使电子邮件地址免受网页上机器人的攻击?

发布于 2024-07-06 18:23:54 字数 1165 浏览 6 评论 0 原文

当在网页上放置电子邮件地址时,您是否将它们放置为如下文本:

[email protected]

或者使用巧妙的技巧来尝试欺骗电子邮件地址收集机器人? 例如:

HTML 转义字符:

joe.somebody@company.com

Javascript 解密器:

function XOR_Crypt(EmailAddress)
{
    Result = new String();
    for (var i = 0; i < EmailAddress.length; i++)
    {
        Result += String.fromCharCode(EmailAddress.charCodeAt(i) ^ 128);
    }
    document.write(Result);
}

XOR_Crypt("êïå®óïíåâïäùÀãïíðáîù®ãïí");

人类解码:

[email protected]

joe.somebody AT company.com

你使用什么或者你甚至打扰什么?

When placing email addresses on a webpage do you place them as text like this:

[email protected]

or use a clever trick to try and fool the email address harvester bots? For example:

HTML Escape Characters:

joe.somebody@company.com

Javascript Decrypter:

function XOR_Crypt(EmailAddress)
{
    Result = new String();
    for (var i = 0; i < EmailAddress.length; i++)
    {
        Result += String.fromCharCode(EmailAddress.charCodeAt(i) ^ 128);
    }
    document.write(Result);
}

XOR_Crypt("êïå®óïíåâïäùÀãïíðáîù®ãïí");

Human Decode:

[email protected]

joe.somebody AT company.com

What do you use or do you even bother?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(30

装纯掩盖桑 2024-07-13 18:23:55

一种可能是使用 isTrusted 属性 (Javascript)。

Event 接口的 isTrusted 只读属性是一个布尔值
当事件由用户操作生成时为 true,为 false
当事件由脚本创建或修改或通过调度时
EventTarget.dispatchEvent()。

例如,在您的情况下:

getEmail() {
  if (event.isTrusted) {
    /* The event is trusted */
    return '[email protected]';
  } else {
    /* The event is not trusted */
    return '[email protected]';
  }
}

⚠ IE 不兼容!

从文档中阅读更多内容: https://developer.mozilla.org /en-US/docs/Web/API/Event/isTrusted

One possibility would be to use isTrusted property (Javascript).

The isTrusted read-only property of the Event interface is a Boolean
that is true when the event was generated by a user action, and false
when the event was created or modified by a script or dispatched via
EventTarget.dispatchEvent().

eg in your case:

getEmail() {
  if (event.isTrusted) {
    /* The event is trusted */
    return '[email protected]';
  } else {
    /* The event is not trusted */
    return '[email protected]';
  }
}

⚠ IE isn't compatible !

Read more from doc: https://developer.mozilla.org/en-US/docs/Web/API/Event/isTrusted

贪恋 2024-07-13 18:23:55

我创建了我的 [电子邮件受保护],然后在它旁边写上“删除”大写字母”

I make mine [email protected] and then next to it I write "Remove the capital letters"

娜些时光,永不杰束 2024-07-13 18:23:55

另一种可能是独特的技术可能是使用多个图像和一些纯文本字母来显示地址。 这可能会让机器人感到困惑。

Another, possibly unique, technique might be to use multiple images and a few plain-text letters to display the address. That might confuse the bots.

面如桃花 2024-07-13 18:23:54

在 CSS 中使用内容和属性:

.cryptedmail:after {
  content: attr(data-name) "@" attr(data-domain) "." attr(data-tld); 
}
<a href="#" class="cryptedmail"
   data-name="info"
   data-domain="example"
   data-tld="org"
   onclick="window.location.href = 'mailto:' + this.dataset.name + '@' + this.dataset.domain + '.' + this.dataset.tld; return false;"></a>

当javascript被禁用时,只有点击事件将不起作用,电子邮件仍然会显示。

另一个有趣的方法(至少没有点击事件)是利用从右到左的标记来覆盖书写方向。 有关此的更多信息: https://en.wikipedia.org/wiki/Right-to-left_mark

Working with content and attr in CSS:

.cryptedmail:after {
  content: attr(data-name) "@" attr(data-domain) "." attr(data-tld); 
}
<a href="#" class="cryptedmail"
   data-name="info"
   data-domain="example"
   data-tld="org"
   onclick="window.location.href = 'mailto:' + this.dataset.name + '@' + this.dataset.domain + '.' + this.dataset.tld; return false;"></a>

When javascript is disabled, just the click event will not work, email is still displayed.

