有哪些方法可以保护网站上的电子邮件免受垃圾邮件机器人的侵害?
我正在创建一个面向公共互联网的网站,其中包含其销售人员的电子邮件地址。
我需要什么样的编程选项来生成“mailto”并显示来自该地址的电子邮件,但限制垃圾邮件机器人获取该地址?
I'm creating a public internet facing website which contains the email address of their salespeople.
What kind of programming options do I have to generate the "mailto" and display the email from that address but limit the spambots from picking up the address?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(14)
Recaptcha 具有出色的基于捕获的电子邮件保护。 您可以使用网站反馈链接在我的网站的任何页面底部看到它的实施。
Recaptcha has an excellent capture based email protection. You can see it implemented at the bottom of any page in my website using the Site Feedback link.
我知道 Facebook 通过显示图像而不是文本来实现这一点。 当然,他们可以在图像上使用 OCR,但为什么只需要一个电子邮件地址呢?
如果您确实不希望垃圾邮件机器人获取电子邮件地址,最好的方法就是永远不要向任何人展示。 显示“联系此人”的链接,该链接将显示一个表格。 在服务器端,将该表单的内容发送给收件人,并回复发件人的电子邮件地址。 在邮件底部添加一个小简介:“如果这封电子邮件是垃圾邮件,请‘单击此处’阻止该用户”,这将阻止发件人的 IP。 我曾多次使用过这种方法,但从未有过任何抱怨。
I know that Facebook does it by displaying an image instead of text. Sure, they could use OCR on the image, but why bother for just one email address?
If you really didn't want spam bots to get an email address, the best way is to never show it to anyone. Show a link to "Contact this person" which brings up a form. On the server side, send the contents of that form to the recipient, with a reply-to of the sender's email address. Include a little blurb at the bottom of their message that "if this email is spam, please 'click here' to block this user", which will then block the IP of the sender. I've used this method on a number of occasions and have never had a single complaint.
您可以混淆它,但恕我直言,无论您做什么,总有一天垃圾邮件发送者会得到您的电子邮件地址。 未来在于垃圾邮件过滤器,而不是试图对电子邮件地址保密。
You can obfuscate it but IMHO whatever you do, one day spammers will get your email address. The future is in spam filters, not trying to keep email addresses secret.
我过去所做的是使用 javascript 构建 mailto: 链接。 这对用户来说很好,因为他们只需单击链接即可,而且我还不知道有任何垃圾邮件机器人会花时间执行 javascript。
我想我是从 Jakob Nielsen 的 useit.com 网站得到这个想法的。
在页面标题中,我有这段 javascript:
告诉它在页面加载时加载它:
然后在页面正文中我放置了一个指向垃圾邮件陷阱的链接:
What I have done in the past is use javascript to build the mailto: link. This is nice for the users because they can just click on the link and I don't know of any spambots that take the time to execute javascript yet.
I think I got the idea from Jakob Nielsen's useit.com website.
In the page header I have this piece of javascript:
Tell it to load it when the page loads:
And then in the body of the page I put a link to a spamtrap:
如果这不是静态 HTML 页面,而是 ASP.NET、JSP、Coldfusion 或 PHP 页面,那么您可以有一个下拉框,其中包含所有销售人员的列表、一个用于评论的文本框以及一个“联系我们” “(即提交按钮)。 单击该按钮时,它将调用服务器端代码,该代码创建电子邮件并将其发送到本地邮件服务器进行传递。 外界永远不会知道您销售人员的电子邮件地址,也不会知道电子邮件格式(即
If this is not a static HTML page, but a ASP.NET, JSP, Coldfusion, or PHP page then you could have a drop down box with a list of all your sales people, a text box for comments, and a "Contact Us" (ie, Submit button). When the button is clicked, it will call a server-side code which creates the email and sends it to your local mail server for delivery. The outside world will never know the email address of your sales people, nor the email format (ie, [email protected]) of your company.
看看 PrivateDaddy - 我认为它完全满足您的需求:全自动、不引人注目的电子邮件伪装,甚至可以在禁用 JavaScript 支持的浏览器上使用。 您可以在此处获取它(当然免费)
Have a look at PrivateDaddy - I think it does exactly what you're looking for: fully automatic, unobtrusive email cloaking that even works with browsers where JavaScript support is disabled. You can get it here (free of course)
我有一个解决方案,嗯,更多的是一个理论。
问题是,机器人解析页面。 他们可以获得文本。 即使它被放置
通过 Javascript 以某种复杂的方式进入页面。
所以,只有你CSS3伪元素! 它不会是一个链接,但您的电子邮件将是可见的,并且永远不会是实际的文本。 像这样的东西:
再说一遍,这是一个理论,我不知道这些邪恶的人能走多远才能得到它,但我认为这是相当安全的。
更新(7 月 19 日)
我现在认为这不是问题,因为电子邮件服务器已经变得擅长过滤垃圾邮件,并且没有理由制定任何复杂的技巧来“保护”网页上的电子邮件文本。
I have a solution, well, more of a theory.
