[request] Graceful email obfuscation, ALA-style

alannie · 2007-11-08 22:25:26

The steps for this method of graceful and accessible email obfuscation are outlined in this ALA article:

http://alistapart.com/articles/gracefulemailobfuscation

I’m developing a site with community-generated content, and having a plugin that could implement the above method would be hugely useful.

jstubbs · 2007-11-08 22:58:00

I think this is already included with TXP. Check the txp email tag – it uses JavaScript to obfuscate the email address. Details.

alannie · 2007-11-08 23:17:53

Correct, TXP includes an email obfuscation method that encodes using character entities. My understanding is that this method is still vulnerable to some email harvesters.

iblastoff · 2007-11-09 05:38:52

i was going to attempt to convert this to a plugin but that ala method seems to require editing your .htaccess’s mod_rewrite rules in order to get graceful degradation. i’m not a plugin expert but that seems out of scope for a txp plugin. if anyone else has ideas, by all means!

Last edited by iblastoff (2007-11-09 05:49:34)

wet · 2007-11-09 06:02:22

Additionally, Roel Van Gils’ assumption that

A “+” is typically not allowed in real e-mail addresses…

…is not to be taken literally. The + sign is often used as e-mail’s equivalent of the #fragment identifier at web adresses and allows you to craft special purpose e-mail addresses like “first.lastname+private@example.com”, “first.lastname+commentnotify@example.com” and the like which are all delivered into one inbox.

I use this feature on my GMail account to filter and label incoming messages based on the part introduced by the + sign.

jstubbs · 2007-11-09 07:07:26

So Robert – does that mean that we are fine with the TXP email tag?

wet · 2007-11-09 07:12:18

Talking of the universe as known to Txpish mankind: Spamwise, <txp:email /> is better than plain mailto: links, weaker than zem_contact. Bots which process JavaScript or decode HTML entities will harvest e-mail addresses exposed by <txp:email />. Consider it a first line defense.

alannie · 2007-11-09 15:37:16

The + sign is often used as e-mail’s equivalent of the #fragment identifier at web adresses…

Robert, thanks for the enlightening info. Is there a better character you would suggest to replace the + sign that wouldn’t appear in email addresses?

wet · 2007-11-09 19:04:56

Per RFC 2822, the local part of an e-mail address (the part to the left of the “@”) can contain just about any character except “(“, “)”, “<”, “>”, “[“, “],”, “;”, “@”, “\” “,”, “.”, and the double quote.

Textpattern CMS

Textpattern CMS support forum

#1 2007-11-08 22:25:26

[request] Graceful email obfuscation, ALA-style

#2 2007-11-08 22:58:00

Re: [request] Graceful email obfuscation, ALA-style

#3 2007-11-08 23:17:53

Re: [request] Graceful email obfuscation, ALA-style

#4 2007-11-09 05:38:52

Re: [request] Graceful email obfuscation, ALA-style

#5 2007-11-09 06:02:22

Re: [request] Graceful email obfuscation, ALA-style

#6 2007-11-09 07:07:26

Re: [request] Graceful email obfuscation, ALA-style

#7 2007-11-09 07:12:18

Re: [request] Graceful email obfuscation, ALA-style

#8 2007-11-09 15:37:16

Re: [request] Graceful email obfuscation, ALA-style

#9 2007-11-09 19:04:56

Re: [request] Graceful email obfuscation, ALA-style

Board footer