Another interesting approach (at least without a click event) would be to make use of the right-to-left mark to override the writing direction. more about this: https://en.wikipedia.org/wiki/Right-to-left_mark

独享拥抱 2024-07-13 18:23:54

这是我使用的方法,带有服务器端包含,例如 其中 emailObfuscator.include 包含以下内容:

<!-- // http://lists.evolt.org/archive/Week-of-Mon-20040202/154813.html -->
<script type="text/javascript">
    function gen_mail_to_link(lhs,rhs,subject) {
        document.write("<a href=\"mailto");
        document.write(":" + lhs + "@");
        document.write(rhs + "?subject=" + subject + "\">" + lhs + "@" + rhs + "<\/a>");
    }
</script>

为了包含地址,我使用 JavaScript:

<script type="text/javascript"> 
    gen_mail_to_link('john.doe','example.com','Feedback about your site...');
</script>
<noscript>
  <em>Email address protected by JavaScript. Activate JavaScript to see the email.</em>
</noscript>

因为自 2005 年以来我一直通过 Gmail 接收电子邮件,所以垃圾邮件几乎不成问题。 所以,我不能说这个方法有多有效。 您可能想阅读 这项研究(虽然很旧)生成了这个图表:

在此处输入图像描述

This is the method I used, with a server-side include, e.g. <!--#include file="emailObfuscator.include" --> where emailObfuscator.include contains the following:

<!-- // http://lists.evolt.org/archive/Week-of-Mon-20040202/154813.html -->
<script type="text/javascript">
    function gen_mail_to_link(lhs,rhs,subject) {
        document.write("<a href=\"mailto");
        document.write(":" + lhs + "@");
        document.write(rhs + "?subject=" + subject + "\">" + lhs + "@" + rhs + "<\/a>");
    }
</script>

To include an address, I use JavaScript:

<script type="text/javascript"> 
    gen_mail_to_link('john.doe','example.com','Feedback about your site...');
</script>
<noscript>
  <em>Email address protected by JavaScript. Activate JavaScript to see the email.</em>
</noscript>

Because I have been getting email via Gmail since 2005, spam is pretty much a non-issue. So, I can't speak of how effective this method is. You might want to read this study (although it's old) that produced this graph:

enter image description here

你在看孤独的风景 2024-07-13 18:23:54

看看这样,非常聪明并且使用CSS。

CSS

span.reverse {
  unicode-bidi: bidi-override;
  direction: rtl;
}

HTML

<span class="reverse">moc.rehtrebttam@retsambew</span>

上面的 CSS 将覆盖阅读方向并以正确的顺序向用户呈现文本。

希望它有帮助

干杯

Have a look at this way, pretty clever and using css.

CSS

span.reverse {
  unicode-bidi: bidi-override;
  direction: rtl;
}

HTML

<span class="reverse">moc.rehtrebttam@retsambew</span>

The CSS above will then override the reading direction and present the text to the user in the correct order.

Hope it helps

Cheers

末骤雨初歇 2024-07-13 18:23:54

最初不是我的想法,但我找不到作者:

<a href="mailto:[email protected]"
    onmouseover="this.href=this.href.replace(/x/g,'');">link</a>

添加任意多个 x。 它可以完美地读取、复制和粘贴,并且不能被机器人读取。

Not my idea originally but I can't find the author:

<a href="mailto:[email protected]"
    onmouseover="this.href=this.href.replace(/x/g,'');">link</a>

Add as many x's as you like. It works perfectly to read, copy and paste, and can't be read by a bot.

提笔书几行 2024-07-13 18:23:54

我一般不会打扰。 我曾经在一个邮件列表中,每天都会收到数千封垃圾邮件。 我们的垃圾邮件过滤器 (spamassassin) 每天可能允许 1 到 2 封邮件通过。 有了这么好的过滤器,为什么合法的人很难联系到你呢?

I generally don't bother. I used to be on a mailing list that got several thousand spams every day. Our spam filter (spamassassin) let maybe 1 or 2 a day through. With filters this good, why make it difficult for legitimate people to contact you?

池木 2024-07-13 18:23:54

发明你自己的疯狂电子邮件地址混淆方案。 实际上,它是什么并不重要,只要它与任何众所周知的方法不太相似即可。

问题是,确实没有一个好的解决方案,它们要么相对容易绕过,要么让用户感到恼火。 如果任何一种方法变得流行,那么就会有人找到解决方法。

因此,与其寻找 One True 电子邮件地址混淆技术,不如想出自己的技术。 相信这些机器人作者并不太关心你的网站,不会坐下来写一些东西来绕过你有点疯狂的带有 CSS 和元素边框的渲染文本或完全奇怪的、容易破解的 JavaScript 加密。 即使它很微不足道也没关系,没有人会费心试图绕过它,以便向您发送垃圾邮件。

Invent your own crazy email address obfuscation scheme. Doesn't matter what it is, really, as long as it's not too similar to any of the commonly known methods.

The problem is that there really isn't a good solution to this, they're all either relatively simple to bypass, or rather irritating for the user. If any one method becomes prevalent, then someone will find a way around it.

So rather than looking for the One True email address obfuscation technique, come up with your own. Count on the fact that these bot authors don't care enough about your site to sit around writing a thing to bypass your slightly crazy rendering-text-with-css-and-element-borders or your completely bizarre, easily-cracked javascript encryption. It doesn't matter if it's trivial, nobody will bother trying to bypass it just so they can spam you.

