Fighting Spam Mail

[hexdj]

Okay, so I run this site for a small non-profit and they get tons of spam email. Their email addresses definitively have to be listed on the website for whoever decides to contact them, so far all I have done is  put together a tiny javascript routine that concatenates the username and domain name when the page is open, not sure if that's doing any good.

I need to stop spam-spiders from harvesting their addresses. Could you guys recommend a way to minimize spam mail? I will highly appreciate your comments and/or suggestions.

Thanks

[cyberman]

Smarty (Template engine of CMSMS) comes with a nice tool named mailto which can crypt email adresses.

From help:

* Purpose:  automate mailto address link creation, and optionally
*          encode them.
* Input:
*        - address = e-mail address
*        - text = (optional) text to display, default is address
*        - encode = (optional) can be one of:
*                * none : no encoding (default)
*                * javascript : encode with javascript
*                * javascript_charcode : encode with javascript charcode
*                * hex : encode with hexidecimal (no javascript)
*        - cc = (optional) address(es) to carbon copy
*        - bcc = (optional) address(es) to blind carbon copy
*        - subject = (optional) e-mail subject
*        - newsgroups = (optional) newsgroup(s) to post to
*        - followupto = (optional) address(es) to follow up to
*        - extra = (optional) extra tags for the href link

Examples:

Code: Select all

 * {mailto address="me@domain.com"}
 * {mailto address="me@domain.com" encode="javascript"}
 * {mailto address="me@domain.com" encode="hex"}
 * {mailto address="me@domain.com" subject="Hello to you!"}
 * {mailto address="me@domain.com" cc="you@domain.com,they@domain.com"}
 * {mailto address="me@domain.com" extra='class="mailto"'}

But problem would be another one - you are now in database of spam engines  ... and there's no option to delete.

Another option could be not provide a email address for contacting but a contact form with captcha.

[Bobonov]

Me too I maintain a website for an ONG and they too have a lots of mail addresses on the website.
There is almost nothing you can do, for sure encoding the email by smarty can help.
Usually spam database get updated and changed time to time, and anyway this should help in preventing from being inserted in others.
Anyway I would suggest you to install thunderbird, or at least another mail client with an efficient Bayesian spam filter.
Actually at this ngo thunderbird is able to filter more than 95% of the spam.
Of course you should check its work anyway, sometime can happen that it make mistake by signing good mail as spam, but with a good train of the spam filter, this should happen rarely.

[skypanther]

In addition to the smarty methods, there's a plugin for CMSMS that "scrambles" email addresses. Look in your plugins folder to see if you have a function.email.php file. If so, you can enter email addresses like this:

{email src='janedoe@foo.com'}

And they will be scrambled.

Here's some PHP code I wrote. You could use this in CMSMS or just in any old PHP page,

@ ', $linkText);
  return ''.$linkText.'';
}
?>

It creates an onClick script within an tag. To the user, it looks like a normal mailto type link. But when you mouse over it you see that to the spam scrapers it looks like a link to the current page (the '#' part). When clicked on, JavaScript runs, creates the mailto link from the various parts, and launches the user's mail app.

You'll need a CSS rule to hide the space that's output beside the @ symbol:

.nospam { margin-right:-4px; }

which you might have to adjust based on your font size settings.

Use it like this:



Or



Of course I like my code best because I wrote it and know what it does. But, it's easier to use the built in methods.

Tim

[Kayin]

if you have the gd library for PHP I would suggest just making an image directly in PHP and just not making it clickable. It's actually not as hard as everyone thinks. I'm not sure why everyone's so afraid of using the gd library.

http://us2.php.net/image

Code: Select all

<?php

//Create the image...
$img = imagecreate(50, 20);

// sets background to black, the colors are the last 3 inputs, and can be hex or decimal. 
// HTML hex color codes work here.
$background = imagecolorallocate($img, 0x00, 0x00, 0x00);

// creating a white font color
$textcolor = imagecolorallocate($im, 255, 255, 255);

// write the string at the top left..
imagestring($img, 5, 10 10, $email_address, $textcolor);

// send headers saying this is a png, could also be jpeg, gif, or whatever
header("Content-type: image/png");

// output the image to the browser after you've finished creating.
imagepng($img);

?>

You can reference that page by something like this in your browser. You can pass it whatever variables you want, works like a basic php page and image file at the same time, very handy and not difficult.

Code: Select all

<img src="image.php" alt="blah" />

and that's it, just provide the script with $email_address in a string and you're set, changing dimensions and colors as you see fit.

The other sure-fire way to prevent is to just use a contact form with capcha or some advanced input checking as someone else recommended.

-K