Welcome to my corner of the web. Here you'll find my ramblings about faith, church, drupal, Geeks and God (my podcast), and my other unrelated interests.

While you can subscribe to all posts here from the Subscribe link on the right, there are two other main feeds. There is the drupal and other technology feed along with the faith and church feed.

Fighting Spam Through Web Design

Posted on: Wed, 2007-02-28 11:09 | By: matt | In:

Spam. It's one of those annoying things that has become part of our daily lives. It's annoying enough that our mail servers fight it, our email programs fight it, and we even have anti-spam programs for our computers. But, the area of fighting spam I find a lacking in is web design. So, here are some tips for anyone building, maintaining, or even just using a website.

Never Display A Plain Text Email Address

Never show an email address in plain text. This means, on a website, you shouldn't find something that says email@example.com in text anywhere. If you can read it like this so can email gathering spam programs. This, also, means that doing a mailto: link to an email address is a no-no. If your browser can read it so can those email harvesters. In either case, just don't do it.

There is one exception that is sometimes done, though I don't recommend it. Some websites will display email address for only users who are logged in to that site. I don't recommend this as spammers are smart and logins aren't the barrier they used to be.

Using Images

So, you still want to display email addresses on your website. If you are going to do that do it with an image. Maybe it's just an image with the email address on it. That is still far better than having text. While we read it the same way email harvesters don't. And, this should be a relatively safe way to display an email address until the harvesters get into reading images which they don't do yet.

Forms Forms Forms

At your website you want someone to be able to click a link and contact you. If this is the case use forms to do this. Forms keep the control on your end as you have the power to control the submission of information. This is one of the powerful aspects of drupal that I adore. There is s site wide contact form and user contact forms for each user. This is a great function and is something that should be mimicked in other designs.

Forms keep control with the email address in the website. Instead of spammers having your email address to share and use at will they have to go through you and your form. There are form spammers and there are ways to fight that (like a captcha). The big difference is the website becomes the controller of the emailing.

Posting Your Email Address

You might be on a blog leaving a comment or posting something in a forum and want to leave someone an email address to get a hold of you at. Don't do it. Instead leave them a link to your form. In my case I'd leave http://www.mattfarina.com/contact. Or, for drupal related things I leave http://drupal.org/user/25701/contact.

What kind of impact can this really have? Over at the Geeks and God podcast we get over 10 times as much spam as we do real email. The email address has existed for less than a year and already there are hundreds and hundreds of spam emails every month. My personal email address has been around longer, there are hundreds of people with it, but I have been very careful not to post it to the web. I get a fraction of the spam the Geeks and God email address gets.

Taking care in how your email address is used on the web can make a big difference in the amount of spam you get.

Comments

#1 Sometimes you CAN display email addresses

Submitted by Stephen Canale on Wed, 2007-02-28 19:36.

Your post was included in my daily Google update on Spam, and I thought you might enjoy a tool we offer for encoding email addresses so that Java enabled browsers CAN read addresses in a way that allows visitor's to "click" on them, but at the same time will not expose them to email harvesters.

Of course, someone could enable a harvester to interpret such encoded addresses, but it would slow them up considerably. More importantly, since there are millions/billions of openly exposed addresses on the web, there is really no need for the spammers to bother. (far, far past their point of dimishing returns).

I'm sure that 5 years from now this may change, but for the near future, such encoding is effective.

In any event, the "OnlyMyEmail Encoder" is available for all to use and does not require any type of registration so you might want to give it a try.

https://www.onlymyemail.com/services/dns_tools/

#2 Graceful Degradation

Submitted by matt on Thu, 2007-03-01 09:17.

Stephen, thanks for the post on this. I have seen tools like this that generate the links and address with javascript. While, this is a decently workable solution for now I see one thing I really don't like about it.

This solution doesn't work for everyone. On average 10% of web browsers don't have javascript or it's turned off. That means there is a potential for 10% of people who visit a site to not be able to use those links and who won't even see those links. This is unacceptable. If there is a solution in javascript it has to be able to gracefully degrade and this doesn't do that effectively.

Even on geekie sites, like http://geeksandgod.com, there are people who visit that don't have javascript enabled. So, even though it's an inventive solution which I like, this is not something I can recommend.

#3 more important

Submitted by web tasarım on Sat, 2007-06-16 15:44.

Thanks for helpful information you catch up us with your instructional explenation.

What people do is more important that what they say...

Best regards

#4 Gotta love

Submitted by webpodge on Thu, 2007-03-01 15:14.

Akismet. Seriously when there is an Nobel Prize for Internet inventions I believe that Akismet should be the first award winner right there with Google.

#5 Nothing To Do With This

Submitted by matt on Thu, 2007-03-01 15:58.

Akismet is a very cool service. It's incredible when you have to deal with comment spam. It has absolutely nothing to do with what this post is about.

#6 Akismet

Submitted by baby on Tue, 2007-11-27 09:54.

Can't you use Akismet to block email spam as well? I thought you could. If not, they should really consider it. I've been using Akismet and my blog and I have to agree with the poster here – it seriously does work seriously well.
As far as email addresses on your site is concerned, this is one of those things that bugs me. Got to think usability here as well as my own needs. Putting the adress on the site is just more user friendly. I should rather find other ways to stop the spam, instead of making my users go through a tedious process just to get hold of me.

#7 fighting spam

Submitted by oil paintings from photos on Fri, 2008-05-09 02:32.

I can still remember when we designed a web site from our WP blog. Based on that experience, we received a bunch of spam because we were guilty of the things you mentioned here. We had this FORM in every page of our site. All over our site was a CONTACT INFO in the form of real email address and so our webmaster received a lot of spam emails. Our experience served as a lesson for us. And I’ll be the very first person to confirm that your post here is very true.

#8 Forms are your best bet.

Submitted by Xoobie online auctions on Mon, 2008-06-23 08:10.

Forms are your best bet. They serve a dual purpose. They allow clients to get in touch with you as well as blocking out spanners. They're a godsend. Besides, your regular clients have your email address and they can use it as well.