逆流 2024-07-13 18:23:54

我认为唯一万无一失的方法是创建一个“联系我”页面,该页面是一个提交到发送到您的电子邮件地址的脚本的表单。 这样,您的地址就永远不会暴露给公众。 由于某种原因,这可能是不可取的,但我认为这是一个非常好的解决方案。 当我被迫将某人的电子邮件地址从他们的网站复制/粘贴到我的邮件客户端并向他们发送消息时,这常常让我感到恼火; 我宁愿通过他们网站上的表格直接完成。 此外,这种方法允许您向您发送匿名评论等。请务必使用某种反机器人方案(例如验证码)来保护您的表单。 SO 上有很多讨论。

I think the only foolproof method you can have is creating a Contact Me page that is a form that submits to a script that sends to your email address. That way, your address is never exposed to the public at all. This may be undesirable for some reason, but I think it's a pretty good solution. It often irks me when I'm forced to copy/paste someone's email address from their site to my mail client and send them a message; I'd rather do it right through a form on their site. Also, this approach allows you to have anonymous comments sent to you, etc. Just be sure to protect your form using some kind of anti-bot scheme, such as a captcha. There are plenty of them discussed here on SO.

凑诗 2024-07-13 18:23:54

您可以使用 reCAPTCHA 保护您的电子邮件地址,他们提供免费服务,因此人们必须输入 CAPTCHA(完全自动化的公共图灵测试来区分计算机和人类)才能查看您的电子邮件:https://www.google.com/recaptcha/admin#mailhide

You can protect your email address with reCAPTCHA, they offer a free service so people have to enter a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to see your email: https://www.google.com/recaptcha/admin#mailhide

杀手六號 2024-07-13 18:23:54

我写了一个 编码器 ()使用了我能想到的各种解析技巧(不同类型的HTML 实体、URL 编码、注释、多行属性、软连字符、mailto: URL 的不明显结构等)

它不会阻止所有收集器,但它完全符合标准并且对用户透明。

恕我直言,另一个好的方法(除了棘手的编码之外,您还可以使用它)是:

<a href="mailto:[email protected]" 
   onclick="this.href=this.href.replace(/hatestogetspam/,'')">

I've written an encoder (source) that uses all kinds of parsing tricks that I could think of (different kinds of HTML entities, URL encoding, comments, multiline attributes, soft hyphens, non-obvious structure of mailto: URL, etc)

It doesn't stop all harvesters, but OTOH it's completely standards-compliant and transparent to the users.

Another IMHO good approach (which you can use in addition to tricky encoding) is along lines of:

<a href="mailto:[email protected]" 
   onclick="this.href=this.href.replace(/hatestogetspam/,'')">
尴尬癌患者 2024-07-13 18:23:54

如果你有 php 支持,你可以这样做:

<img src="scriptname.php">

还有 scriptname.php:

<?php
header("Content-type: image/png");
// Your email address which will be shown in the image
$email    =    "[email protected]";
$length    =    (strlen($email)*8);
$im = @ImageCreate ($length, 20)
     or die ("Kann keinen neuen GD-Bild-Stream erzeugen");
$background_color = ImageColorAllocate ($im, 255, 255, 255); // White: 255,255,255
$text_color = ImageColorAllocate ($im, 55, 103, 122);
imagestring($im, 3,5,2,$email, $text_color);
imagepng ($im);
?>

If you have php support, you can do something like this:

<img src="scriptname.php">

And the scriptname.php:

<?php
header("Content-type: image/png");
// Your email address which will be shown in the image
$email    =    "[email protected]";
$length    =    (strlen($email)*8);
$im = @ImageCreate ($length, 20)
     or die ("Kann keinen neuen GD-Bild-Stream erzeugen");
$background_color = ImageColorAllocate ($im, 255, 255, 255); // White: 255,255,255
$text_color = ImageColorAllocate ($im, 55, 103, 122);
imagestring($im, 3,5,2,$email, $text_color);
imagepng ($im);
?>
旧时模样 2024-07-13 18:23:54

我知道我的答案不会被很多人喜欢,但请在拒绝之前考虑这里概述的要点。

任何易于机器读取的内容都将很容易被垃圾邮件发送者机器读取。 尽管他们的行为在我们看来很愚蠢,但他们并不是愚蠢的人。 他们富有创新精神且足智多谋。 他们不仅仅使用机器人来收集电子邮件,他们还可以使用多种方法,除此之外,他们还只需付费购买最新的电子邮件列表。 这意味着,他们在全球范围内吸引了数千名黑帽黑客来执行他们的工作。 人们准备编写恶意软件来抓取其他人浏览器的屏幕,最终使您尝试实现的任何方法变得毫无用处。 这篇帖子已经被 10 多个这样的人阅读过,他们在嘲笑我们。 他们中的一些人甚至可能会无聊到流泪,因为我们无法向他们提出新的挑战。

请记住,您最终并不是要节省自己的时间,而是要节省别人的时间。 因此,请考虑在这里多花一些时间。 没有任何易于执行的灵丹妙药可以发挥作用。 如果您在一家在网站上发布 100 个人电子邮件的公司工作,并且您每天可以减少每人 1 封垃圾邮件,那么我们每年大约会收到 36500 封垃圾邮件。 如果删除此类电子邮件平均需要 5 秒,那么我们每年大约需要 50 个工作小时。 更不用说减少烦恼了。 那么,为什么不花几个小时在这上面呢?

