混淆网站上电子邮件地址的最佳方法?

发布于 2024-07-16 22:44:47 字数 790 浏览 6 评论 0原文

过去几天我一直在更新我的个人网站。 我个人网站的网址是(我的名字).(我的姓氏).com,因为我的姓氏比较不寻常,所以我很幸运地选择了这个域名。 我的电子邮件地址是(我的名字)@(我的姓氏).com。 所以说真的,当谈到猜测时,这并不是很难。

无论如何,我想将 mailto: 链接集成到我的网站中,以便人们可以联系我。 而且,尽管我的电子邮件地址不太难猜,但我宁愿不让垃圾邮件机器人收集它,这些机器人只是在网站上抓取电子邮件地址模式并将其添加到数据库中。

对我来说,混淆我的电子邮件地址的最佳方法是什么(最好是链接形式)? 我所知道的方法是:

<a href="mailto:[email protected]">e-mail me</a>

它有效,但这也意味着一旦我的网站点击谷歌,我就会涉足垃圾邮件,因为垃圾邮件机器人很容易找出我的电子邮件地址。

<img src="images/e-mail.png" />

这是不太理想的,因为访问者不仅无法单击它向我发送电子邮件,而且更聪明的垃圾邮件机器人可能能够检测到图像包含的字符。

我知道可能没有完美的解决方案,但我只是想知道每个人都认为最好的解决方案。 如有必要,我绝对愿意使用 JavaScript,因为我的网站已经使用了大量 JavaScript。

I've spent the past few days working on updating my personal website. The URL of my personal website is (my first name).(my last name).com, as my last name is rather unusual, and I was lucky enough to pick up the domain name. My e-mail address is (my first name)@(my last name).com. So really, when it comes down to guessing it, it's not very hard.

Anyways, I want to integrate a mailto: link into my website, so people can contact me. And, despite my e-mail address not being very hard to guess, I'd rather not have it harvested by spam bots that just crawl websites for e-mail address patterns and add them to their database.

What is the best way for me to obfuscate my e-mail address, preferably in link form? The methods I know of are:

<a href="mailto:[email protected]">e-mail me</a>

It works, but it also means that as soon as my website hits Google, I'll be wading through spam as spam bots easily pick out my e-mail address.

<img src="images/e-mail.png" />

This is less desirable, because not only will visitors be unable to click on it to send me an e-mail, but smarter spam bots will probably be able to detect the characters that the image contains.

I know that there is probably no perfect solution, but I was just wondering what everyone thought was best. I'm definitely willing to use JavaScript if necessary, as my website already makes use of tons of it.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(27

深居我梦 2024-07-23 22:44:47

我将字符编码为 HTML 实体(类似这样的)。 它不需要启用 JS,并且似乎已经阻止了大部分垃圾邮件。 我想智能机器人可能仍然会收获它,但我没有遇到任何问题。

I encode the characters as HTML entities (something like this). It doesn't require JS to be enabled and seems to have stopped most of the spam. I suppose a smart bot might still harvest it, but I haven't had any problems.

浅黛梨妆こ 2024-07-23 22:44:47

就我个人而言,我已经放弃隐藏我的电子邮件地址。 我发现寻找更好的垃圾邮件过滤解决方案比担心混淆更容易。 您可能会花费数天时间试图找到混淆您的地址的最佳方法,然后只需一个人将您的地址出售给垃圾邮件发送者,所有这些工作都是无用的。

Personally, I've given up on hiding my email address. I find it easier to look into better spam-filtering solutions than worry about obfuscating. You could spend days trying to find the best way to obfuscate your address, and then all it takes is one person to sell your address to a spammer and all that work was useless.

浅唱々樱花落 2024-07-23 22:44:47

当前接受的解决方案是创建一个联系表单,允许用户向您发送电子邮件。 如果您从中收到大量垃圾邮件(我的网站上没有),那么您可以添加验证码以进行良好的衡量,此时您将远离“容易实现的目标”。

事实是,如果您提供一个链接,用户可以单击该链接来弹出他们的电子邮件客户端,并在“收件人:”字段中输入您的地址,那么计算机就能够从页面中破译电子邮件地址,因此可以垃圾邮件机器人。

The current accepted solution is to create a contact form that allows users to email you. If you receive a lot of spam from that (I don't on my site), then you can add a captcha for good measure, and you'll be far from the "low hanging fruit" at that point.

The fact of the matter is that if you are providing a link that a user can click on to pop open their email client with your address in the To: field, then the computer is able to decipher the email address from the page and so can a spam bot.

你的心境我的脸 2024-07-23 22:44:47

您提到这是您的个人网站。 在我的个人网站(例如,bobsomers.com)上,我只有一段这样说:

与我联系的最佳方式
在新网站上线之前发送
给我一封电子邮件。 我的电子邮件地址是我的
该网站的名字。 如果你
从提示中看不出来
好吧,您可能会发现电子邮件更像是
挑战比弄清楚我的
地址。

人们似乎能够很好地解决这个问题,因为我一直收到合法的电子邮件。 有时最好的解决方案不需要编写任何代码。 :)

You mentioned this is for your personal website. On my personal site (for example, bobsomers.com) I just have a paragraph that says this:

The best way to get in contact with me
before the new site is up is to send
me an email. My email address is my
first name at this website. If you
can't figure it out from that hint,
well, you might find email more of a
challenge than figuring out my
address.

