混淆网站上电子邮件地址的最佳方法?
过去几天我一直在更新我的个人网站。 我个人网站的网址是(我的名字).(我的姓氏).com,因为我的姓氏比较不寻常,所以我很幸运地选择了这个域名。 我的电子邮件地址是(我的名字)@(我的姓氏).com。 所以说真的,当谈到猜测时,这并不是很难。
无论如何,我想将 mailto: 链接集成到我的网站中,以便人们可以联系我。 而且,尽管我的电子邮件地址不太难猜,但我宁愿不让垃圾邮件机器人收集它,这些机器人只是在网站上抓取电子邮件地址模式并将其添加到数据库中。
对我来说,混淆我的电子邮件地址的最佳方法是什么(最好是链接形式)? 我所知道的方法是:
<a href="mailto:[email protected]">e-mail me</a>
它有效,但这也意味着一旦我的网站点击谷歌,我就会涉足垃圾邮件,因为垃圾邮件机器人很容易找出我的电子邮件地址。
<img src="images/e-mail.png" />
这是不太理想的,因为访问者不仅无法单击它向我发送电子邮件,而且更聪明的垃圾邮件机器人可能能够检测到图像包含的字符。
我知道可能没有完美的解决方案,但我只是想知道每个人都认为最好的解决方案。 如有必要,我绝对愿意使用 JavaScript,因为我的网站已经使用了大量 JavaScript。
I've spent the past few days working on updating my personal website. The URL of my personal website is (my first name).(my last name).com, as my last name is rather unusual, and I was lucky enough to pick up the domain name. My e-mail address is (my first name)@(my last name).com. So really, when it comes down to guessing it, it's not very hard.
Anyways, I want to integrate a mailto: link into my website, so people can contact me. And, despite my e-mail address not being very hard to guess, I'd rather not have it harvested by spam bots that just crawl websites for e-mail address patterns and add them to their database.
What is the best way for me to obfuscate my e-mail address, preferably in link form? The methods I know of are:
<a href="mailto:[email protected]">e-mail me</a>
It works, but it also means that as soon as my website hits Google, I'll be wading through spam as spam bots easily pick out my e-mail address.
<img src="images/e-mail.png" />
This is less desirable, because not only will visitors be unable to click on it to send me an e-mail, but smarter spam bots will probably be able to detect the characters that the image contains.
I know that there is probably no perfect solution, but I was just wondering what everyone thought was best. I'm definitely willing to use JavaScript if necessary, as my website already makes use of tons of it.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(27)
我将字符编码为 HTML 实体(类似这样的)。 它不需要启用 JS,并且似乎已经阻止了大部分垃圾邮件。 我想智能机器人可能仍然会收获它,但我没有遇到任何问题。
I encode the characters as HTML entities (something like this). It doesn't require JS to be enabled and seems to have stopped most of the spam. I suppose a smart bot might still harvest it, but I haven't had any problems.
就我个人而言,我已经放弃隐藏我的电子邮件地址。 我发现寻找更好的垃圾邮件过滤解决方案比担心混淆更容易。 您可能会花费数天时间试图找到混淆您的地址的最佳方法,然后只需一个人将您的地址出售给垃圾邮件发送者,所有这些工作都是无用的。
Personally, I've given up on hiding my email address. I find it easier to look into better spam-filtering solutions than worry about obfuscating. You could spend days trying to find the best way to obfuscate your address, and then all it takes is one person to sell your address to a spammer and all that work was useless.
当前接受的解决方案是创建一个联系表单,允许用户向您发送电子邮件。 如果您从中收到大量垃圾邮件(我的网站上没有),那么您可以添加验证码以进行良好的衡量,此时您将远离“容易实现的目标”。
事实是,如果您提供一个链接,用户可以单击该链接来弹出他们的电子邮件客户端,并在“收件人:”字段中输入您的地址,那么计算机就能够从页面中破译电子邮件地址,因此可以垃圾邮件机器人。
The current accepted solution is to create a contact form that allows users to email you. If you receive a lot of spam from that (I don't on my site), then you can add a captcha for good measure, and you'll be far from the "low hanging fruit" at that point.
