Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2007-11-08 22:25:26

alannie
Member
From: Minnesota, USA
Registered: 2005-09-15
Posts: 150

[request] Graceful email obfuscation, ALA-style

The steps for this method of graceful and accessible email obfuscation are outlined in this ALA article:

http://alistapart.com/articles/gracefulemailobfuscation

I’m developing a site with community-generated content, and having a plugin that could implement the above method would be hugely useful.

Offline

#2 2007-11-08 22:58:00

jstubbs
Member
From: Hong Kong
Registered: 2004-12-13
Posts: 2,395
Website

Re: [request] Graceful email obfuscation, ALA-style

I think this is already included with TXP. Check the txp email tag – it uses JavaScript to obfuscate the email address. Details.

Offline

#3 2007-11-08 23:17:53

alannie
Member
From: Minnesota, USA
Registered: 2005-09-15
Posts: 150

Re: [request] Graceful email obfuscation, ALA-style

Correct, TXP includes an email obfuscation method that encodes using character entities. My understanding is that this method is still vulnerable to some email harvesters.

Offline

#4 2007-11-09 05:38:52

iblastoff
Plugin Author
From: Toronto
Registered: 2006-06-11
Posts: 1,197
Website

Re: [request] Graceful email obfuscation, ALA-style

i was going to attempt to convert this to a plugin but that ala method seems to require editing your .htaccess’s mod_rewrite rules in order to get graceful degradation. i’m not a plugin expert but that seems out of scope for a txp plugin. if anyone else has ideas, by all means!

Last edited by iblastoff (2007-11-09 05:49:34)

Offline

#5 2007-11-09 06:02:22

wet
Developer Emeritus
From: Schoerfling, Austria
Registered: 2005-06-06
Posts: 3,330
Website Mastodon

Re: [request] Graceful email obfuscation, ALA-style

Additionally, Roel Van Gils’ assumption that

A “+” is typically not allowed in real e-mail addresses…

…is not to be taken literally. The + sign is often used as e-mail’s equivalent of the #fragment identifier at web adresses and allows you to craft special purpose e-mail addresses like “first.lastname+private@example.com”, “first.lastname+commentnotify@example.com” and the like which are all delivered into one inbox.

I use this feature on my GMail account to filter and label incoming messages based on the part introduced by the + sign.

Offline

#6 2007-11-09 07:07:26

jstubbs
Member
From: Hong Kong
Registered: 2004-12-13
Posts: 2,395
Website

Re: [request] Graceful email obfuscation, ALA-style

So Robert – does that mean that we are fine with the TXP email tag?

Offline

#7 2007-11-09 07:12:18

wet
Developer Emeritus
From: Schoerfling, Austria
Registered: 2005-06-06
Posts: 3,330
Website Mastodon

Re: [request] Graceful email obfuscation, ALA-style

Talking of the universe as known to Txpish mankind: Spamwise, <txp:email /> is better than plain mailto: links, weaker than zem_contact. Bots which process JavaScript or decode HTML entities will harvest e-mail addresses exposed by <txp:email />. Consider it a first line defense.

Offline

#8 2007-11-09 15:37:16

alannie
Member
From: Minnesota, USA
Registered: 2005-09-15
Posts: 150

Re: [request] Graceful email obfuscation, ALA-style

The + sign is often used as e-mail’s equivalent of the #fragment identifier at web adresses…

Robert, thanks for the enlightening info. Is there a better character you would suggest to replace the + sign that wouldn’t appear in email addresses?

Offline

#9 2007-11-09 19:04:56

wet
Developer Emeritus
From: Schoerfling, Austria
Registered: 2005-06-06
Posts: 3,330
Website Mastodon

Re: [request] Graceful email obfuscation, ALA-style

Per RFC 2822, the local part of an e-mail address (the part to the left of the “@”) can contain just about any character except “(“, “)”, “<”, “>”, “[“, “],”, “;”, “@”, “\” “,”, “.”, and the double quote.

Offline

Board footer

Powered by FluxBB