People seem to be able to figure that out just fine, as I get legitimate email all the time. Sometimes the best solutions don't require writing any code. :)

笔芯 2024-07-23 22:44:47

混淆锚点的 href 的一种轻量级方法是对其进行 base64 编码:

> btoa('mailto:[email protected]')
< "bWFpbHRvOmVtYWlsQGV4YW1wbGUuY29t"

然后将其硬编码:

<a href="javascript:window.location.href=atob('bWFpbHRvOmVtYWlsQGV4YW1wbGUuY29t')">E-Mail</a>

或者动态地添加到服务器端,例如在 PHP 中:

<a href="javascript:window.location.href=atob('<?= base64_encode("mailto:[email protected]") ?>')">E-Mail</a>

与字符串反转相结合,它可能会成为相当垃圾邮件 -节省:

<a href="javascript:window.location.href=atob('<?= base64_encode("mailto:[email protected]") ?>')" style="unicode-bidi: bidi-override; direction: rtl;"><?= strrev("[email protected]") ?></a>

A lightweight way to obfuscate the href of an anchor is to base64-encode it:

> btoa('mailto:[email protected]')
< "bWFpbHRvOmVtYWlsQGV4YW1wbGUuY29t"

And then include it hardcoded:

<a href="javascript:window.location.href=atob('bWFpbHRvOmVtYWlsQGV4YW1wbGUuY29t')">E-Mail</a>

Or dynamically server-side e.g. in PHP:

<a href="javascript:window.location.href=atob('<?= base64_encode("mailto:[email protected]") ?>')">E-Mail</a>

In combination with string reversion it could be pretty spam-save:

<a href="javascript:window.location.href=atob('<?= base64_encode("mailto:[email protected]") ?>')" style="unicode-bidi: bidi-override; direction: rtl;"><?= strrev("[email protected]") ?></a>
忘年祭陌 2024-07-23 22:44:47

显然 使用 CSS 来更改文本的方向效果很好。 该链接还测试了许多其他混淆方法。

无论你使用什么,都不可避免地会被击败。 您的主要目标应该是避免惹恼用户。

Apparently using CSS to change the direction of your text works pretty well. That link has a test of a bunch of other obfuscation methods as well.

Whatever you use is inevitably going to be defeated. Your primary aim should be to avoid annoying the heck out of your users.

挽清梦 2024-07-23 22:44:47

不要在这里使用任何混淆技术,因为这可能是电子邮件收集者首先要查找的地方,以找出人们如何混淆电子邮件。 如果您必须在网站上显示您的电子邮件地址,请不要只是逐字复制别人的方法;而应该这样做。 以其他网站未使用过的某种独特方式对其进行混淆,以便收割者在访问您的网站之前不会知道您的方法。

Don't use any obfuscation techniques here because it's probably the first place the email harvesters will look to find out how people are obfuscating emails. If you have to have your email address visible on the site don't just copy verbatim someone else's method; obfuscate it in some unique way that no other site has used so that your method won't be known to harvesters before they visit your site.

冬天的雪花 2024-07-23 22:44:47

我的其实很简单:

<h3 id="email">[email protected]</h3><!-- add a fake email -->


    $(document).ready(function(){
//my email in reverse :)
            var s = 'moc.elibomajninbew@htiek';
            var e = s.split("").reverse().join("");
            $('#email').html('<a href="mailto:'+e+'">'+e+'</a>');
    });

mine is actually simple:

<h3 id="email">[email protected]</h3><!-- add a fake email -->


    $(document).ready(function(){
//my email in reverse :)
            var s = 'moc.elibomajninbew@htiek';
            var e = s.split("").reverse().join("");
            $('#email').html('<a href="mailto:'+e+'">'+e+'</a>');
    });
请恋爱 2024-07-23 22:44:47

我维护的一个网站使用了一种有点简单的 JavaScript 方法来(希望)阻止垃圾邮件机器人。

电子邮件链接调用 JS 函数:

function sendEmail(name, domain) {
    location.href = 'mailto:' + name + '@' + domain;
}

为了确保只有启用了 JS 的用户才能看到该链接,请这样写出:

function writeEmailLink(realName, name, domain) {
    document.write('<a href="javascript:sendEmail(\''
      + name + '\', \'' + domain + '\')">');
    document.write(realName);
    document.write('</a>');
}   

使用一个 JS 函数写出调用另一个 JS 函数的链接意味着有两层保护。

One website I maintain uses a somewhat simplistic JavaScript means of (hopefully) keeping spambots out.

Email links call a JS function:

function sendEmail(name, domain) {
    location.href = 'mailto:' + name + '@' + domain;
}

To make sure only users who have JS enabled can see the link, write them out with this:

function writeEmailLink(realName, name, domain) {
    document.write('<a href="javascript:sendEmail(\''
      + name + '\', \'' + domain + '\')">');
    document.write(realName);
    document.write('</a>');
}   

The use of one JS function to write out a link that calls another means that there are two layers of protection.

夜雨飘雪 2024-07-23 22:44:47

您可以像 Google 在 Google 代码(和群组)上所做的那样。 显示电子邮件的正文和可点击部分(“...”)。 单击表示您想了解该电子邮件,系统会要求您填写验证码。 之后,您就可以看到该电子邮件(以及其他?)。

You could do as Google do on Google Code (and Groups). Display a par tof the email, and a clickable portion ("..."). Clicking that indicates you want to know the email, and you are asked to fill in a captcha. Afterwards the email (and others?) are visible to you.

