Dynamically created email hyperlink

[Jack]

I am wondering, how efective (resistant to harvesting) is email address
created dynamically on web page?
Is it worth pursuing?
Your thoughts please.

 

[Steve Easton]

There's a little javascript floating around that assembles the different parts of an email address
from variables in the script when the link is clicked.
It supposedly stops the "harvesters"

Unfortunately, I don't have a copy of the script. It was posted either here or in
microsoft.public.frontpage.client about 6 months ago.



--
Steve Easton
Microsoft MVP FrontPage
95isalive
This site is best viewed............
........................with a computer

 

[Kathleen Anderson [MVP - FP]]

http://javascript.internet.com/miscellaneous/no-spam-e-mail.html

I use this: http://www.healyourchurchwebsite.com/obfuscator/


--
~ Kathleen Anderson
Microsoft MVP - FrontPage
Spider Web Woman Designs
http://www.spiderwebwoman.com/resources/

 

[Jack]

I do not need a script, I've made one myself.
The questions I posted was how effective that method is. I do not know how
harvesters work.
If they serch for the email address in the downloaded text this method will
work.
But, if they search in the memory then this method is useless.
What do you think?

 

[Tom Pepper Willett]

I think you need to post at least a snippet of your original post(s) so we
can follow you.
--
=====================================================
Tom Pepper Willett [Microsoft MVP - FrontPage]
----------------------------------------------------------------------------
-------------------
Microsoft FrontPage:
http://www.microsoft.com/office/frontpage/prodinfo/default.mspx
http://msdn.microsoft.com/office/understanding/frontpage/

=====================================================
| I do not need a script, I've made one myself.
| The questions I posted was how effective that method is. I do not know how
| harvesters work.
| If they serch for the email address in the downloaded text this method
will
| work.
| But, if they search in the memory then this method is useless.
| What do you think?
|
| | > I am wondering, how efective (resistant to harvesting) is email address
| > created dynamically on web page?
| > Is it worth pursuing?
| > Your thoughts please.
| >
| >
| >
|
|

 

[clintonG]

I know what you're asking and the methodology is at this time
quite useless yet it should still probably be used regardless just to
foil the entry-level spammers for a little while longer.

The credibility of the methodology is predicated on the assumption
that there are no professional spammers, they have no f*cking brains,
and do not know how to write code that can screen scrape pages and
use regular expressions to cull the e-mail address from the HTML
response of pages such as Contact Us, About Us, Support and so
on. Finally the assinine assumption would have the naive believe that
spammers are not using inexpensive Linux server harvesting and
processing farms that function 365-24-7

IMO using JavaScript to dynamically write an e-mail address to the
page when the page is rendered so as to avoid that address being
harvested was reliable for about what? Six months or so? Maybe.

The same is true of the obfuscation that can be observed in my
sig shown below. The gig is up as using human readable text and
phrases such as REMOVETHISTEXT has also been compromised.

The spammers have been harvesting the obfuscated addresses
regardless and using what they harvest to create huge data dictionaries
that they can then launch brute force grammar attacks on to parse the
flakey sh!t from the good stuff. I know this is going on as I have been
receiving spam that includes variants using REMOVETHISTEXT in the
address -- I have to come up with something new myself... but what to
do next!

--
<%= Clinton Gallagher
A/E/C Consulting, Web Design, e-Commerce Software Development
Wauwatosa, Milwaukee County, Wisconsin USA
NET (e-mail address removed)
URL http://www.metromilwaukee.com/clintongallagher/

 

[Steve Easton]

Harvesters can't search "memory"

--
Steve Easton
Microsoft MVP FrontPage
95isalive
This site is best viewed............
........................with a computer

 

[Jack]

Why not, Steve?
When the html page is rendered on one's computer all the code and data
resides in the memory, doesn't it?
Simple memory scan will find all.
Jack

 

[Tom Pepper Willett]

Nope, that's not how the harvester's work.
--
=====================================================
Tom Pepper Willett [Microsoft MVP - FrontPage]
----------------------------------------------------------------------------
-------------------
Microsoft FrontPage:
http://www.microsoft.com/office/frontpage/prodinfo/default.mspx
http://msdn.microsoft.com/office/understanding/frontpage/

=====================================================
| Why not, Steve?
| When the html page is rendered on one's computer all the code and data
| resides in the memory, doesn't it?
| Simple memory scan will find all.
| Jack
| | > Harvesters can't search "memory"
| >
| > --
| > Steve Easton
| > Microsoft MVP FrontPage
| > 95isalive
| > This site is best viewed............
| > .......................with a computer
| >
| | > > I do not need a script, I've made one myself.
| > > The questions I posted was how effective that method is. I do not know
| how
| > > harvesters work.
| > > If they serch for the email address in the downloaded text this method
| will
| > > work.
| > > But, if they search in the memory then this method is useless.
| > > What do you think?
| > >
| > > | > > > I am wondering, how efective (resistant to harvesting) is email
| address
| > > > created dynamically on web page?
| > > > Is it worth pursuing?
| > > > Your thoughts please.
| > > >
| > > >
| > > >
| > >
| > >
| >
| >
|
|

 

[Steve Easton]

Harvesters scan the domain on the server, and read the email address right from the html page.
They key on the mailto: tag.