不仅您和收到电子邮件的人认为时间是一种资产。 因此,您必须找到一种方法来混淆电子邮件地址,这样破解它就无济于事。 如果您使用某种广泛使用的方法来混淆电子邮件,那么破解它确实是值得的。 因此,破解者将获得数千甚至数十万封新电子邮件。 对于他们来说,他们会得到钱。

因此,继续编写您自己的方法。 这是重新发明轮子真正获得回报的罕见案例。 使用一种机器可读的方法,并且最好需要一些用户交互而不牺牲用户体验。

我花了大约 20 分钟编写了一个示例来说明我的意思。 在示例中,我使用 KnockoutJS 只是因为我喜欢它,而且我知道您自己可能不会使用它。 但无论如何这都是无关紧要的。 这是一个定制的解决方案,并未得到广泛使用。 破解它不会带来任何奖励,因为这种方法只能在广阔的互联网中的单个页面上起作用。

这是小提琴: http://jsfiddle.net/hzaw6/

下面的代码并不是一个示例好的代码。 但这只是一个快速的代码示例,机器很难理解我们甚至在这里处理电子邮件。 即使可以做到,大规模执行也不会得到回报。

是的,我确实知道它在 IE = lte8 上不起作用,因为“无法获取未定义或空引用的属性‘属性’”,但我根本不在乎,因为它只是方法演示,而不是实际实现,并且不打算按原样用于生产。 随意编写自己的代码,这更酷,技术上更可靠等等。

哦,永远不要用 html 或 javascript 命名邮件或电子邮件。 抓取 DOM 和窗口对象来查找任何名为邮件或电子邮件的内容并检查它是否包含与电子邮件匹配的内容实在是太容易了。 这就是为什么您不希望任何变量包含完整形式的电子邮件,这也是为什么您希望用户在分配此类变量之前与页面进行交互的原因。 如果您的 javascript 对象模型包含任何处于 DOM 就绪状态的电子邮件地址,您就会将它们暴露给垃圾邮件发送者。

HTML:

<div data-bind="foreach: contacts">
    <div class="contact">
        <div>
            <h5 data-bind="text: firstName + ' ' + lastName + ' / ' + department"></h5>
            <ul>
                <li>Phone: <span data-bind="text: phone"></span></li>
                <li><a href="#999" data-bind="click:$root.reveal">E-mail</a> <span data-bind="visible: $root.msgMeToThis() != ''"><input class="merged" data-bind="value: mPrefix" readonly="readonly" /><span data-bind="text: '@' + domain"></span></span></li>
            </ul>
        </div>
    </div>
</div>

JS

function ViewModel(){
    var self = this;

    self.contacts = ko.observableArray([
        { firstName:'John', mPrefix: 'john.doe', domain: 'domain.com', lastName: 'Doe', department: 'Sales', phone: '+358 12 345 6789' },
        { firstName:'Joe', mPrefix: 'joe.w', domain: 'wonder.com', lastName: 'Wonder', department: 'Time wasting', phone: '+358 98 765 4321' },
        { firstName:'Mike', mPrefix: 'yo', domain: 'rappin.com', lastName: 'Rophone', department: 'Audio', phone: '+358 11 222 3333' }
    ]);
    self.msgMeToThis = ko.observable('');
    self.reveal = function(m, e){
        var name = e.target.attributes.href.value;
        name = name.replace('#', '');
        self.msgMeToThis(name);
    };
}
var viewModel = new ViewModel();
ko.applyBindings(viewModel);

I know my answer won't be liked by many but please consider the points outlined here before thumbing down.

Anything easily machine readable will be easily machine readable by the spammers. Even though their actions seem stupid to us, they're not stupid people. They're innovative and resourceful. They do not just use bots to harvest e-mails, they have a plethora of methods at their disposal and in addition to that, they simply pay for good fresh lists of e-mails. What it means is, that they got thousands of black-hat hackers worldwide to execute their jobs. People ready to code malware that scrape the screens of other peoples' browsers which eventually renders any method you're trying to achieve useless. This thread has already been read by 10+ such people and they're laughing at us. Some of them may be even bored to tears to find out we cannot put up a new challenge to them.

Keep in mind that you're not eventually trying to save your time but the time of others. Because of this, please consider spending some extra time here. There is no easy-to-execute magic bullet that would work. If you work in a company that publishes 100 peoples' e-mails on the site and you can reduce 1 spam e-mail per day per person, we're talking about 36500 spam emails a year. If deleting such e-mail takes 5 seconds on average, we're talking about 50 working hours yearly. Not to mention the reduced amount of annoyance. So, why not spend a few hours on this?