樱桃奶球 2024-07-23 22:44:47

正如上面的发帖者所说,我还使用 jottings 网站 中的 JavaScript 混淆。

该网页生成一些可以改进的 JavaScript。 mailto: 文本字符串是清晰的并且可以被机器人识别(机器人可以发现这个并取消混淆该字符串),但是如果用户在 jottings.com 网页中输入一个 形式的电子邮件地址mailto:[电子邮件受保护] 而不是 < a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="432227273103302a37266d372f27">[email protected],然后删除文本 mailto : 从生成的 JavaScript 中,人们突然发现一些 JavaScript 看起来与电子邮件根本没有任何关系 - 只是网络上充斥着的随机 JavaScript。 人们可以通过删除链接文本来进一步改进这一点 - 我用我的电子邮件地址的图像替换了我的链接文本,该图像的字体相当模糊。 然后,为了防止 jottings.com 上的这种方法变得流行,我随机化了输出 JavaScript 中的变量名称,以使机器人很难发现 jottings 生成的 JavaScript 代码的实例。

显然,其中一些改进可以内置到笔记本身的机制中,并且由于代码是公开可用的,这将相对容易。

一个例子可能会让这一点更清楚一些。 我在上面的链接中使用了 Jottings Obfuscator 来模糊 mailto:[email protected] (请注意,我通过输入字符串 mailto:[电子邮件受保护] 而不是 [email protected]),其中包含文本“发送电子邮件”,其中的笔记变成了这样的 Javascript:

<script type="text/javascript" language="javascript">
<!--
// Email obfuscator script 2.1 by Tim Williams, University of Arizona
// Random encryption key feature by Andrew Moulden, Site Engineering Ltd
// This code is freeware provided these four comment lines remain intact
// A wizard to generate this code is at http://www.jottings.com/obfuscator/
{ coded = "3A1OTJ:[email protected]"
  key = "J0K94NR2SXLupIGqVwt8EZlhznemfaPjs7QvTB6iOyWYo3rAk5FHMdxCg1cDbU"
  shift=coded.length
  link=""
  for (i=0; i<coded.length; i++) {
    if (key.indexOf(coded.charAt(i))==-1) {
      ltr = coded.charAt(i)
      link += (ltr)
    }
    else { 
      ltr = (key.indexOf(coded.charAt(i))-shift+key.length) % key.length
      link += (key.charAt(ltr))
    }
  }
document.write("<a href='mailto:"+link+"'>Send Me Email</a>")
}
//-->
</script><noscript>Sorry, you need Javascript on to email me.</noscript>

在我取回该内容后,我将其粘贴到编辑器中并:

  1. 删除mailto:
  2. 将链接文本替换为指向我的电子邮件地址图像的指针
  3. 重命名所有变量
  4. 将“noscript”部分替换为另一个指向电子邮件地址图像的链接

我最终得到以下结果:

<script type="text/javascript" language="javascript">
<!--
// Email obfuscator script 2.1 by Tim Williams, University of Arizona
// Random encryption kkeoy feature by Andrew Moulden, Site Engineering Ltd
// This kudzu is freeware provided these four comment lines remain intact
// A wizard to generate this kudzu is at http://www.jottings.com/obfuscator/
{ kudzu = "3A1OTJ:[email protected]"
  kkeoy = "J0K94NR2SXLupIGqVwt8EZlhznemfaPjs7QvTB6iOyWYo3rAk5FHMdxCg1cDbU"
  shift=kudzu.length
  klonk=""
  for (variter=0; variter<kudzu.length; variter++) {
    if (kkeoy.indexOf(kudzu.charAt(variter))==-1) {
      lutu = kudzu.charAt(variter)
      klonk += (lutu)
    }
    else {
      lutu = (kkeoy.indexOf(kudzu.charAt(variter))-shift+kkeoy.length) % kkeoy.length
      klonk += (kkeoy.charAt(lutu))
    }
  }
document.write("<a href='"+klonk+"'><img src='contactaddressimage.png' alt='Send Me Email' border='0' height='62' width='240'></a>")
}
//-->
</script>
<noscript>
    <img src="contactaddressimage.png" border="0" height="62" width="240">
    <font face="Arial" size="3"><br> </font></p>
</noscript>

As a poster above said, I also use JavaScript obfuscation from the jottings website.

The web page generates some JavaScript which can be improved on. The mailto: text string is in the clear and identifiable by robots (which could spot this and unobfuscate this string), but if one enters into the jottings.com webpage an email address of the form mailto:[email protected] instead of [email protected] and then removes the text mailto: from the JavaScript that is generated, one suddenly has some JavaScript that does not look as though it has anything to do with email at all - just random JavaScript of which the web is full. One can improve this still further by getting rid of the link text - I replaced mine by an image of my email address that is in a fairly obscure font. Then just in case this method on jottings.com becomes popular, I randomized the variable names in the output JavaScript to make it hard for a robot to spot an instance of jottings generated JavaScript code.

Obviously some of these improvements could be built into the mechanism on jottings itself, and since the code is openly available this would be relatively easy.