The fact of the matter is that if you are providing a link that a user can click on to pop open their email client with your address in the To: field, then the computer is able to decipher the email address from the page and so can a spam bot.
您提到这是您的个人网站。 在我的个人网站(例如,bobsomers.com)上,我只有一段这样说:
人们似乎能够很好地解决这个问题,因为我一直收到合法的电子邮件。 有时最好的解决方案不需要编写任何代码。 :)
You mentioned this is for your personal website. On my personal site (for example, bobsomers.com) I just have a paragraph that says this:
People seem to be able to figure that out just fine, as I get legitimate email all the time. Sometimes the best solutions don't require writing any code. :)
混淆锚点的
href
的一种轻量级方法是对其进行 base64 编码:然后将其硬编码:
或者动态地添加到服务器端,例如在 PHP 中:
与字符串反转相结合,它可能会成为相当垃圾邮件 -节省:
A lightweight way to obfuscate the
href
of an anchor is to base64-encode it:And then include it hardcoded:
Or dynamically server-side e.g. in PHP:
In combination with string reversion it could be pretty spam-save:
显然 使用 CSS 来更改文本的方向效果很好。 该链接还测试了许多其他混淆方法。
无论你使用什么,都不可避免地会被击败。 您的主要目标应该是避免惹恼用户。
Apparently using CSS to change the direction of your text works pretty well. That link has a test of a bunch of other obfuscation methods as well.
Whatever you use is inevitably going to be defeated. Your primary aim should be to avoid annoying the heck out of your users.
不要在这里使用任何混淆技术,因为这可能是电子邮件收集者首先要查找的地方,以找出人们如何混淆电子邮件。 如果您必须在网站上显示您的电子邮件地址,请不要只是逐字复制别人的方法;而应该这样做。 以其他网站未使用过的某种独特方式对其进行混淆,以便收割者在访问您的网站之前不会知道您的方法。
Don't use any obfuscation techniques here because it's probably the first place the email harvesters will look to find out how people are obfuscating emails. If you have to have your email address visible on the site don't just copy verbatim someone else's method; obfuscate it in some unique way that no other site has used so that your method won't be known to harvesters before they visit your site.
我的其实很简单:
mine is actually simple:
我维护的一个网站使用了一种有点简单的 JavaScript 方法来(希望)阻止垃圾邮件机器人。
电子邮件链接调用 JS 函数:
为了确保只有启用了 JS 的用户才能看到该链接,请这样写出:
使用一个 JS 函数写出调用另一个 JS 函数的链接意味着有两层保护。
One website I maintain uses a somewhat simplistic JavaScript means of (hopefully) keeping spambots out.
Email links call a JS function:
To make sure only users who have JS enabled can see the link, write them out with this:
The use of one JS function to write out a link that calls another means that there are two layers of protection.
您可以像 Google 在 Google 代码(和群组)上所做的那样。 显示电子邮件的正文和可点击部分(“...”)。 单击表示您想了解该电子邮件,系统会要求您填写验证码。 之后,您就可以看到该电子邮件(以及其他?)。
You could do as Google do on Google Code (and Groups). Display a par tof the email, and a clickable portion ("..."). Clicking that indicates you want to know the email, and you are asked to fill in a captcha. Afterwards the email (and others?) are visible to you.
正如上面的发帖者所说,我还使用 jottings 网站 中的 JavaScript 混淆。
该网页生成一些可以改进的 JavaScript。
mailto:
文本字符串是清晰的并且可以被机器人识别(机器人可以发现这个并取消混淆该字符串),但是如果用户在 jottings.com 网页中输入一个形式的电子邮件地址mailto:[电子邮件受保护]
而不是< a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="432227273103302a37266d372f27">[email protected]
,然后删除文本mailto :
从生成的 JavaScript 中,人们突然发现一些 JavaScript 看起来与电子邮件根本没有任何关系 - 只是网络上充斥着的随机 JavaScript。 人们可以通过删除链接文本来进一步改进这一点 - 我用我的电子邮件地址的图像替换了我的链接文本,该图像的字体相当模糊。 然后,为了防止 jottings.com 上的这种方法变得流行,我随机化了输出 JavaScript 中的变量名称,以使机器人很难发现 jottings 生成的 JavaScript 代码的实例。显然,其中一些改进可以内置到笔记本身的机制中,并且由于代码是公开可用的,这将相对容易。
一个例子可能会让这一点更清楚一些。 我在上面的链接中使用了 Jottings Obfuscator 来模糊
mailto:[email protected]
(请注意,我通过输入字符串mailto:[电子邮件受保护]
而不是[email protected]
),其中包含文本“发送电子邮件”,其中的笔记变成了这样的 Javascript:在我取回该内容后,我将其粘贴到编辑器中并:
mailto:
我最终得到以下结果:
As a poster above said, I also use JavaScript obfuscation from the jottings website.
