I need to display a few email addresses on a website, and I was wondering what techniques you guys use to reduce the inevitable deluge of email spam. Right now I’m considering:
- Not giving a crap, and simply trust Google’s spam filters (they’re Google Apps email accounts.) Still, the possibility of missing false-positives among the hundreds of messages in the spam folder worries me.
- Obfuscating the addresses with “(at),” “(dot),” etc., and link to reCAPTCHA’s Mailhide service. Looks ugly as sin, though.
- Displaying the addresses as images, and link to reCAPTCHA. Looks better, at the cost of accessibility.
- Using something like Dan Benjamin’s Enkoder to encrypt the addresses with JavaScript. I’ve never used it, so I don’t know if it works.
Is there anything else I should consider? What do you usually do in these cases?
10 answers
points
I read a great article about "Graceful Email Obfuscation". It looks really solid (haven't tried it myself, I don't have the JavaScript-fu).
http://www.alistapart.com/articles/gracefulemailobfuscation/
points
This is a good trick:
<p style="direction: rtl; unicode-bidi: bidi-override;" align="left">
moc.niamod@ofni
</p>
- Ha! That’s clever!
points
I’d avoid using CAPTCHAs given their usability and accessibility issues:
- SEOmoz; CAPTCHAs' Effect on Conversion Rates
- ConversionWorks - The impact of CAPTCHAs on website accessibility and conversion rates
Not putting your email address on the web in plaintext is going to make a huge difference to the amount of spam you get. I’ve used Enkoder which works well (I haven’t got spam via it) but excludes anyone with Javascript turned off—because of this you should have an alternative contact method if you use it (at least a link to your contact page in the <noscript>. Remember that an email form means the user can’t use their standard email client, generally doesn’t get a copy etc, so there are some potential disadvantages over an email address.
I’d recommend (from quick to time-consuming, and from good to best ;)
- Enkoder—quick to set up, minimal risk and usability inpact
- Contact form—more effort to set up well, zero risk, minimal usability inpact
- Both—give the user the option of a form or an email address
For hardening forms you could look at setting up a honeypot to stop auto-posting, but CMS contact form plugins should already have a nonce, and this might be getting into the ‘decreasing returns’ department :)
There’s no way to guarantee no spam, so I think making it easy for your users to contact you should be the main priority.
points
I would go with option #1: not give a crap. And just trust your spam filtering.
Spam filtering has come sooo far in a pretty short time, even for web-based clients; gmail in particular. If you use Outlook or the like to access your webmail, you can use stuff like SpamAssassin, which is superb. I really wouldn't worry about false positives.
Anyway, plain old email addresses can be seen/read/understood by anyone, can always be copy/pasted, can be resized, and have just enough configurability to be useful--subject lines, etc.
I haven't looked back since I made the switch. I never even think about it anymore, to be honest.
- Recently I've just posted plain email addresses with mailto: links. Using Gmail I've not noticed any increase in spam.
- @Paul make a new Gmail account specifically for checking this, and post the address in a mailto: link somewhere. I think you’ll see a slow increase in spam as the email gets added to various spammer lists and traded etc. Gmail does a good job but as the volume increases some is gonna get through
- Certainly some spam will get through, but this is true of any spam filter. In my experience, it's a very small amount--not enough to warrant more complicated obfuscation techniques, IMO. Of course, YMMV. It's just one option among many.
points
Use a 'contact us' form, which sends the visitor's name, mail address and message to the server via AJAX, and use PHPs Mail facilities to send the message to your email. This way the email address is stored safely on the server and not seen by the client at all
points
I don't think there is a good way to have the address appear in the page which doesn't also have accessibility problems. I upvoted danwellman because the best way to do this is simply not to have the address appear on the page. Although technically, that's not an answer to your question.
points
Encrypting the address is your safest choice. Enkoder is operating system dependant. I would rather suggest Emailcode : http://aspirine.org/emailcode_en.html
Emailcode encodes any link, including image links. Your visitors will see the encoded address, robots will not.