An example may make this a bit more clear. I used the Jottings Obfuscator at the link above to obscure mailto:[email protected] (note I am cheating on the original intent of the jottings website by entering the string mailto:[email protected] instead of [email protected]) with text "Send Me Email", which jottings turned into this Javascript:

<script type="text/javascript" language="javascript">
<!--
// Email obfuscator script 2.1 by Tim Williams, University of Arizona
// Random encryption key feature by Andrew Moulden, Site Engineering Ltd
// This code is freeware provided these four comment lines remain intact
// A wizard to generate this code is at http://www.jottings.com/obfuscator/
{ coded = "3A1OTJ:[email protected]"
  key = "J0K94NR2SXLupIGqVwt8EZlhznemfaPjs7QvTB6iOyWYo3rAk5FHMdxCg1cDbU"
  shift=coded.length
  link=""
  for (i=0; i<coded.length; i++) {
    if (key.indexOf(coded.charAt(i))==-1) {
      ltr = coded.charAt(i)
      link += (ltr)
    }
    else { 
      ltr = (key.indexOf(coded.charAt(i))-shift+key.length) % key.length
      link += (key.charAt(ltr))
    }
  }
document.write("<a href='mailto:"+link+"'>Send Me Email</a>")
}
//-->
</script><noscript>Sorry, you need Javascript on to email me.</noscript>

After I get that back, I paste it into an editor and:

  1. remove the mailto:
  2. replace link text with pointer to an image of my email address
  3. rename all the variables
  4. replace the "noscript" section with another link to the email address image

I end up with this:

<script type="text/javascript" language="javascript">
<!--
// Email obfuscator script 2.1 by Tim Williams, University of Arizona
// Random encryption kkeoy feature by Andrew Moulden, Site Engineering Ltd
// This kudzu is freeware provided these four comment lines remain intact
// A wizard to generate this kudzu is at http://www.jottings.com/obfuscator/
{ kudzu = "3A1OTJ:[email protected]"
  kkeoy = "J0K94NR2SXLupIGqVwt8EZlhznemfaPjs7QvTB6iOyWYo3rAk5FHMdxCg1cDbU"
  shift=kudzu.length
  klonk=""
  for (variter=0; variter<kudzu.length; variter++) {
    if (kkeoy.indexOf(kudzu.charAt(variter))==-1) {
      lutu = kudzu.charAt(variter)
      klonk += (lutu)
    }
    else {
      lutu = (kkeoy.indexOf(kudzu.charAt(variter))-shift+kkeoy.length) % kkeoy.length
      klonk += (kkeoy.charAt(lutu))
    }
  }
document.write("<a href='"+klonk+"'><img src='contactaddressimage.png' alt='Send Me Email' border='0' height='62' width='240'></a>")
}
//-->
</script>
<noscript>
    <img src="contactaddressimage.png" border="0" height="62" width="240">
    <font face="Arial" size="3"><br> </font></p>
</noscript>
月竹挽风 2024-07-23 22:44:47

我不知道这会有多好。 您能否不保留您的电子邮件地址,并在页面加载完成后使用 AJAX 调用来加载它? 不确定垃圾邮件机器人是否可以拾取更改后的 HTML,或者它们是否足够聪明,可以侦听其他 HTTP 流量以尝试选择电子邮件地址,或者它们是否只是在第一次收到页面时扫描页面。

I don't how well this would work. Could you not leave your email address out and make it load using an AJAX call once the page has finished loading. Not sure if spam bots can pick up the altered HTML or if they are clever enough to listen on other HTTP traffic to try and pick email addresses or if they just scan the page as it is received the first time.

朕就是辣么酷 2024-07-23 22:44:47

一个人测试了在页面上呈现电子邮件地址的九种不同方式,然后在他的博客上发布了结果

他的三个最好的方法是:

  1. 使用 CSS 更改代码方向
  2. 使用 CSS display:none
  3. ROT13 加密

警告 - 这是两年前发布的。 垃圾邮件机器人可能变得更加聪明。

One guy tested nine different ways of presenting an email address on a page and then published results on his blog.

His three best ways were:

  1. Changing the code direction with CSS
  2. Using CSS display:none
  3. ROT13 Encryption

Caveat -- this was posted two years ago. Spam bots might've gotten smarter.

段念尘 2024-07-23 22:44:47

我同意 @srobinson 的观点,即使用在线表单编码 HTML 实体似乎有点可疑。 几行 Python (3.6+) 就可以为您完成:

def html_entities(text: str) -> str:
    return "".join(f"&#{ord(c)};" for c in text)

尝试一下:

>>> print(html_entities("[email protected]"))
barnstable@example.com

I agree with @srobinson in that using an online form for encoding to HTML entities seems a little shady. A few lines of Python (3.6+) will do it for you:

def html_entities(text: str) -> str:
    return "".join(f"&#{ord(c)};" for c in text)

Trying that out:

>>> print(html_entities("[email protected]"))
barnstable@example.com
欲拥i 2024-07-23 22:44:47

如果您使用 PHP,您可以获取一个自动执行此操作的免费脚本。 它被称为“Private Daddy”,我们将其用于我们自己的在线音频流服务。 只需一行代码即可开箱即用...您可以在此处获取它

If you work with PHP, you can grab a free script that does that automatically. It's called "Private Daddy" and we use it for our own online audio streaming service. Just one line of code and it works out of the box... you can grab it here

彡翼 2024-07-23 22:44:47

另一种方法是使用 JavaScript 框架并将数据/模型绑定到 HTML 元素。 对于 AngularJS,HTML 元素将写为:

<a href="mailto:{{contactEmail}}"><span>{{contactEmail}}</span></a>

插值 {{data}} 绑定使用包含实际电子邮件值的作用域变量。 此外,还可以使用过滤器来处理电子邮件的解码,如下所示:

<a href="mailto:{{contactEmail | decode}}"><span>{{contactEmail | decode}}</span></a>

好处在于 HTML 的编写方式。 缺点是它需要脚本支持,而有些人对此可能不支持。

只是另一种方法。

Another approach could be by using a JavaScript framework and binding the data/model to the HTML elements. In the case of AngularJS, the HTML elements would be written as:

<a href="mailto:{{contactEmail}}"><span>{{contactEmail}}</span></a>

The interpolation {{data}} binding uses a scope variable that contains the actual email value. In addition, a filter could also be used that handles the decoding of the email as follows:

<a href="mailto:{{contactEmail | decode}}"><span>{{contactEmail | decode}}</span></a>

The benefits are in the way the HTML is written. The downside is that it requires scripting support which some for may be a no no.

just another approach.

