple, not secure or source identifiable. If you want to stop spam, you need to replace SMTP.
- lhbaker, on 11/07/2007, -0/+9Replace anything following the string 'mailto:' plus any number of characters from A-Z (caps), or a-z (lowercase), or any digits, underscores, periods, or percent signs, followed by an '@' symbol, followed by, again, any letter or number, followed by a period and two to four characters with a string of the same value, but excluding the '@' symbol, thus masking the string as an email address. I think.
- maexus, on 11/07/2007, -0/+8Regex still makes me pull my hair out
- directsun, on 11/09/2007, -0/+8Stand back. I know regular expressions.
- lisapham, on 11/09/2007, -7/+13I was following along just fine until I got here:
function encrypt_mailto($buffer) {
preg_replace("/"mailto:([A-Za-z0-9._%-]+ »
)@([A-Za-z0-9._%-]+).([A-Za z]{2,4})"/","" »
contact/\1+\2+\3" rel="nofollow"",$html)
}
WHAT ?!?!?! - Skeuomorph, on 11/07/2007, -0/+5Bad puppy. The + sign is valid in an email address; don't co-opt it.
- qpn6ph9q, on 11/07/2007, -0/+4Agreed. After switching my domains, Gmail has reduced 300+ spams a day to 1 or 2. What's even better is these spamtards don't even make my inbox, so I can use my phone for email once again without fear of running up huge data charges downloading crap.
- hyperair, on 11/07/2007, -0/+4I honestly don't know what you're talking about. You been on drugs lately?
- nastajus, on 11/07/2007, -0/+3that is an accurate depiction.
- aazn, on 11/07/2007, -1/+4CAPTCHA sucks.
- nastajus, on 11/07/2007, -0/+3I did Regex as part of my unix training for a semester in first year university computer sciences, i appreciated it raw power, but looking back after i exited it was a different difficult language that gave headaches.
- inactive, on 11/07/2007, -1/+4eschew obfuscation.
- colonelxc, on 11/07/2007, -1/+4Because forcing users to answer CAPTCHAs is nice?
- bcreavis, on 11/14/2007, -0/+2They forgot a dash in the third group at "a z"... :P
- beermad, on 11/07/2007, -0/+2That's fine if you don't mind having your CPU cycles wasted checking hundreds of spams to pick out the real stuff.
"Prevention is better than cure" is more than a clichê - KageKonjou, on 11/07/2007, -1/+3Wonderful article. I would never have thought of this. Nice.
- dbr_onix, on 11/07/2007, -0/+2Correct, I worry myself when I can read ASCII noise like that, and can spot problems in it. For one, the plus symbol is valid in emails (mr.fake.email+something@somefakeemailserver.com is valid), and far more importantly, it only matches domains like domain.com not domain.co.uk or email.domain.co.uk.
- Nougat, on 11/07/2007, -0/+2And the point of that is preventing spam. And in order to really stop spam, you need to ditch SMTP.
- maexus, on 11/07/2007, -0/+2OR
As a web developer, I roll this on my next update so people don't have to keep signing up for junk accounts. Either solution would work. Woah, I just thought of something. I could do it my way, and you can do it yours! I think we just killed spam. :) - dbr_onix, on 11/07/2007, -0/+2Regular expressions are incredibly simple, they just look horrible when joined together.
( ) are groups
[ ] are lists of characters to check for
+ is any one or more characters
* is zero or more characters
mailto: # Matches the mailto: part of the URL
([A-Za-z0-9._%-]+) # matches one or more characters from : A-Z,a-z,0-9, . , _ and %
@ # matches the at symbol
([A-Za-z0-9._%-]+) # matches the domain of the email address
. # the dot between domain and com
([A-Za z]{2,4})"/" # the top-level-domain (com/org etc)
More or less every regular expression can be split up into [abc]+ sections, basically either the characters to match, and how many, [b]{1,4} is between 1 and 4 letter B's.
That said, there are complicated things, like back-references, but 99% of the time you can get away without using them.
Regex's are one of the more simple things to write, they are just very hard to make readable - superharmonic, on 11/07/2007, -3/+5I just use my hotmail account.
- bcreavis, on 11/14/2007, -0/+2And... there really should be a backslash in front of the '.' so that someone@something isn't matched.
- DeathJux, on 11/07/2007, -3/+5A List Apart regularly serves up awesome articles... I have used them many times when building my own sites.
- maexus, on 11/07/2007, -0/+2It would de-rot13 every hyperlink on each than tries to convert every symbol pair looking for an email address?
- deadbob, on 11/07/2007, -0/+1the only problem is that it needs mod_rewrite, something that most web hosts might not have or care to install.
- Daniel15, on 11/08/2007, -0/+1"Take a look at geo.js.php to see how I implemented the ROT13 “decryption.”"
