Comments on: Safer Mailto Links

By: Andrea

Andrea — Sat, 27 May 2006 09:03:08 +0000

Samples 3 and 4 are not always working on Fx. Firebug tells me that the post is not fired at all. Since I’ve never seen JQuery’s ready ‘event’ fail to fire, I’m left wondering whether the post shouldn’t wait for the load event instead: not that I would know why, but maybe you can’t post before the page is loaded? Just wondering.
Also, and maybe slightly beside the point of a JQuery tutorial like this, I wonder how long it will take for email harvesters to read the ‘generated’ rather than the loaded source.
In fact, I’d be surprised if they don’t already, since this kind of techniques have been around for a while now.
This said, nice work, it’s great to see a short tutorials site for JQuery.

By: Joel Birch

Joel Birch — Sat, 27 May 2006 09:44:55 +0000

This is a great solution. I’m sick of using inline code to do generate the mailto address, because those solutions seem hacky and use document.write which only causes more problems for me.

Having not yet got my Ajax feet wet however, could you please post an example of what the php file contains? That would help me greatly. Thanks a lot.

By: Joel Birch

Joel Birch — Sat, 27 May 2006 14:07:25 +0000

Ok, I got it working anyway - that wasn’t so hard after all. Cheers

By: Jack

Jack — Sat, 27 May 2006 14:49:59 +0000

@Andrea
I assume by Fx you mean Firefox… which I use too and it appears to be working fine. If someone else sees the same problem, please let me know.
I can’t say for certain if harvesting programs can read generated code but I would think that it would be much more difficult. And if you’re asking the visitor to click a link or press a form button then I’d imagine that the bar would be raised that much further for email harvesting software.

As I mentioned in the tutorial:

Is this a rock solid way to absolutely guarantee that you will never get spam and only receive pleasant emails from friendly web visitors… no.

@Joel
I’ll post a link to the code shortly, even though you got it working. Glad you liked the tutorial.

By: Andrea

Andrea — Mon, 29 May 2006 09:04:38 +0000

Hi again. I’m having the same problem again on another PC at work, again with Firefox 1.5.0.3 (I know that sounds a bit überGeeky, but Fx is the ‘official’ preferred abbreviation for Fx). In particular, it happens if you come back to the page after a first visit. I need to refresh to see the effect. I’m not at all sure why this happens. One would think that it has something to do with the cache, like if jQuery’s ajax plugin wasn’t calling back your function when data is retrieved from the cache, but I doubt it. I’d probably try to run the code in a $(”document”).load rather than $(”document”).ready and see if that changes anything. Unless of course I’m really the only Fx user on earth who’s having this problem, but that sounds unlikely.
On the other point, I’m afraid reading the generated source is not that hard (a Firefox extension wouldn’t be too hard to develop - in fact I use a few who do already), but I agree that it is still more work, in particular if you also ask for an additional action from the user.
In fact, in spite of my worries, I’m seriously thinking about using your solution…
Cheers.

By: Jeff

Jeff — Mon, 29 May 2006 20:25:24 +0000

I’m really enjoying this jquery series. Thank you!

I have a problem reading these posts through rss (specifically: with bloglines) because the links to your examples use relative addressing.

By: Jack

Jack — Mon, 29 May 2006 21:47:40 +0000

@Jeff,
Great catch. I’m going to fix that tonight. I’m currently trying to catch up from taking Memorial Day weekend off.

Thanks for the heads up. Didn’t even consider it, so you helped out a ton with that comment.

By: Jack

Jack — Mon, 29 May 2006 22:32:11 +0000

@Andrea,
I too use 1.5.03 and I don’t see any problems. Demo 3 doesn’t do the fade in when you visit another page and then hit the back button, but the mailto links are there. If that’s the issue, then I think you’d need to send some specifically designed headers via server side code to prevent the browser from caching the content.

By: Antonio

Antonio — Tue, 30 May 2006 11:29:38 +0000

I had this “e-mail protection” problem recently, and I was worried also by the generated code, but I didn’t know about jQuery. In the end I did this:
http://bcds.udg.es/red-mpls/participantes.php

Now I have to do a jQuery version

By: Andrea

Andrea — Thu, 08 Jun 2006 17:05:36 +0000

@Jack,
I have no idea of what was happening, but it’s working without any problem now on my home PC (only thing that changed is that I just updated to 1.5.0.4, but I’m sure that has nothing to do with it). I’ll also try again from work, but in the meanwhile apologies for the false alarm.

@Antonio,
Great solution! Thanks for sharing.

By: Steve

Steve — Fri, 09 Jun 2006 13:08:52 +0000

Would you mind commenting on this Javascript technique? It seems to work, so far. Are there any drawbacks with it?
http://www.badboy.ro/articles/2005-01-25/

By: Jack

Jack — Fri, 09 Jun 2006 14:35:36 +0000

@Steve,
The page you’ve linked to gives some code that is short, but I don’t think is quite as good as what I’ve presented for two reasons:

1- The email address is sitting in the source of the html as you(at)isp.com which could make it very easy for a spam harvester to come along and grab. IMO easier to grab this kind of text and transpose the (at) with a true @ sign than what I’ve done here, which is to put the email addresses in a separate file.

2- Pulling off multiple email addresses on one page looks tedious with the code you linked to.

That said, if it works for you - who am I to tell you not to use it?

By: Curious George

Curious George — Tue, 16 Jan 2007 23:47:15 +0000

Interesting idea. But the generated source will still show the email address(es). What is preventing an intelligent spammer to scraping through the generated source code using some simple scripts?

By: Jack

Jack — Wed, 17 Jan 2007 01:32:59 +0000

George,
The code I’m familiar with for grabbing remote files is the PHP Snoopy class. To my knowledge, this is not capable of grabbing “generated” source html since a javascript enabled browser, or some similar mechanism, would be required to run the javascript code… but I also have to assume that you have a few scripts in mind that would do the trick.

That said, I would answer it this way:

1) It’s not as secure as a good contact form and server side processor, and I never intended to give that impression.

2) Spammers are lazy, and there are plenty of easier ways to harvest email addresses

3) It’s up to the webmaster/coder to decide what tradeoff they want to strike between easy of use and security. I’m pretty clear in my article that on one end of the spectrum you have a contact form, on the other you have a naked mailto link, and in between somewhere you have this technique.

4) I’ve been reading articles about some spammers going so far as to hire people to type in captchas. So the “unbreakable” CAPTCHA that is frustrating for good guys to use, isn’t even a foolproof solution against spam.

By: anonymous

anonymous — Wed, 14 Feb 2007 04:07:07 +0000

How about just:
$(’a.emaillink’).each(function(){
var to_replace = ‘ [at-no-spam] ‘;
$(this).html(
$(this).html().replace(to_replace, ‘@’)
).attr(’href’,
$(this).attr(’href’).replace(to_replace, ‘@’)
);
});

and:
test [at-no-spam] gmail.com

By: Jack

Jack — Wed, 14 Feb 2007 04:11:30 +0000

anon,
Actually, I have a plugin that does just that coming soon.

By: sunfish

sunfish — Mon, 23 Apr 2007 13:17:11 +0000

Uuups, my first post has vanished and the second is not complete. I do not know how to post code. But you can have a look at the mentioned homepage.

By: Srini

Srini — Fri, 14 Sep 2007 05:28:40 +0000

Nice tutorial..
I tried this and it just didnt work.
Should I delay the slideDown somehow??

Slide down

$(document).load( function() {
$(”div.slideMe”).slideDown(”slow”);
});

Google
jQuery really does it..