Avoiding email harvesting in a FP Form

[john Q]

As one measure in reducing spambots from harvesting email addresses,
I've used Hiveware's obfuscator with good results. (It encodes and
encrypts a javascript routine, so that a person would have to manually
harvest emails, most bots can't get it) Although no method is
perfect or without it's downsides, this certainly helps.

Within the frontpage form, I'd in theory have to use a simpler method,
just encoding the email address with ascii codes, etc. that are
presented just fine in a browser, but not interpreted by a bot.

The only problem, is that frontpage "fixes" the encoded email address
back to it's character representation. (I'm still using FP2000, btw)

(How it is now: <form method="POST" action="--WEBBOT-SELF--"
onSubmit="return FrontPage_Form1_Validator(this)"
name="FrontPage_Form1">
<!--webbot bot="SaveResults" startspan
U-File="_private/form_results.txt"
S-Format="TEXT/CSV" S-Label-Fields="TRUE"
B-Reverse-Chronology="FALSE"
S-Email-Format="TEXT/PRE" S-Email-Address="info@the domain name.com"
--><strong>[FrontPage Save Results Component]</strong><!--webbot
bot="SaveResults" endspan -->

I'd like to say,
"S-Email-address="(e-mail address removed)">[email protected]&#109"
", but FrontPage converts it back to the character form after saving.

So anyway, anyone have an idea? Either on stopping FP from fixing the
obfuscated email, or a more sophisticated method.

Thanks in advance!

 

[Murray]

most bots can't get it

I believe that if you are smart enough to write a bot, you are smart enough
to decrypt server encoded email addresses. I doubt that this has a
significant impact, really.

The very best (and only reliable in my opinion) method to protect your email
address is to use server scripting to send your mail.

 

[MD Websunlimited]

Most email mining software that I've looked at takes the path of least resistance and therefore looks for links with mailto protocol
specifiers, i.e., <a href=mailto:[email protected]?subject=My Subject > Email Me</a> (Note: you have to get the links anyway so
that you can walk the site looking for more emails to mine ;>)

The next level of complexity is to look for the @ symbol then parse left for a space then right for a space, pass the result through
a email syntax checker, ah to heck with it, just try the suspected email instead of a checker. Repeat the above using an encode
value for the @ sign.

To accomplish this takes about 30 min of coding with tools supplied by MS and can be done at the server level (ASP) or client level.

The point is that if the bot includes the mail address, it can and will be mined. So this effort to use encoding is, IMHO, worthless
and there is no way to change the FP webbot code as it is required by SHTML.dll.


As Murry suggested the only real solution is to use server side scripting of the email.

 

[Jim Buyens]

The only sure method is to send your mail from the server.
That way, your e-mail address never goes out to the broser.

For an example of how to do this, browse:

Mailing Form Data
http://www.interlacken.com/winnt/tips/tipshow.aspx?tip=46

As an added bonus, you get a lot more flexibility
regarding the format of the message.

Jim Buyens
Microsoft FrontPage MVP
http://www.interlacken.com
Author of:
*----------------------------------------------------
|\---------------------------------------------------
|| Microsoft Office FrontPage 2003 Inside Out
||---------------------------------------------------
|| Web Database Development Step by Step .NET Edition
|| Microsoft FrontPage Version 2002 Inside Out
|| Faster Smarter Beginning Programming
|| (All from Microsoft Press)
|/---------------------------------------------------
*----------------------------------------------------