

How to Make mailto Safe Again - lmacvittie
http://devcentral.f5.com/weblogs/macvittie/archive/2010/01/28/how-to-make-mailto-safe-again.aspx

======
redmage
I use a combination of reCAPTCHA Mailhide [1] and Javascript.

By default I use the link to my "mailhidden" email. Then, some Javascript code
[2] replaces that link with a mailto link. The email is saved in the js file
after being ROT13'd and encoded as HTML ASCII entities.

If the user has JS active, he/she sees a regular mailto link. Otherwise,
he/she sees an http link to recaptcha and, as long as the user's browser can
display images, he/she can solve the captcha and see my email address.

You can see an example of this working in my personal site. [3]

Until spambots can run javascript or solve recaptchas, I'm safe. :)

[1] <http://mailhide.recaptcha.net/>

[2] <http://ricardomartins.cc/js/email.js>

[3] <http://ricardomartins.cc>

~~~
DenisM
Is capthca even necessary?

~~~
redmage
Well, it's not strictly necessary, I could have just used an image with my
email address but that could be harvested by OCR-capable spambots (I think
there are a few in the wild) and wouldn't be clickable. ;)

With the captcha, I can be fairly sure that a human solved it (reCAPTCHA is
particularly good at filtering bots, afaik) and the user gets a clickable
link.

In any case, that's just to accomodate browsers without Javascript or with it
disabled. I believe most people have Javascript enabled, so they'd get a
regular mailto link.

------
aerique
Bah, I don't know. I've always used mailto with my default e-mail address on
websites and I've also always used that same (non-scrambled) address in Usenet
postings.

Spam has gotten less and less of an issue for me during the last decade due to
improved techniques of battling it. It basically comes down to using a good
ISP or webmail service that uses said techniques.

------
joshfinnie
These are the articles I love on Hacker News. However, I have to wonder what
technique is going to win out. We can continue to obfuscate our email
addresses, but is there a point where the spam filters we use just take over?

In a few years, it will be fun to see where we are with spam email...

@Redmage, I love your technique!

------
Kliment
I keep wondering, how long before spambots do full text regex matching on
everything that comes from a server? It would literally be two lines of code
changed for most.