The web page generates some JavaScript which can be improved on. The
mailto:
text string is in the clear and identifiable by robots (which could spot this and unobfuscate this string), but if one enters into the jottings.com webpage an email address of the formmailto:[email protected]
instead of[email protected]
and then removes the textmailto:
from the JavaScript that is generated, one suddenly has some JavaScript that does not look as though it has anything to do with email at all - just random JavaScript of which the web is full. One can improve this still further by getting rid of the link text - I replaced mine by an image of my email address that is in a fairly obscure font. Then just in case this method on jottings.com becomes popular, I randomized the variable names in the output JavaScript to make it hard for a robot to spot an instance of jottings generated JavaScript code.Obviously some of these improvements could be built into the mechanism on jottings itself, and since the code is openly available this would be relatively easy.
An example may make this a bit more clear. I used the Jottings Obfuscator at the link above to obscure
mailto:[email protected]
(note I am cheating on the original intent of the jottings website by entering the stringmailto:[email protected]
instead of[email protected]
) with text "Send Me Email", which jottings turned into this Javascript:After I get that back, I paste it into an editor and:
mailto:
I end up with this:
我不知道这会有多好。 您能否不保留您的电子邮件地址,并在页面加载完成后使用 AJAX 调用来加载它? 不确定垃圾邮件机器人是否可以拾取更改后的 HTML,或者它们是否足够聪明,可以侦听其他 HTTP 流量以尝试选择电子邮件地址,或者它们是否只是在第一次收到页面时扫描页面。
I don't how well this would work. Could you not leave your email address out and make it load using an AJAX call once the page has finished loading. Not sure if spam bots can pick up the altered HTML or if they are clever enough to listen on other HTTP traffic to try and pick email addresses or if they just scan the page as it is received the first time.
一个人测试了在页面上呈现电子邮件地址的九种不同方式,然后在他的博客上发布了结果。
他的三个最好的方法是:
警告 - 这是两年前发布的。 垃圾邮件机器人可能变得更加聪明。
One guy tested nine different ways of presenting an email address on a page and then published results on his blog.
His three best ways were:
Caveat -- this was posted two years ago. Spam bots might've gotten smarter.
我同意 @srobinson 的观点,即使用在线表单编码 HTML 实体似乎有点可疑。 几行 Python (3.6+) 就可以为您完成:
尝试一下:
I agree with @srobinson in that using an online form for encoding to HTML entities seems a little shady. A few lines of Python (3.6+) will do it for you:
Trying that out:
如果您使用 PHP,您可以获取一个自动执行此操作的免费脚本。 它被称为“Private Daddy”,我们将其用于我们自己的在线音频流服务。 只需一行代码即可开箱即用...您可以在此处获取它
If you work with PHP, you can grab a free script that does that automatically. It's called "Private Daddy" and we use it for our own online audio streaming service. Just one line of code and it works out of the box... you can grab it here
另一种方法是使用 JavaScript 框架并将数据/模型绑定到 HTML 元素。 对于 AngularJS,HTML 元素将写为:
插值 {{data}} 绑定使用包含实际电子邮件值的作用域变量。 此外,还可以使用过滤器来处理电子邮件的解码,如下所示:
好处在于 HTML 的编写方式。 缺点是它需要脚本支持,而有些人对此可能不支持。
只是另一种方法。
Another approach could be by using a JavaScript framework and binding the data/model to the HTML elements. In the case of AngularJS, the HTML elements would be written as:
The interpolation {{data}} binding uses a scope variable that contains the actual email value. In addition, a filter could also be used that handles the decoding of the email as follows:
The benefits are in the way the HTML is written. The downside is that it requires scripting support which some for may be a no no.
just another approach.