Uh... PHP has a str_rot13 function in-built, and ROT13's "decryption" method is exact same as the encryption method (this is one of its features)... - Daniel15, on 11/08/2007, -0/+1Most hosts I've seen have mod_rewrite...
- jonathanforpres, on 11/07/2007, -0/+1or just move your email domain to Gmail For Domains, best thing I ever did.
- hyperair, on 11/07/2007, -0/+1Man that's a brilliant solution to this problem.
- dbr_onix, on 11/07/2007, -0/+1The recaptcha email hiding thing requires javascript, images and (if I'm not mistaken) Flash. It's hardly accessible and unobtrusive.
The best method I've seen is hex-encoding the email addresses. I done this with three emails on a website, which saw quite a bit of traffic - none of them retrieved any spam (the only one that now gets junk-mail was the one used for the mailing list from-address)
To be honest, I was slightly surprised it worked so well - and, more importantly, it works in every browser I could think of (Firefox/IE/Opera/Konqueror/safari and a bunch of GUI browsers, w3m/links/lynx display it perfectly, the only 'browser' that didn't work was netcat/telnet, since they don't make any attempt at all to render HTML, since they are displaying the raw socket data...) - inactive, on 08/11/2008, -0/+1Well-written, detailed, and informative. Good job
- inactive, on 11/07/2007, -0/+1This one was an exception to the rule. It's just causing a bigger problem than the one he was bitching about...name(at)domain(dot)suffix
- benmoreassynt, on 11/20/2007, -0/+1The designer's criteria were that the thing be graceful. How is asking users to do sums graceful? I couldn't get it to work on his example page, with or without javascript.
A better solution is to use and HTML form, and then use a 'honeypot' CSS hidden form field with a name like 'email' to catch spammers. If the field is filled, the form gets rejected. The real email can be submitted in a form field called something non-obvious like 'optional_details'. - Nougat, on 11/07/2007, -1/+2Which is exactly my point, thank you for reiterating it for me.
- IneffablePolk, on 11/07/2007, -0/+1I have my e-mail address posted i both text and mailto link form on my website. Why? Because you don't need to hide your address from spammers if you have a good spam filter.
E-mail obfuscation should be a last resort. There is no way to do it without annoying at least some of the people who visit your page. - inactive, on 11/07/2007, -0/+1so why not just use a REAL gmail address? The same spam will be filtered out....
- flashtekkie, on 09/14/2008, -0/+1Mac OS X users can grab obfuscatr to munge the address: http://obfuscatr.flashbit.net
- alecks, on 11/07/2007, -0/+1I don't know why you're getting dugg down, but I agree. This solution is far from graceful, with PHP scripts, apache mod_rewrite, htaccess files, prepending, ROT13's, ughh.... all this to eventually still have the user answer some question manually. lol
- obanite, on 11/08/2007, -0/+0Any obfuscation that's published on a site as popular as alistapart will probably be added to harvester scripts when they do their next update by googling "email obfuscation". It's huge business, do people really believe writing a 2 line script is going to give the people who author harvester scripts a headache?
It also makes me laugh how any criticism of this article is buried.
This method reminds me of when I implemented p3p for our sites: more effort than it's worth. - humperdeath, on 11/07/2007, -1/+1huh? My brain hurts
- Magyusz, on 11/22/2007, -0/+0I’ve just created a new possibility to use reCAPTCHA’s Mailhide functionality (http://mailhide.recaptcha.net/):
http://code.google.com/p/mailhide-tag/ It is a JSP tag which helps developers to hide mail address from spambots. - pooptaster, on 11/07/2007, -0/+0The full definition for an e-mail is worse:
(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"
(?:[x01-x08x0bx0cx0e-x1fx21x23-x5bx5d-x7f]|[x01-x09x0bx0cx0e-x7f])
*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?
|[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(?:25[0-5]|2[0-4][0-9]|[01]?
[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[x01-x08x0bx0cx0e-x1fx21-x5ax53-x7f]|[
x01-x09x0bx0cx0e-x7f])+)])
**edit** line breaks added so you can see all of it. - dxgg, on 02/05/2008, -5/+5Excellent article!
- inactive, on 11/07/2007, -5/+5This article is about obfuscating mailto links so that spam bots can't harvest email addresses, yet still making them useable to humans. Not about mail protocols.
- Subterfug, on 11/07/2007, -3/+2Nice, using mod_rewrite for email is a really cool idea.
- runelind, on 11/07/2007, -2/+1OR
You could sign up a for a free gmail account, eg user9872349872@gmail.com, and have it forward to your real account. Gmail will only forward mail that passes spam filters. - jorgepblank, on 11/07/2007, -5/+4Nice thorough article, however I think this is overkill when you can use something nicer: http://mailhide.recaptcha.net/
-
Show 51 - 62 of 62 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is