Interactive Llama

There is an army of spiders out there.  Some, like GoogleBot, you want scanning your site to be listed in their search engine. Many however have a devious purpose–to collect email addresses to add to spam email lists. If your email address is already out there, then there is no pulling it back in. The only way to eliminate spam is to create a different address and inform all your contacts that you have changed email addresses.

Ways to combat email spam:

• A non-linked image
• HTML entity encoding
• Client-side obfuscation/abstraction (via JavaScript)
• Server-side redirect
• Contact form (no email address listed)

If your email address, is spelled out with any client viewable code, it is possible to obtain. Now that search engines can read PDF documents, including your email within a PDF as text may be suspect. I have not gone into great depth on any of them below but have provided a short description of each method with advantages and disadvantages listed.

A non-linked image

• Anyone viewing images can see your address, but has to visually remember and re-type this address
• Low chance of your email address being grabbed by a spam robot

This is how Facebook displays email addresses in one’s profile. It is inconvenient to the user, since he or she cannot click the email address in order to send an email. The spider may grab one’s email address if a spam robot uses image reading (Optical Character Recognition) though this is unlikely at this time.

HTML entity encoding

• Anyone with a typical browser will be able to contact you
• Medium to high chance of your email address being grabbed by a spam robot

This method encodes certain characters of the email address into Unicode.  For instance, “Bob” in Unicode is “Bob” Since computers create Unicode, it does not seem like a hard task to decode from Unicode. I do not recommend this solution.

Client-side obfuscation/abstraction (via JavaScript)

• Anyone with a typical browser will be able to contact you
• Low chance of your email address being grabbed by a spam robot

This anti-spam solution is not a cure all–but it is my favorite right now. Some spider bots do run JavaScript. The majority of the spider robots do not however. The method described here not only prevents your email address from being obvious simple text, but it also performs levels of obfuscation and abstraction that makes it useable for actual browsers to read and gracefully degrade for those without JavaScript running.

In a related form, if you create your JavaScript function or call of the function on the server-side (ASP, PHP, etc) then you can slightly change the function over a period of time.  The user will never notice, since the output being given is exactly the same. It is only the input (the simple text) into the JavaScript function that is being changed.

Server-side redirect

• Anyone with a typical browser will be able to contact you
• Medium to high chance of your email address being grabbed by a spam robot

There are several ways to do this. Most redirect to a script that provides the email address. The problem with this solution is that spam robots will follow the link and eventually grab the URL although the email address is not in plain text. It is being given out. This is an example of the server-side redirect method. A similar solution is MailHide from Captcha. I don’t recommend any use of Captcha except as a last resort, since I don’t enjoy using captchas myself.

Contact form (no email address listed)

• Anyone with a typical browser will be able to contact you, but will not know your email address
  
• Next to no chance of your email address being grabbed by a spam robot

This is guaranteed to save your email address from spam lists, since your email address is never used within your page. This solution could be annoying, since a potential vendor will have to use the contact form to hear more about your product. I’ve always thought this was impersonal. Although less of an issue for personal sites, a user often does not feel he or she is contacting the site owner.

In conclusion

The contact form is the only full-proof way, but right now, I prefer JavaScript obscuration. If my email address is captured, Gmail does a very good job (if sometimes, too aggressive) of ferreting out the email spam. If you’d like to have a small sense of justice, you can link your website to a multitude of email addresses that are all fake.

Photo: Lake Tawakoni State Park, Texas, August 15, 2007 (Donna Garde)