It's not only you and the people who receive the e-mail that consider time an asset. Therefore, you must find a way to obfuscate the e-mail addresses in such way, that it doesn't pay off to crack it. If you use some widely used method to obfuscate the e-mails, it really pays off to crack it. Since as an result, the cracker will get their hands on thousands, if not tens or hundreds of thousands of fresh e-mails. And for them, they will get money.

So, go ahead and code your own method. This is a rare case where reinventing the wheel really pays off. Use a method that is not machine readable and one which will preferably require some user interaction without sacrificing the user experience.

I spent some 20 minutes to code off an example of what I mean. In the example, I used KnockoutJS simply because I like it and I know you won't probably use it yourself. But it's irrelevant anyway. It's a custom solution which is not widely used. Cracking it won't pose a reward for doing it since the method of doing it would only work on a single page in the vast internet.

Here's the fiddle: http://jsfiddle.net/hzaw6/

The below code is not meant to be an example of good code. But just a quick sample of code which is very hard for machine to figure out we even handle e-mails in here. And even if it could be done, it's not gonna pay off to execute in large scale.

And yes, I do know it doesn't work on IE = lte8 because of 'Unable to get property 'attributes' of undefined or null reference' but I simply don't care because it's just a demo of method, not actual implementation, and not intended to be used on production as it is. Feel free to code your own which is cooler, technically more solid etc..

Oh, and never ever ever name something mail or email in html or javascript. It's just way too easy to scrape the DOM and the window object for anything named mail or email and check if it contains something that matches an e-mail. This is why you don't want any variables ever that would contain e-mail in it's full form and this is also why you want user to interact with the page before you assign such variables. If your javascript object model contains any e-mail addresses on DOM ready state, you're exposing them to the spammers.

The HTML:

<div data-bind="foreach: contacts">
    <div class="contact">
        <div>
            <h5 data-bind="text: firstName + ' ' + lastName + ' / ' + department"></h5>
            <ul>
                <li>Phone: <span data-bind="text: phone"></span></li>
                <li><a href="#999" data-bind="click:$root.reveal">E-mail</a> <span data-bind="visible: $root.msgMeToThis() != ''"><input class="merged" data-bind="value: mPrefix" readonly="readonly" /><span data-bind="text: '@' + domain"></span></span></li>
            </ul>
        </div>
    </div>
</div>

The JS

function ViewModel(){
    var self = this;

    self.contacts = ko.observableArray([
        { firstName:'John', mPrefix: 'john.doe', domain: 'domain.com', lastName: 'Doe', department: 'Sales', phone: '+358 12 345 6789' },
        { firstName:'Joe', mPrefix: 'joe.w', domain: 'wonder.com', lastName: 'Wonder', department: 'Time wasting', phone: '+358 98 765 4321' },
        { firstName:'Mike', mPrefix: 'yo', domain: 'rappin.com', lastName: 'Rophone', department: 'Audio', phone: '+358 11 222 3333' }
    ]);
    self.msgMeToThis = ko.observable('');
    self.reveal = function(m, e){
        var name = e.target.attributes.href.value;
        name = name.replace('#', '');
        self.msgMeToThis(name);
    };
}
var viewModel = new ViewModel();
ko.applyBindings(viewModel);
青春有你 2024-07-13 18:23:54

您可以尝试使用十六进制的html实体隐藏字符(例如:@代表@)。
这是方便的解决方案,因为正确的浏览器会翻译它,并且您可以拥有正常的链接。
缺点是机器人可以从理论上翻译它,但这有点不寻常。
我用它来保护我博客上的电子邮件。

另一种解决方案是使用javascript来组装部分地址并即时解码地址。
缺点是禁用 JavaScript 的浏览器不会显示您的地址。

最有效的解决方案是使用图像,但用户必须手动复制地址,这对用户来说很痛苦。

您的解决方案非常好,因为您只为禁用了 javascript 的用户添加了一个缺点(手动编写 @)。
您还可以通过以下方式更加安全:

onclick="this.href='mailto:' + 'admin' + '@' + 'domain.com'"

You can try to hide characters using html entities in hexa (ex: @ for @).
This is convenient solution, as a correct browser will translate it, and you can have a normal link.
The drawback is that a bot can translate it theorically, but it's a bit unusual.
I use this to protect my e-mail on my blog.

Another solution is to use javascript to assemble part of the address and to decode on-the-fly the address.
The drawback is that a javascript-disabled browser won't show your adress.

The most effective solution is to use an image, but it's a pain for the user to have to copy the address by hand.