熊抱啵儿 2024-07-23 22:44:47

使用 JQuery,但如果需要,可以轻松移植到纯 JS。 将采用以下 HTML 块。 我提供的这个示例也适用于电话呼叫的 tel: 链接。

<a class="obfuscate" 
 href="mailto:archie...trajano...net">
 archie...trajano...net
</a>
<a class="obfuscate"
 href="tel:+One FourOneSix-EightFiveSix-SixSixFiveFive">
 FourOneSix-EightFiveSix-SixSixFiveFive
</a>

并使用 Javascript 将其转换为正确的链接。

$(".obfuscate").each(function () {

$(this).html($(this).html()
.replace("...", "@").replace(/\.\.\./g, ".")
.replace(/One/g, "1")
.replace(/Two/g, "2")
.replace(/Three/g, "3")
.replace(/Four/g, "4")
.replace(/Five/g, "5")
.replace(/Six/g, "6")
.replace(/Seven/g, "7")
.replace(/Eight/g, "8")
.replace(/Nine/g, "9")
.replace(/Zero/g, "0"))

$(this).attr("href", $(this).attr("href")
.replace("...", "@").replace(/\.\.\./g, ".")
.replace(/One/g, "1")
.replace(/Two/g, "2")
.replace(/Three/g, "3")
.replace(/Four/g, "4")
.replace(/Five/g, "5")
.replace(/Six/g, "6")
.replace(/Seven/g, "7")
.replace(/Eight/g, "8")
.replace(/Nine/g, "9")
.replace(/Zero/g, "0"))

})

我在这里更详细地记录了它 https://trajano.net/2017/01/ obfuscating-mailto-links/

反/混淆算法非常简单,因此编写起来也不太费力(不需要 Base64 解析)

Using JQuery, but can easily be ported to plain JS if needed. Will take the following HTML block. This example I provided is also for tel: links for phone calls.

<a class="obfuscate" 
 href="mailto:archie...trajano...net">
 archie...trajano...net
</a>
<a class="obfuscate"
 href="tel:+One FourOneSix-EightFiveSix-SixSixFiveFive">
 FourOneSix-EightFiveSix-SixSixFiveFive
</a>

and convert it to the proper links using Javascript.

$(".obfuscate").each(function () {

$(this).html($(this).html()
.replace("...", "@").replace(/\.\.\./g, ".")
.replace(/One/g, "1")
.replace(/Two/g, "2")
.replace(/Three/g, "3")
.replace(/Four/g, "4")
.replace(/Five/g, "5")
.replace(/Six/g, "6")
.replace(/Seven/g, "7")
.replace(/Eight/g, "8")
.replace(/Nine/g, "9")
.replace(/Zero/g, "0"))

$(this).attr("href", $(this).attr("href")
.replace("...", "@").replace(/\.\.\./g, ".")
.replace(/One/g, "1")
.replace(/Two/g, "2")
.replace(/Three/g, "3")
.replace(/Four/g, "4")
.replace(/Five/g, "5")
.replace(/Six/g, "6")
.replace(/Seven/g, "7")
.replace(/Eight/g, "8")
.replace(/Nine/g, "9")
.replace(/Zero/g, "0"))

})

I documented it in more detail here https://trajano.net/2017/01/obfuscating-mailto-links/

The de/obfuscation algorithm is pretty simple so its not too taxing to write either (no need for base64 parsing)

爱*していゐ 2024-07-23 22:44:47

Ajax调用解决方案

最好是在网站上有一个表单而不是显示电子邮件地址,因为所有机器人都在日复一日地变得更加智能,但是如果您需要在网站上显示电子邮件地址,那么,您可以使用ajax 在您的服务器上调用,并在单击时显示它。

HTML

<a class="obfmail" href="#" rel="info">click here to show email address</a>

<a class="obfmail" href="#" rel="info">
    <img src="img/click-to-show-email.jpg">
</a>

jQuery

$(document).one'click', '.obfmail', function(e) {
    e.preventDefault();
    a = $(this);
    addr = a.attr('rel');
    $.ajax({
        data: { 
            email: addr
        },
        url : "/a/getemail",
        type: "POST",
        dataType: 'json',
        success: function(data) {
            a.html(data.addr);
            a.attr('href', 'mailto:' + data.addr);
        }
    });
});

PHP

if($_POST['email']) {
    ...
    return json_encode(array(
        code     => '200',
        response => 'success',
        addr     => '[email protected]'
    ));
}

为了提高安全性,您可以将 .on 更改为 .one 像这样 $(document).one('click', '.obfmail', function(e) { 甚至使用 PHP 生成的令牌,您在 ajax 调用中传递到数据中,以接受仅调用一次 ajax 函数,如下所示:

html:

jquery:

...
addr = a.attr('rel');
tkn  = a.attr('token');
$.ajax({
    data: { 
        email: addr,
        token: tkn
    }, ...

也可以对返回的电子邮件地址进行编码或反转。

电话号码也能正常工作!

The Ajax call solution

The best is to have a form on the website and not to show email address, because all robots are more intelligent day after day, but if you need to show email address on the website, so, you can make it with ajax call on your server, and show it on click.