使用 JQuery,但如果需要,可以轻松移植到纯 JS。 将采用以下 HTML 块。 我提供的这个示例也适用于电话呼叫的
tel:
链接。并使用 Javascript 将其转换为正确的链接。
我在这里更详细地记录了它 https://trajano.net/2017/01/ obfuscating-mailto-links/
反/混淆算法非常简单,因此编写起来也不太费力(不需要 Base64 解析)
Using JQuery, but can easily be ported to plain JS if needed. Will take the following HTML block. This example I provided is also for
tel:
links for phone calls.and convert it to the proper links using Javascript.
I documented it in more detail here https://trajano.net/2017/01/obfuscating-mailto-links/
The de/obfuscation algorithm is pretty simple so its not too taxing to write either (no need for base64 parsing)
Ajax调用解决方案
最好是在网站上有一个表单而不是显示电子邮件地址,因为所有机器人都在日复一日地变得更加智能,但是如果您需要在网站上显示电子邮件地址,那么,您可以使用ajax 在您的服务器上调用,并在单击时显示它。
HTML
或
jQuery
PHP
为了提高安全性,您可以将
.on
更改为.one
像这样$(document).one('click', '.obfmail', function(e) {
甚至使用 PHP 生成的令牌,您在 ajax 调用中传递到数据中,以接受仅调用一次 ajax 函数,如下所示:html:
jquery:
。
。
The Ajax call solution
The best is to have a form on the website and not to show email address, because all robots are more intelligent day after day, but if you need to show email address on the website, so, you can make it with ajax call on your server, and show it on click.
HTML
or
jQuery
PHP
For more security, you can change
.on
by.one
like this$(document).one('click', '.obfmail', function(e) {
or even work with a PHP generated token that you pass into data on ajax call, to accept only one call of the ajax function like this :html:
<a class="obfmail" href="#" rel="info" token="w3487ghdr6rc">
jquery:
.
.
老实说,如果您询问 mailto 是否真的是您想要使用的问题,那么您的问题可能没有实际意义。 例如,许多使用网络邮件或在浏览器中没有正确设置邮件客户端的人将无法从 mailto 中受益。 您暴露了您的电子邮件地址,但该功能不适用于大部分用户。
相反,您可以做的是使用表格在后台发送电子邮件,以便隐藏电子邮件地址,并且您不必担心那些可怜的笨蛋无法从 mailto 中受益。
Honestly, your problem may be moot if you asked the question of whether or not a mailto is really what you want to use. A lot of people who use web mail, for example, or do not have the proper mail client setup in their browser are not going to benefit from a mailto. You are exposing your email address for a function that isn't going to work for a large portion of your users.
What you could do instead is use a form to send the e-mail behind the scenes so that the e-mail address is hidden and you don't have to worry about the poor saps who won't benefit from a mailto.
如果您在网站上说“我的电子邮件地址是(我的名字)@(我的姓氏).com”,并且您的名字和姓氏非常明显,那么这似乎是最好的垃圾邮件防护你会得到的。
If you say on your site that "My e-mail address is (my first name)@(my last name).com.", and your first name and last name are pretty darn obvious, that seems to be the best spam protection you're going to get.