Your solution is pretty good, as you only add a drawback (writing manually the @) only for user that have javascript disabled.
You can also be more secure with :

onclick="this.href='mailto:' + 'admin' + '@' + 'domain.com'"
我的黑色迷你裙 2024-07-13 18:23:54

我最喜欢的方法之一是使用 php 混淆电子邮件地址,一个经典的示例是将字符转换为十六进制值,如下所示:

function myobfiscate($emailaddress){
 $email= $emailaddress;                
 $length = strlen($email);                         
 for ($i = 0; $i < $length; $i++){                
 $obfuscatedEmail .= "&#" . ord($email[$i]).";";
 }
 echo $obfuscatedEmail;
}

然后在我的标记中我将简单地调用它,如下所示:

  <a href="mailto:<?php echo myobfiscate('[email protected]'); ?>"
title="Email me!"><?php echo myobfiscate('[email protected]');?> </a>

然后检查您的源代码,您将惊喜不已!

One of my favorite methods is to obfuscate the email address using php, a classic example is to convert the characters to HEX values like so:

function myobfiscate($emailaddress){
 $email= $emailaddress;                
 $length = strlen($email);                         
 for ($i = 0; $i < $length; $i++){                
 $obfuscatedEmail .= "&#" . ord($email[$i]).";";
 }
 echo $obfuscatedEmail;
}

And then in my markup I'll simply call it as follows:

  <a href="mailto:<?php echo myobfiscate('[email protected]'); ?>"
title="Email me!"><?php echo myobfiscate('[email protected]');?> </a>

Then examine your source, you'll be pleasantly surprised!

祁梦 2024-07-13 18:23:54

我不会打扰——这是在错误的层面上进行垃圾邮件战争。 特别是对于公司网站,我认为如果页面上除了带有 mailto 超链接的直接文本之外还有其他内容,那么事情看起来会非常不专业。

垃圾邮件如此之多,无论如何你都需要良好的过滤,而且任何机器人最终都会理解所有常见的技巧。

I wouldn't bother -- it is fighting the SPAM war at the wrong level. Particularly for company web sites I think it makes things look very unprofessional if you have anything other than the straight text on the page with a mailto hyperlink.

There is so much spam flying around that you need good filtering anyway, and any bot is going end up understanding all the common tricks anyway.

妳是的陽光 2024-07-13 18:23:54

HTML:

<a href="#" class="--mailto--john--domain--com-- other classes goes here" />

JavaScript,使用 jQuery

// match all a-elements with "--mailto--" somehere in the class property
$("a[class*='--mailto--']").each(function ()
{
    /*
    for each of those elements use a regular expression to pull
    out the data you need to construct a valid e-mail adress
    */
    var validEmailAdress = this.className.match();

    $(this).click(function ()
    {
        window.location = validEmailAdress;
    });
});

HTML:

<a href="#" class="--mailto--john--domain--com-- other classes goes here" />

JavaScript, using jQuery:

// match all a-elements with "--mailto--" somehere in the class property
$("a[class*='--mailto--']").each(function ()
{
    /*
    for each of those elements use a regular expression to pull
    out the data you need to construct a valid e-mail adress
    */
    var validEmailAdress = this.className.match();

    $(this).click(function ()
    {
        window.location = validEmailAdress;
    });
});
叫思念不要吵 2024-07-13 18:23:54

Spambot 不会解释这一点,因为这是一种鲜为人知的方法:)

首先,定义 css:

email:before {
    content: "admin";
}

email:after {
    content: "@example.com";
}

现在,无论您想在何处显示电子邮件,只需插入以下 HTML:

<div id="email"></div>

嗯!

Spambots won't interpret this, because it is a lesser-known method :)

First, define the css:

email:before {
    content: "admin";
}

email:after {
    content: "@example.com";
}

Now, wherever you want to display your email, simply insert the following HTML:

<div id="email"></div>

And tada!

作业与我同在 2024-07-13 18:23:54

我使用 CSS 和 jQuery 的一个非常简单的组合,它可以向用户正确显示电子邮件地址,并且在单击或悬停锚点时也可以工作:

HTML:

<a href="mailto:[email protected]" id="lnkMail">moc.elpmaxe@em</a>

CSS:

#lnkMail {
    unicode-bidi: bidi-override;
    direction: rtl;
}

jQuery:

$('#lnkMail').hover(function(){
    // here you can use whatever replace you want
    var newHref = $(this).attr('href').replace('spam', 'com');
    $(this).attr('href', newHref);
});

这里是一个工作示例。

I use a very simple combination of CSS and jQuery which displays the email address correctly to the user and also works when the anchor is clicked or hovered:

HTML:

<a href="mailto:[email protected]" id="lnkMail">moc.elpmaxe@em</a>

CSS:

#lnkMail {
    unicode-bidi: bidi-override;
    direction: rtl;
}

jQuery:

$('#lnkMail').hover(function(){
    // here you can use whatever replace you want
    var newHref = $(this).attr('href').replace('spam', 'com');
    $(this).attr('href', newHref);
});

Here is a working example.

你穿错了嫁妆 2024-07-13 18:23:54

我不打扰。 你只会惹恼老练的用户并使不老练的用户感到困惑。 正如其他人所说,Gmail 为个人/小型企业域提供了非常有效的垃圾邮件过滤器,而企业过滤器通常也非常好。

I don't bother. You'll only annoy sophisticated users and confuse unsophisticated users. As others have said, Gmail provides very effective spam filters for a personal/small business domain, and corporate filters are generally also very good.

