Preventing spam on website

Discussion in 'Web Design and Development' started by Lau, Mar 12, 2009.

  1. Lau Guest

    I'd like to put my email address on my website, but I'd like it not to get shagged to death by spam. ;)

    What's the best way to do this? I'd like to avoid using the Javascript way, for accessibility reasons, but I'd also like a method that works. :p There seem to be a lot of ways out there to use ASCII and hex characters (some listed here), but there seems to be some debate as to whether they really work that well at preventing spam.

    Ideally, I'd like the address to look like "" on the page (so people who use webmail can copy and paste, so I'd rather avoid the replace {at} and {dot} method) and be a normal mailto: link so people who use or who are on an iPhone can click on it.

    Am I asking too much?
  2. angelwatt Moderator emeritus


    Aug 16, 2005
    Unfortunately, probably so. Spammers are getting smarter all the time and figuring out new ways to extract email addresses. Myself, I use a contact form on my web site so people can send me an email without ever seeing my email address. Of course, this involves spam checking as well since contact forms are routinely turned into spambots. I have good spam checking protocols in place though and none gets through to me.

    Sounds like you've come across the typical methods. On my online resume and I add a space before and after the @ and that seems to keep it reasonably safe surprisingly. Essentially though, there's no full-proof way, just decent and good ways. If you really want your email to show up looking like the email, I would say use JavaScript, but also have a reasonable solution left behind for accessibility purposes. So you can start off by using the DOT / AT method maybe with some ASCII/HEX techniques, then use JavaScript to turn that into a real address and a real mailto link.
  3. Consultant macrumors G5


    Jun 27, 2007
    Get SpamSieve to filter your emails. Highly accurate.
  4. Lau thread starter Guest

    Thanks, that's really helpful. I just wanted to check there wasn't some magical other method out there that everyone else was using. I'll have a think.

    I use GMail (and filter my other addresses into it) so its filters do catch a lot of the spam, but ideally I'd like to stop them getting it in the first place! I also check it online via webmail or on my iPhone so I don't think SpamSieve would work for me personally. Thanks anyway, it may be the solution for some one else, though.
  5. kAoTiX macrumors 6502


    Oct 14, 2008
    Midlands, UK
    What is your website coded in? If you have PHP available (or possibly any other scripting language) you could use GD2 and make your e-mail address into an image directly on the fly.

    You can basically tell PHP to print your e-mail address on the page as a PNG/JPG which wouldn't be hot-linked but people could still type it out themselves.

    This would remove 99% of spam through the normal 'mailto:' collection method and so on. The only other way of getting it is for someone to have a way of reading the text in images which is rarely done for this kind of e-mail harvesting.
  6. SrWebDeveloper macrumors 68000


    Dec 7, 2007
    Alexandria, VA, USA
    All great advice, especially angelwatt's if you need to display your address physically on a page for humans to read, but I prefer this method:

    Simply create a "Contact Me" form - and do all the email processing server side. In the form, include CAPTCHA and other anti-bot techniques as discussed here to ensure a human submits the form. No email address if yours is included in your source nor displayed on the screen at any time. After submit and email is processed, a simple "thank you" page would suffice.

    Then, on the mail server edit the MTA config (i.e. sendmail, exim, etc.) virtual aliases so you do NOT use a spillover (so mail sent to usernames not listed end up in whatever real mailbox, a default setup on many webhosts which is not sensible). Bounce or blackhole anything sent to a username that doesn't actually exist.

    Setup an email alias such as "webcontact" mapped to a real account you use for checking email, and also use it in your PHP script on the web site. Removing the spillover is just sensible, it means less spam from people sending mail to fake usernames within your domain. Then on top of all this, install the front end anti-spam/virus and back end as well (i.e. using clamd on *nix) as discussed earlier.

    That's a complete solution to protect your mailbox and reduce spam.


Share This Page