HTML

<a class="obfmail" href="#" rel="info">click here to show email address</a>

or

<a class="obfmail" href="#" rel="info">
    <img src="img/click-to-show-email.jpg">
</a>

jQuery

$(document).one'click', '.obfmail', function(e) {
    e.preventDefault();
    a = $(this);
    addr = a.attr('rel');
    $.ajax({
        data: { 
            email: addr
        },
        url : "/a/getemail",
        type: "POST",
        dataType: 'json',
        success: function(data) {
            a.html(data.addr);
            a.attr('href', 'mailto:' + data.addr);
        }
    });
});

PHP

if($_POST['email']) {
    ...
    return json_encode(array(
        code     => '200',
        response => 'success',
        addr     => '[email protected]'
    ));
}

For more security, you can change .on by .one like this $(document).one('click', '.obfmail', function(e) { or even work with a PHP generated token that you pass into data on ajax call, to accept only one call of the ajax function like this :

html: <a class="obfmail" href="#" rel="info" token="w3487ghdr6rc">

jquery:

...
addr = a.attr('rel');
tkn  = a.attr('token');
$.ajax({
    data: { 
        email: addr,
        token: tkn
    }, ...

.

It is possible to encode the returned email address too or invert it.

.

Working fine for phone numbers too !

尽揽少女心 2024-07-23 22:44:47

老实说,如果您询问 mailto 是否真的是您想要使用的问题,那么您的问题可能没有实际意义。 例如,许多使用网络邮件或在浏览器中没有正确设置邮件客户端的人将无法从 mailto 中受益。 您暴露了您的电子邮件地址,但该功能不适用于大部分用户。

相反,您可以做的是使用表格在后台发送电子邮件,以便隐藏电子邮件地址,并且您不必担心那些可怜的笨蛋无法从 mailto 中受益。

Honestly, your problem may be moot if you asked the question of whether or not a mailto is really what you want to use. A lot of people who use web mail, for example, or do not have the proper mail client setup in their browser are not going to benefit from a mailto. You are exposing your email address for a function that isn't going to work for a large portion of your users.

What you could do instead is use a form to send the e-mail behind the scenes so that the e-mail address is hidden and you don't have to worry about the poor saps who won't benefit from a mailto.

谁与争疯 2024-07-23 22:44:47

如果您在网站上说“我的电子邮件地址是(我的名字)@(我的姓氏).com”,并且您的名字和姓氏非常明显,那么这似乎是最好的垃圾邮件防护你会得到的。

If you say on your site that "My e-mail address is (my first name)@(my last name).com.", and your first name and last name are pretty darn obvious, that seems to be the best spam protection you're going to get.

白龙吟 2024-07-23 22:44:47

如果有人使用 Rails,他们可以使用 actionview-encoded_mail_to gem。 (https://github.com/reed/actionview-encoded_mail_to

有几个选项:

:encode - 该键将接受字符串“javascript”或“hex”。
传递“javascript”将动态创建并编码 mailto
link 然后将其评估到页面的 DOM 中。 这个方法不会显示
如果用户禁用了 JavaScript,则页面上的链接。 通过
"hex" 将在输出 mailto 之前对 email_address 进行十六进制编码
关联。

:replace_at - 当未提供链接名称时,
email_address 用于链接标签。 您可以使用此选项
通过用字符串替换 @ 符号来混淆 email_address
作为值给出。

:replace_dot - 当未提供链接名称时,
email_address 用于链接标签。 您可以使用此选项
通过替换 .email_address 来混淆 email_address。 在电子邮件中
作为值给出的字符串。

If anyone's using Rails, they can use the actionview-encoded_mail_to gem. (https://github.com/reed/actionview-encoded_mail_to)

There are a few options:

:encode - This key will accept the strings "javascript" or "hex".
Passing "javascript" will dynamically create and encode the mailto
link then eval it into the DOM of the page. This method will not show
the link on the page if the user has JavaScript disabled. Passing
"hex" will hex encode the email_address before outputting the mailto
link.

:replace_at - When the link name isn't provided, the
email_address is used for the link label. You can use this option to
obfuscate the email_address by substituting the @ sign with the string
given as the value.

:replace_dot - When the link name isn't provided,
the email_address is used for the link label. You can use this option
to obfuscate the email_address by substituting the . in the email with
the string given as the value.

独自唱情﹋歌 2024-07-23 22:44:47
<!-- Multi-Email Obfuscator  -->
<!-- step 1: @ = @  -->
<!-- step 2: a scrap element  -->
<!-- step 3: ROT13 encode for .com  -->
info<!-- step 1 -->@<!-- step 2 --><b style="display:none">my</b>domain<!-- step 3 --><script>document.write(".pbz".replace(/[a-zA-Z]/g,function(c){return String.fromCharCode((c<="Z"?90:122)>=(c=c.charCodeAt(0)+13)?c:c-26);}));</script>
<!-- Multi-Email Obfuscator  -->
<!-- step 1: @ = @  -->
<!-- step 2: a scrap element  -->
<!-- step 3: ROT13 encode for .com  -->
info<!-- step 1 -->@<!-- step 2 --><b style="display:none">my</b>domain<!-- step 3 --><script>document.write(".pbz".replace(/[a-zA-Z]/g,function(c){return String.fromCharCode((c<="Z"?90:122)>=(c=c.charCodeAt(0)+13)?c:c-26);}));</script>
翻身的咸鱼 2024-07-23 22:44:47

由于这个解决方案没有在任何地方提到,但对我来说效果很好:

我这样做:

  • 创建一个带有虚假电子邮件的mailto链接。 我喜欢 [email protected],原因很明显:垃圾邮件发送者可能会向自己的僵尸网络发送垃圾邮件在未选中的情况下使用此地址时。