如果有人使用 Rails,他们可以使用
actionview-encoded_mail_to
gem。 (https://github.com/reed/actionview-encoded_mail_to)有几个选项:
If anyone's using Rails, they can use the
actionview-encoded_mail_to
gem. (https://github.com/reed/actionview-encoded_mail_to)There are a few options:
由于这个解决方案没有在任何地方提到,但对我来说效果很好:
我这样做:
创建一个带有虚假电子邮件的mailto链接。 我喜欢 [email protected],原因很明显:垃圾邮件发送者可能会向自己的僵尸网络发送垃圾邮件在未选中的情况下使用此地址时。
加密真实的电子邮件地址并将其放入不相关但可找到的隐藏范围或您喜欢的任何元素中。 显然是为了混淆电子邮件并将其隐藏起来,不让收割者发现。 根据您的项目结构,您甚至可能希望将其放入 JS 或 Session 变量中。
在一秒钟后为这些链接创建一个点击处理程序,解密并将正确的电子邮件地址写入虚假的 mailto 链接,而不阻止默认设置。
我不认为爬虫会点击 mailto 链接,但如果它们愿意,它们可能不会等待一秒钟,而人类必须非常快地在页面加载后的第一秒内点击链接。
现在您有了一个功能齐全但混乱、受蜜罐控制且有时间保护的 mailto 链接。
工作示例 php 文件:
愿代码与您同在。
Since this solution is not mentioned anywhere, but works well for me:
I do this:
create a mailto link with fake email. I like [email protected] for obvious reasons: Spammer might spam his own botnet when using this address unchecked.
cypher real email address and put it in an unrelated but findable hidden span or whatever element you like. Obviously to obfuscate the email and hide it from the harvester. Depending on your project structure, you might even want to put it in a JS or Session variable.
create a click handler for these links after a second that decyphers and write the correct email address into the fake mailto link not preventing defaults.
I do not think that crawlers click on mailto links, but if they would, they probaby won't wait a second, while a human being would have to be extremly fast to click a link in the first second after pageload.
Now you have a fully functional but obfuscated, honeypoted and timesecured mailto link.
Working example php file:
May the code be with you.
如果创建一个指向受密码保护的目录的“联系我”链接会怎样? 当然,你必须出示通行证才能进入。
“联系我”> ••••••••••• > contact/index.html
访问后,contact/index.html 页面会显示电子邮件,例如 mailto。
What if creating a link "Contact me" pointing to a directory protected by a password? Of course, you have to give the pass to access.
"Contact me" > ••••••••••• > contact/index.html
Once accessed, the contact/index.html page reveals the email, a mailto for instance.
我的解决方案是使用 css 重新排列字符并替换悬停时的元素。 用户看不到任何变化。
如果您还有其他要隐藏的内容,请使用以下函数:
My solution is to rearrange the characters using css and replacing the element on hover. No change is visible to the user.
here is the function if you have something else to hide:
不支持 JavaScript 的简单机器人通常会在 HTML 页面内容中查找
mailto:
和/或@
。 混淆这些关键字将大大减少电子邮件地址抓取的机会。可以使用 Base-64 编码的 URL 模板
mailto:%user%@%domain%
:其中
'bWFpbHRvOiV1c2VyJUAlZG9tYWluJQ=='
是btoa('mailto:%用户%@%域%')
。HTML 链接需要按如下方式更新:
此外,
javascript:
地址可能对用户隐藏:return
语句阻止页面导航到#< /代码> 锚点。
Simple JavaScript-unaware bots typically look for
mailto:
and/or@
in HTML page contents. Obfuscating these keywords will dramatically decrease chances of email address scraping.A Base-64 encoded URL template
mailto:%user%@%domain%
can be employed:Where
'bWFpbHRvOiV1c2VyJUAlZG9tYWluJQ=='
isbtoa('mailto:%user%@%domain%')
.HTML links would need to be updated as follows:
Furthermore,
javascript:
addresses can be hidden from the users:The
return
statements prevent the page navigation to the#
anchor.很遗憾,
一些链接的网站似乎已关闭,所以我想分享一个适合我的简单方法(不需要 JS)。
这个简单的工具将普通字符转换为仅 html 字符,例如:Hello —> 你好
这些字符正常显示在浏览器中供用户查看,但机器人很难获取电子邮件,因为电子邮件是用 html 字符编码的。
我希望这有帮助。
这是网站:https://codepen.io/jaymaymo/pen/OgoBYM(是的这是一支笔)
Unfortunately,
some linked sites seem to be down, so I wanted to share a simple method that works well for me (not JS required).
This simple tool converts the normal characters into html only characters e.g.: Hello —> Hello
The characters are displayed normally in browsers for the users to see, but it’s harder for bots to get the email, since the email is coded in html characters.
I hope this helps.
Here is the site: https://codepen.io/jaymaymo/pen/OgoBYM (yes it's a pen)