Problem is, the bots parse the page. they can get the text. even if it's being put
into the page in some sophisticated way through Javascript.
So, just you CSS3 pseudo element! it won't be a link, but your email will be visible, and will never be an actual text. something like this:
Again, it's a theory, I've no idea how far these evil people can go to get it, but I think this be pretty safe.
Update (JULY 19')
I now in the opinion this isn't a problem since email servers have become good at filtering spam and there's no reason to make any elaborate tricks to "protect" email text on webpages.
您可以使用电子邮件等混淆
You can use something like email obfuscation
这是一个难题。 如果您发布的电子邮件可以被网络浏览器解析并可点击,那么它就可以被垃圾邮件机器人解析。 如果它不可点击(例如,如果它是图像),则对用户来说会更困难。 一方面是为用户提供完美、无缝的体验,另一方面是完美的垃圾邮件拦截。 不过,使用简单的 CSS 或 javascript 将电子邮件地址作为单独的标记通常总比没有好。
This is a difficult problem. If you post an e-mail such that it can be parsed by a web browser so that it's clickable, then it can be parsed by a spambot. If it's not clickable (e.g. if it's an image), it's more difficult for users. On one side is perfect, seamless experience for users and on the other side is perfect spam-blocking. A simple CSS or javascript to take in an email address as separate tokens is usually better than nothing, though.
您只能显示电子邮件地址的一部分“[电子邮件受保护]”作为重定向到验证码的链接,然后像 Google 网上论坛一样显示完整的电子邮件地址。
You could only show a part of the e-mail address "[email protected]" as a link that redirects to a captcha, then display the full e-mail address like Google Groups does.
我们曾经对电子邮件地址使用经典的 ASP 字符串 cat,其伟大的想法是垃圾邮件机器人读取源代码,但不解析服务器端代码。 我不知道这是否真的有效。
We used to do classic ASP string cat for email addresses, the grand idea being that spambots read source, but don't parse server-side code. I have NO idea if that actually works.
我写的东西对你有用吗?
http://kevin-le.appspot.com/viewSource/sourceShare/asmRevealer。 js
...您可以在这里看到演示:
http://kevin- le.appspot.com/extra/contact
它与 mailto 一起使用,因此对用户来说很方便,但垃圾邮件机器人将无法满足您的要求。 一旦您花 1 分钟查看演示,就会很明显。
Would something that I wrote work for you?
http://kevin-le.appspot.com/viewSource/sourceShare/asmRevealer.js
...and you could see the demo here:
http://kevin-le.appspot.com/extra/contact
It works with mailto, so it's convenient for users, but spambots won't be able to pick up which is your requirements. It'll be obvious once you spend 1 minute looking at the demo.
我也遇到了同样的问题,我想出了一个快速但有效的方法来帮助我的网站解决问题。
基本上,机器人只是读取网页内容,但 99.999% 的情况下它们不会触发事件,这需要大量的奉献和工作,而黑客通常不会做这些事情,以支持更大的数字和更快的效果。
所以我想出了这个功能:
这对我有用,我希望它也能帮助你。
I got the same problem too and i came up with a quick but effective method to help my website out.
Basically bots just read the content of the web page but in 99.999% they do not trigger events, it would require a great amount of dedication and work, things hacker don't usually do in favor of bigger numbers and quicker effects.
So i came up with this function:
This worked for me i hope it can help you too.
我看到 mailto: 协议几乎已经死了......它很方便,但太容易解析和收集。
另外,它也有其缺点:如果您在网吧,它将无法工作,因为它会调用它拥有的任何默认电子邮件客户端(如果有的话!)并且它没有在您的帐户上设置。 如果您专门使用在线电子邮件管理器,则相同...
一个可能的解决方法是装饰电子邮件,依靠用户输入或更正它们:foo (at) example.com 或 [email protected] 是常见方案(希望垃圾邮件发送者不会尝试破译这些常见的方案!),图形电子邮件地址是另一种方式。
或者,正如所指出的,如果可以的话,最好的选择是有一个联系表格,其中
I see the mailto: protocol almost dead anyway... It is convenient, but too easy to parse and gather.
Plus it has its downsides: if you are on a Web cafe, it won't work because it will call whatever default e-mail client it has (if it has any!) and it is not set up on your account. Same if you use exclusively online e-mail managers...
A possible workaround is to decorate e-mails, relying on users to type or correct them: foo (at) example.com or [email protected] are common schemes (hoping spammers doesn't try to decipher these common schemes!), graphical e-mail addresses are another way.
Or, as pointed out, if you can, the best option is to have a contact form, with some reasonable form of protection against robots, that would be usable from everywhere. Although people might be defiant on forms asking for e-mails (for response!), so a disclaimer might be useful too... :-)