  • 加密真实的电子邮件地址并将其放入不相关但可找到的隐藏范围或您喜欢的任何元素中。 显然是为了混淆电子邮件并将其隐藏起来,不让收割者发现。 根据您的项目结构,您甚至可能希望将其放入 JS 或 Session 变量中。

  • 在一秒钟后为这些链接创建一个点击处理程序,解密并将正确的电子邮件地址写入虚假的 mailto 链接,而不阻止默认设置。
    我不认为爬虫会点击 mailto 链接,但如果它们愿意,它们可能不会等待一秒钟,而人类必须非常快地在页面加载后的第一秒内点击链接。

现在您有了一个功能齐全但混乱、受蜜罐控制且有时间保护的 mailto 链接。

工作示例 php 文件:

<html>
<head>
<title>E-Mail Obfuscating</title>
</head>
<body>
<?php
$email = "[email protected]";
echo "<a class='emailLink' href='mailto:[email protected]' >Send me an e-mail!</a>"
    ."<span style='display:none' data-hash='" . base64_encode($email) . "' />";
?>
<script>
<!--
var emailLinks = document.getElementsByClassName("emailLink");
setTimeout(function() {
    for(var i=0; i <emailLinks.length; ++i){
        emailLinks[i].addEventListener("click", function(){
            let encodedEmail = this.nextSibling.getAttribute('data-hash');
            let decodedEmail = atob(encodedEmail);
            this.href = "mailto:" + decodedEmail;
            this.text = decodedEmail;
        });
    }
}, 1000);

-->
</script>
</body>
</html>

愿代码与您同在。

Since this solution is not mentioned anywhere, but works well for me:

I do this:

  • create a mailto link with fake email. I like [email protected] for obvious reasons: Spammer might spam his own botnet when using this address unchecked.

  • cypher real email address and put it in an unrelated but findable hidden span or whatever element you like. Obviously to obfuscate the email and hide it from the harvester. Depending on your project structure, you might even want to put it in a JS or Session variable.

  • create a click handler for these links after a second that decyphers and write the correct email address into the fake mailto link not preventing defaults.
    I do not think that crawlers click on mailto links, but if they would, they probaby won't wait a second, while a human being would have to be extremly fast to click a link in the first second after pageload.

Now you have a fully functional but obfuscated, honeypoted and timesecured mailto link.

Working example php file:

<html>
<head>
<title>E-Mail Obfuscating</title>
</head>
<body>
<?php
$email = "[email protected]";
echo "<a class='emailLink' href='mailto:[email protected]' >Send me an e-mail!</a>"
    ."<span style='display:none' data-hash='" . base64_encode($email) . "' />";
?>
<script>
<!--
var emailLinks = document.getElementsByClassName("emailLink");
setTimeout(function() {
    for(var i=0; i <emailLinks.length; ++i){
        emailLinks[i].addEventListener("click", function(){
            let encodedEmail = this.nextSibling.getAttribute('data-hash');
            let decodedEmail = atob(encodedEmail);
            this.href = "mailto:" + decodedEmail;
            this.text = decodedEmail;
        });
    }
}, 1000);

-->
</script>
</body>
</html>

May the code be with you.

后知后觉 2024-07-23 22:44:47

如果创建一个指向受密码保护的目录的“联系我”链接会怎样? 当然,你必须出示通行证才能进入。

“联系我”> ••••••••••• > contact/index.html

访问后,contact/index.html 页面会显示电子邮件,例如 mailto。

What if creating a link "Contact me" pointing to a directory protected by a password? Of course, you have to give the pass to access.

"Contact me" > ••••••••••• > contact/index.html

Once accessed, the contact/index.html page reveals the email, a mailto for instance.

雪落纷纷 2024-07-23 22:44:47

我的解决方案是使用 css 重新排列字符并替换悬停时的元素。 用户看不到任何变化。

const obscureHoverReverseMailTo = input => `<span style="display: inline-flex; color: rgb(0, 0, 238); cursor: pointer; text-decoration: underline;" onmouseover="const newContent = [...this.children].sort((a, b) => a.style.order - b.style.order).map(el => el.innerText).join('');this.outerHTML = \`<a href='mailto: \${newContent}'>\${newContent}</a>\`">${input.split("").map((char, index) => `<span style="order: ${index}">${char}</span>`).sort(() => 0.5 - Math.random()).join("")}</span>`;

const obscureHoverReverseMailTo = input => `<span style="display: inline-flex; color: rgb(0, 0, 238); cursor: pointer; text-decoration: underline;" onmouseover="const newContent = [...this.children].sort((a, b) => a.style.order - b.style.order).map(el => el.innerText).join('');this.outerHTML = \`<a href='mailto: \${newContent}'>\${newContent}</a>\`">${input.split("").map((char, index) => `<span style="order: ${index}">${char}</span>`).sort(() => 0.5 - Math.random()).join("")}</span>`;

document.getElementById("testRoot").innerHTML = obscureHoverReverseMailTo("[email protected]")
<div id="testRoot"></div>

<input type="text" onkeyup="document.getElementById('testOut').innerHTML = obscureHoverReverseMailTo(this.value)">
<div id="testOut"></div>

如果您还有其他要隐藏的内容,请使用以下函数:

const obscureHoverReverse = input => `<span style="display: inline-flex" onmouseover="this.outerHTML = [...this.children].sort((a, b) => a.style.order - b.style.order).map(el => el.innerText).join('')">${input.split("").map((char, index) => `<span style="order: ${index}">${char}</span>`).sort(() => 0.5 - Math.random()).join("")}</span>`;