--
Steve Easton
Microsoft MVP FrontPage
95isalive
This site is best viewed............
........................with a computer

 

[clintonG]

That's correct except mailto: is not a tag, it is an attribute of the
HTML anchor tag that takes an argument. These 'attributes' are
also commonly referred to as name=value pairs.

I've used both CFML and ASP/VBS to develop scripts that encode
e-mail addresses in the HTML response attempting to foil harvesting
from the page. As I recall I learned that the mailto: attribute can be
encoded like any other text but doing so disabled the intended
functionality
forcing the attribute to continue to be exposed and exploited.

I have devised a conceptual solution but I have yet to write the code
and test. If I get around to it the code will be written in C# and be a
compiled server component that will function similarly to the 'tinyurl'
approach many of us have seen. The concept being, pass a token to a
control on the server and allow the control to get and send the actual
address which *will* defeat harvesting.

This was not possible to do until the .NET Framework changed the way
ASP.NET applications are being developed. I'm just now learning to build
server controls... others have probably come to this same understanding
of
how to defeat harvesting bots using this same conceptual approach so
somebody will probably be developing a solution before me which is
usually
always the case anyway dammit %-)

--
<%= Clinton Gallagher
A/E/C Consulting, Web Design, e-Commerce Software Development
Wauwatosa, Milwaukee County, Wisconsin USA
NET csgallagher@ REMOVETHISTEXT metromilwaukee.com
URL http://www.metromilwaukee.com/clintongallagher/

 

[Jack]

My guessing is that it would be much easier if HTML could be customized by
the user.
Right now mailto: is hardcoded and if the harvesters go after that, then
having the option to customize html and selecting your own substitute of
'mailto' will make harvesters obsolete.
How about that?

 

[Steve Easton]

Clinton

There is an effective javascript out there that works.
I've just misplaced it and or the link.


--
Steve Easton
Microsoft MVP FrontPage
95isalive
This site is best viewed............
........................with a computer

 

[Steve Easton]

Here's one that might work:
<html>
<head>
<script type="text/javascript">
function doit(){
open(href="mailto:[email protected]?subject=test");
}
</script>
</head>
<body>
<input type=button value=Email onclick="doit()">
</body>
</html>

However I would place the function in an external .js file and do it like this.
with the file called like this

<script type="text/javascript" src="external.js>
</script>

with this in the external file:

<!--
function doit(){
open(href="mailto:[email protected]?subject=test");
}
//-->

--
Steve Easton
Microsoft MVP FrontPage
95isalive
This site is best viewed............
........................with a computer

 

[clintonG]

I know there are JavaScripts as I've written some myself. There's
nothing to it. The point is, the assumption that this approach is
'effective' or 'works' is fallacious as the best this approach can
provide is to foil amateur spammers who don't have the coding
or the server farm resources that those who are making big money
in the spam industry have at their disposal.
..
Therefore, IMO it could and should only be said to work 'sometimes.'

--
<%= Clinton Gallagher
A/E/C Consulting, Web Design, e-Commerce Software Development
Wauwatosa, Milwaukee County, Wisconsin USA
NET csgallagher@ REMOVETHISTEXT metromilwaukee.com
URL http://www.metromilwaukee.com/clintongallagher/

 

[clintonG]

Yea -- you're catching on Jack. It may not be possible to do but
there may not be a need to have any mailto: in the page at all
and the RFC [1] that describes the mailto: behavior may need
to be modified.

[1] http://www.faqs.org/rfcs/rfc2368.html


--
<%= Clinton Gallagher
A/E/C Consulting, Web Design, e-Commerce Software Development
Wauwatosa, Milwaukee County, Wisconsin USA
NET csgallagher@ REMOVETHISTEXT metromilwaukee.com
URL http://www.metromilwaukee.com/clintongallagher/

 

[Steve Easton]

Depends upon how it is done/written.
see the next response below this one.
--
Steve Easton
Microsoft MVP FrontPage
95isalive
This site is best viewed............
........................with a computer

 

[MD Websunlimited]

Our works.


--
Mike -- FrontPage MVP '97-'02
http://www.websunlimited.com
Stop Spam Email Mining from your web pages with SpamStopper
http://www.websunlimited.com/order/product/SpamStopper/spam_stopper_help_dir.htm
FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible

 

[Jack]

You need to add:
"on the java enabled browsers only."
Jack

 

[Steve Easton]

The script I posted doesn't require Java.

Java = Java virtual Machine
javascript = a stand alone browser supported scripting language.

--
Steve Easton
Microsoft MVP FrontPage
95isalive
This site is best viewed..................
...............................with a computer