Random Posts

Tuesday, March 26, 2013

How to Avoid Being Harvested by Spambots

One of the primary ways spammers get email addresses is by stealing them from websites. They do this by using "spambots," computer programs which automatically troll web pages and harvest email addresses.   It is important to protect your address so your address doesn’t get ‘harvested.’  My former employer was a great place to get these in one’s email…the Chinese were especially good at it. Using the tips and tricks below will be effective at stopping most spambots.

"Munging" Your Address:

This involves modifying the addresses on your site in such a way that they are invalid but easily fixed by human beings; the second is to hide addresses on your pages so spambots cannot find them.

You can make your address technically invalid by inserting random text that spambots won't be able to recognize as not being part of the address, but most human beings will understand they need to remove before sending to you.

Zartajubow@example.Zom (replace the Z with T and  C)

Spambots will still harvest these addresses, but when spammers send to them their messages will bounce. Unfortunately, this continues to create traffic on the network and your mail server.  Also many legitimate visitors to your website will incorrectly demung your address and therefore be unable to send messages to you.

The second strategy is to hide addresses from spambots so they are never even harvested. If you want to hide your addresses from spambots, you must understand how they work. Most spambots find addresses by looking for patterns of text that look like an email address. For example, email addresses always contain a @.  Spambots therefore scan the text of a webpage to find any @s. If you eliminate the @ from addresses then most spambots won't be able to recognize that your addresses:


While this hides your address from spambots, visitors to your site will often still incorrectly demung your address, or not even recognize it is an email address, and therefore be unable to contact you.

A more sophisticated version of hiding your address, which still allows human users to see the addresses without any apparent munging, involves using ASCII character codes. For example, if you want to represent an @ you can either use the character itself, or you can use it's ASCII character code: @ (ampersand number-sign six four semi-colon).
If you use the ASCII code then human visitors to your site will see an @ because their browsers automatically translate the character code.  Most spambots currently do not recognize the codes and therefore ignore addresses created with them. The following addresses will all appear the same if they are included in the HTML of your site:


For a full explanation see the article at Project Honey Pot

No comments:

Post a Comment