Which is/are the secure methods, among given options, to prevent email addresses harvesting?
- Re-format/ munging address
- Substitute ASCII codes in address
- Hide address in image
- Options 3 and 4
The answer is 5) Options 3 and 4.
Spammers steal email addresses from websites by using spambots, computer programs which automatically troll web pages and harvest email addresses. Spambots consider text with @ symbol as an address. Before analyzing the answers lets have an idea what these methods talk about:
- Reformatting/munging is to alter the address in a way that it is invalid but human beings can easily fix before sending email to that address. Email address is made technically invalid by inserting text that spambots won't be able to recognize as not being part of the address. For instance mung "email@example.com" address as
Spambots will harvest these addresses and send mails which will bounce. To let legitimate visitor send mails, information to correctly demung the address should be given.
- Substitute ASCII codes in address is a method to hide email address from spambots so that they cannot recognize address and harvest them. This is achieved by using ASCII character codes to replace certain characters in the address, trusting the user's browser to translate the codes back into the correct characters. Use ASCII code (64) to replace "@" and (46) to replace ".". For example, address "firstname.lastname@example.org" can be included in HTML of the site as
Both the above addresses will be displayed by browsers as "email@example.com" , but harvesting scripts looking at the source will only see the ASCII codes.
var a = new Array(' net','le.','amp','@ex ', ' joe ');
document.write ("<a href =' mailto:"+a +a+a+a
- Hide address in image is the method to display email address as an image. One creates an image of email address and thus text address does not appear in HTML code that could be recognized by a spambot . Either the entire address can be represented with a graphic or simply @ symbol can be replaced with a picture of the same. For e.g.
Now let's analyse each of the choices:
- Depending on what and where one posts the email address, a junkster may take the time to de-mung address. Disguising addresses makes it difficult for people to send e-mail to each other, as user has to manually de-mung the address in order to reply to the post or to send mail. Visitor may demung the address incorrectly. Also, when posting to usenet it should also be noted that disguising an e-mail address is, in the strictest terms, a violation of RFC 1036 . Also effort is needed to e nsure that the munged address is not someone else's e-mail address.
- Spambots can be programmed/adjusted to decode (translate ASCII code) on the fly and will be able to recognize the email address. Spambots inevitably will improvise so this technique is bound to become less effective over a period of time.
- To read the address from an image, a spambot would require to have OCR capabilities or a human operator to harvest the address, both of which are less likely. Harvesters have to download the images and need to process every one of them.
Replacing the entire address is the most secure way but requires more work than just replacing the @ symbol with graphics. Replacing only the @ symbol with graphics would leave the username and domain name vulnerable, as they would be readable and in close proximity to each other. One might also consider using a graphic to represent everything in the address after the username; i.e., the @ symbol and the domain.
However, with this method, users with sight disabilities are at an inconvenience as screen reader software cannot extract the email address from the images. Also, normal visitors will have to manually type email addresses when they wish to contact you, which may be a minor inconvenience.
NOTE: It should be noted that both of these techniques (Options 3 and 4) are likely to remain sound for some time to come!