情域 2024-07-13 18:23:54

隐藏电子邮件地址的最佳方法只有在机器人程序员发现这种“编码”并实现解密算法之前才有效。

JavaScript选项不会工作太久,因为有很多爬虫解释JavaScript。

没有答案,恕我直言。

The best method hiding email addresses is only good until bot programmer discover this "encoding" and implement a decryption algorithm.

The JavaScript option won't work long, because there are a lot of crawler interpreting JavaScript.

There's no answer, imho.

北凤男飞 2024-07-13 18:23:54

!- 添加此内容作为参考,不知道这些信息可能有多过时,但它讲述了一些不需要使用任何脚本的简单解决方案

在我自己搜索后,我发现了此页面,但也发现了这些页面:

http://nadeausoftware.com/articles/2007/05/stop_spammer_email_harvesters_obfuscating_email_addresses

尝试反转emailadress

示例纯 HTML:

<bdo dir="rtl">moc.elpmaxe@nosrep</bdo>
Result : [email protected]

使用 CSS 实现相同效果

CSS:
.reverse { unicode-bidi:bidi-override; direction:rtl; }
HTML:
<span class="reverse">moc.elpmaxe@nosrep</span>
Result : [email protected]

将其与前面提到的任何方法相结合甚至可能会使其更有效

!- Adding this for reference, don't know how outdated the information might be, but it tells about a few simple solutions that don't require the use of any scripting

After searching for this myself i came across this page but also these pages:

http://nadeausoftware.com/articles/2007/05/stop_spammer_email_harvesters_obfuscating_email_addresses

try reversing the emailadress

Example plain HTML:

<bdo dir="rtl">moc.elpmaxe@nosrep</bdo>
Result : [email protected]

The same effect using CSS

CSS:
.reverse { unicode-bidi:bidi-override; direction:rtl; }
HTML:
<span class="reverse">moc.elpmaxe@nosrep</span>
Result : [email protected]

Combining this with any of earlier mentioned methods may even make it more effective

幻梦 2024-07-13 18:23:54

一种简单的解决方案是使用 HTML 实体而不是实际字符。
例如,“[email protected]”将转换为:

<a href="mailto:me@example.com">email me</A>

One easy solution is to use HTML entities instead of actual characters.
For example, the "[email protected]" will be converted into :

<a href="mailto:me@example.com">email me</A>
鲸落 2024-07-13 18:23:54

我对类似问题的回复

我使用 CSS 和 jQuery 的一个非常简单的组合来显示
向用户正确发送电子邮件地址,并且在锚点打开时也能正常工作
点击:

HTML:

[电子邮件受保护]" id="lnkMail">moc.elpmaxe@em; 
  

CSS:

<前><代码>#lnkMail {
unicode-bidi:双向覆盖;
方向:rtl;
}

jQuery:

$('#lnkMail').hover(function(){ 
    // 这里你可以使用任何你想要的替换 
    var newHref = $(this).attr('href').replace('spam', 'com'); 
    $(this).attr('href', newHref); 
  }); 
  

这里是一个工作示例。

A response of mine on a similar question:

I use a very simple combination of CSS and jQuery which displays the
email address correctly to the user and also works when the anchor is
clicked:

HTML:

<a href="mailto:[email protected]" id="lnkMail">moc.elpmaxe@em</a>

CSS:

#lnkMail {
  unicode-bidi: bidi-override;
  direction: rtl;
}

jQuery:

$('#lnkMail').hover(function(){
  // here you can use whatever replace you want
  var newHref = $(this).attr('href').replace('spam', 'com');
  $(this).attr('href', newHref);
});

Here is a working example.

转身泪倾城 2024-07-13 18:23:54

这是我的工作版本:


在某处创建一个带有后备文本的容器:

<div id="knock_knock">Activate JavaScript, please.</div>

并在 DOM 的底部(关于渲染)添加以下代码片段:

<script>
  (function(d,id,lhs,rhs){
    d.getElementById(id).innerHTML = "<a rel=\"nofollow\" href=\"mailto"+":"+lhs+"@"+rhs+"\">"+"Mail"+"<\/a>";
  })(window.document, "knock_knock", "your.name", "example.com");
</script>

它将生成的超链接添加到指定的容器:

<div id="knock_knock"><a rel="nofollow" href="[email protected]">Mail</a></div>

此外,这里是一个缩小版本:

<script>(function(d,i,l,r){d.getElementById(i).innerHTML="<a rel=\"nofollow\" href=\"mailto"+":"+l+"@"+r+"\">"+"Mail"+"<\/a>";})(window.document,"knock_knock","your.name","example.com");</script>

Here is my working version:


Create somewhere a container with a fallback text:

<div id="knock_knock">Activate JavaScript, please.</div>

And add at the bottom of the DOM (w.r.t. the rendering) the following snippet:

<script>
  (function(d,id,lhs,rhs){
    d.getElementById(id).innerHTML = "<a rel=\"nofollow\" href=\"mailto"+":"+lhs+"@"+rhs+"\">"+"Mail"+"<\/a>";
  })(window.document, "knock_knock", "your.name", "example.com");
</script>

It adds the generated hyperlink to the specified container:

<div id="knock_knock"><a rel="nofollow" href="[email protected]">Mail</a></div>

In addition here is a minified version:

<script>(function(d,i,l,r){d.getElementById(i).innerHTML="<a rel=\"nofollow\" href=\"mailto"+":"+l+"@"+r+"\">"+"Mail"+"<\/a>";})(window.document,"knock_knock","your.name","example.com");</script>
习惯成性 2024-07-13 18:23:54

一个巧妙的技巧是在 div 中包含单词 Contact,并且仅当用户将鼠标移到其上时才显示电子邮件地址。 电子邮件可以进行 Base64 编码以提供额外的保护。

就是这样:

<div id="contacts">Contacts</div>

<script>
  document.querySelector("#contacts").addEventListener("mouseover", (event) => {
    // Base64-encode your email and provide it as argument to atob()
    event.target.textContent = atob('aW5mb0BjbGV2ZXJpbmcuZWU=')
  });
</script>

A neat trick is to have a div with the word Contact and reveal the email address only when the user moves the mouse over it. E-mail can be Base64-encoded for extra protection.

Here's how:

<div id="contacts">Contacts</div>

<script>
  document.querySelector("#contacts").addEventListener("mouseover", (event) => {
    // Base64-encode your email and provide it as argument to atob()
    event.target.textContent = atob('aW5mb0BjbGV2ZXJpbmcuZWU=')
  });
</script>
無心 2024-07-13 18:23:54

唯一最安全的方法当然是首先不要将电子邮件地址放在网页上。

The only safest way is of course not to put the email address onto web page in the first place.

鹿港巷口少年归 2024-07-13 18:23:54

请改用联系表格。 将所有电子邮件地址放入数据库中,并创建一个 HTML 表单(主题、正文、发件人...),提交用户在表单中填写的电子邮件内容(以及用于在数据库中查找该人的电子邮件地址)到服务器端脚本,然后该脚本将电子邮件发送给指定的人。 电子邮件地址在任何时候都不会被暴露。 您可能还想实施某种形式的验证码来阻止垃圾邮件机器人。

Use a contact form instead. Put all of your email addresses into a database and create an HTML form (subject, body, from ...) that submits the contents of the email that the user fills out in the form (along with an id or name that is used to lookup that person's email address in your database) to a server side script that then sends an email to the specified person. At no time is the email address exposed. You will probably want to implement some form of CAPTCHA to deter spambots as well.

俏︾媚 2024-07-13 18:23:54

可能有机器人将 [at] 和其他伪装为 @ 符号识别。 所以这并不是一个真正有效的方法。

当然,您可以使用一些编码,例如 URL 编码或 HTML 字符引用(或两者):

// PHP example
// encodes every character using URL encoding (%hh)
function foo($str) {
    $retVal = '';
    $length = strlen($str);
    for ($i=0; $i<$length; $i++) $retVal.=sprintf('%%%X', ord($str[$i]));
    return $retVal;
}
// encodes every character into HTML character references (&#xhh;)
function bar($str) {
    $retVal = '';
    $length = strlen($str);
    for ($i=0; $i<$length; $i++) $retVal.=sprintf('&#x%X;', ord($str[$i]));
    return $retVal;
}

$email = '[email protected]';
echo '<a href="'.bar('mailto:?to=' . foo(','.$email.'')).'">mail me</a>';

// output
// <a href="mailto:?to=%2C%75%73%65%72%40%65%78%61%6D%70%6C%65%2E%63%6F%6D">mail me</a>

但由于使用它们是合法的,因此每个浏览器/电子邮件客户端也应该处理这些编码。

There are probably bots that recognize the [at] and other disguises as @ symbol. So this is not a really effective method.

Sure you could use some encodings like URL encode or HTML character references (or both):

// PHP example
// encodes every character using URL encoding (%hh)
function foo($str) {
    $retVal = '';
    $length = strlen($str);
    for ($i=0; $i<$length; $i++) $retVal.=sprintf('%%%X', ord($str[$i]));
    return $retVal;
}
// encodes every character into HTML character references (&#xhh;)
function bar($str) {
    $retVal = '';
    $length = strlen($str);
    for ($i=0; $i<$length; $i++) $retVal.=sprintf('&#x%X;', ord($str[$i]));
    return $retVal;
}

$email = '[email protected]';
echo '<a href="'.bar('mailto:?to=' . foo(','.$email.'')).'">mail me</a>';

// output
// <a href="mailto:?to=%2C%75%73%65%72%40%65%78%61%6D%70%6C%65%2E%63%6F%6D">mail me</a>

But as it is legal to use them, every browser/e-mail client should handle these encodings too.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文