Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2006-01-22 17:59:17

David_1cog
Member
From: Bristol, England
Registered: 2004-09-09
Posts: 58
Website

[request] JavaScript email encryption

The current txp email obfuscator (<code><txp:email email=“name@domain.com” linktext=“name@domain.com” title=“send an email” /></code>) works by converting the ‘mailto:’ to HTML entities. Given that this is a very simple form of obfuscation, it’s very easy for email harvesters to read. Even worse, if we want the link text to be the email address, then it is wide open for any email harvester. I’d therefore like to find a more secure method.

The author of the following JavaScript encryption method has very generously given permission for his code to be used in Txp provided he receives due credit: http://guymal.com/nospam_email_link.php. Further information available at http://guymal.com/mycode/xor_js_encryption/.

Unfortunately, lack of time and experience with Txp means I’m not going to turn this in to a plugin any time soon, so looking for someone interested and capable!

Any takers? :)

Last edited by David_1cog (2006-01-22 18:01:58)


David @ 1 Cog
“Follow the shoe!” … “No, follow the gourd!”

Offline

#2 2006-01-22 18:59:51

Jeremie
Member
From: Provence, France
Registered: 2004-08-11
Posts: 1,578
Website

Re: [request] JavaScript email encryption

It’s not a good way to do it too.

First : if an UA can decrypt it, so can a spambot. Maybe it will give us a few weeks, but spambot are adapted to the latest tricks.

Second : it’s not accessible. An email function should be usable even without javascript capability.

The only way to prevent a spam nowadays is to use a form to send the mail.

Offline

#3 2006-01-22 21:37:49

David_1cog
Member
From: Bristol, England
Registered: 2004-09-09
Posts: 58
Website

Re: [request] JavaScript email encryption

It is a very good way to do it, provided the user understands the limitations.

1. I’ve been using another encryption method for two or three years with complete success, i.e. the emails treated with this encryption have not been spammed. The method I linked to offers at least the same level of protection.

2. it’s up to the developer to provide alternative, accessible methods, e.g. form submission.

You’ll note that I never said it was infallible, but in the real world my clients appreciate that their email is not drowned in spam a few weeks after thier website goes live, and that’s what this will help achieve.

[edit]P.S. There’s a law of diminishing returns for spammers … and when there are millions of websites to scrape emails off there’s little sense in them wasting time analysing and processing obscure JavaScript in the hope they pick up a few more emails.

Last edited by David_1cog (2006-01-22 21:41:40)


David @ 1 Cog
“Follow the shoe!” … “No, follow the gourd!”

Offline

#4 2006-01-23 01:15:47

Dawk
Member
Registered: 2005-02-22
Posts: 74

Re: [request] JavaScript email encryption

I have an unencrypted one I’ve been using for almost 2 years & has worked perfectly!

The choice between getting uber spammed & an inconvenience to those w/.js turned off was an easy one for me. I’m bigtime anti.js too.

Save as spamthis.js
<code>
var name = “yourname”;
var address = “yoursite.com”;
var link = “yourlinktext”;
var subject = “your%20subject”;
function spamthis() {
document.write(‘<a href=mailto:’ + name + ‘@’ + address + ‘?subject=’ + subject + ‘>’ + link + ‘</a>’);
}
</code>

Add ext .js link to your page head
<code>
<script type=“text/javascript” src=“spamthis.js”></script>
</code>

Stick where you want your email link
<code>
<script type=“text/javascript”>spamthis();</script>
</code>

I think the ext .js file is the reason it has worked so well?

cheers

Offline

Board footer

Powered by FluxBB