My solution is to rearrange the characters using css and replacing the element on hover. No change is visible to the user.

const obscureHoverReverseMailTo = input => `<span style="display: inline-flex; color: rgb(0, 0, 238); cursor: pointer; text-decoration: underline;" onmouseover="const newContent = [...this.children].sort((a, b) => a.style.order - b.style.order).map(el => el.innerText).join('');this.outerHTML = \`<a href='mailto: \${newContent}'>\${newContent}</a>\`">${input.split("").map((char, index) => `<span style="order: ${index}">${char}</span>`).sort(() => 0.5 - Math.random()).join("")}</span>`;

const obscureHoverReverseMailTo = input => `<span style="display: inline-flex; color: rgb(0, 0, 238); cursor: pointer; text-decoration: underline;" onmouseover="const newContent = [...this.children].sort((a, b) => a.style.order - b.style.order).map(el => el.innerText).join('');this.outerHTML = \`<a href='mailto: \${newContent}'>\${newContent}</a>\`">${input.split("").map((char, index) => `<span style="order: ${index}">${char}</span>`).sort(() => 0.5 - Math.random()).join("")}</span>`;

document.getElementById("testRoot").innerHTML = obscureHoverReverseMailTo("[email protected]")
<div id="testRoot"></div>

<input type="text" onkeyup="document.getElementById('testOut').innerHTML = obscureHoverReverseMailTo(this.value)">
<div id="testOut"></div>

here is the function if you have something else to hide:

const obscureHoverReverse = input => `<span style="display: inline-flex" onmouseover="this.outerHTML = [...this.children].sort((a, b) => a.style.order - b.style.order).map(el => el.innerText).join('')">${input.split("").map((char, index) => `<span style="order: ${index}">${char}</span>`).sort(() => 0.5 - Math.random()).join("")}</span>`;
一身仙ぐ女味 2024-07-23 22:44:47

不支持 JavaScript 的简单机器人通常会在 HTML 页面内容中查找 mailto: 和/或 @。 混淆这些关键字将大大减少电子邮件地址抓取的机会。

可以使用 Base-64 编码的 URL 模板 mailto:%user%@%domain%

function contact(user, domain = location.hostname) {
  const template = atob('bWFpbHRvOiV1c2VyJUAlZG9tYWluJQ==');
  location.href = template
    .replace('%user%', user)
    .replace('%domain%', domain);
  return false;
}

其中 'bWFpbHRvOiV1c2VyJUAlZG9tYWluJQ=='btoa('mailto:%用户%@%域%')

HTML 链接需要按如下方式更新:

<a href="javascript: contact('x', 'y.com')">e-mail me</a>

此外,javascript: 地址可能对用户隐藏:

<a href="#" onclick="return contact('x', 'y.com')">e-mail me</a>

return 语句阻止页面导航到 #< /代码> 锚点。

Simple JavaScript-unaware bots typically look for mailto: and/or @ in HTML page contents. Obfuscating these keywords will dramatically decrease chances of email address scraping.

A Base-64 encoded URL template mailto:%user%@%domain% can be employed:

function contact(user, domain = location.hostname) {
  const template = atob('bWFpbHRvOiV1c2VyJUAlZG9tYWluJQ==');
  location.href = template
    .replace('%user%', user)
    .replace('%domain%', domain);
  return false;
}

Where 'bWFpbHRvOiV1c2VyJUAlZG9tYWluJQ==' is btoa('mailto:%user%@%domain%').

HTML links would need to be updated as follows:

<a href="javascript: contact('x', 'y.com')">e-mail me</a>

Furthermore, javascript: addresses can be hidden from the users:

<a href="#" onclick="return contact('x', 'y.com')">e-mail me</a>

The return statements prevent the page navigation to the # anchor.

半﹌身腐败 2024-07-23 22:44:47

很遗憾,
一些链接的网站似乎已关闭,所以我想分享一个适合我的简单方法(不需要 JS)。

这个简单的工具将普通字符转换为仅 html 字符,例如:Hello —> 你好
这些字符正常显示在浏览器中供用户查看,但机器人很难获取电子邮件,因为电子邮件是用 html 字符编码的。
我希望这有帮助。

这是网站:https://codepen.io/jaymaymo/pen/OgoBYM(是的这是一支笔)

<iframe height="300" style="width: 100%;" scrolling="no" title="email encoder from http://wbwip.com/wbw/emailencoder.html" src="https://codepen.io/jaymaymo/embed/OgoBYM?default-tab=result" frameborder="no" loading="lazy" allowtransparency="true" allowfullscreen="true">
  See the Pen <a href="https://codepen.io/jaymaymo/pen/OgoBYM">
  email encoder from http://wbwip.com/wbw/emailencoder.html</a> by Jammie Mountz (<a href="https://codepen.io/jaymaymo">@jaymaymo</a>)
  on <a href="https://codepen.io">CodePen</a>.
</iframe>

Unfortunately,
some linked sites seem to be down, so I wanted to share a simple method that works well for me (not JS required).

This simple tool converts the normal characters into html only characters e.g.: Hello —> Hello
The characters are displayed normally in browsers for the users to see, but it’s harder for bots to get the email, since the email is coded in html characters.
I hope this helps.

Here is the site: https://codepen.io/jaymaymo/pen/OgoBYM (yes it's a pen)

<iframe height="300" style="width: 100%;" scrolling="no" title="email encoder from http://wbwip.com/wbw/emailencoder.html" src="https://codepen.io/jaymaymo/embed/OgoBYM?default-tab=result" frameborder="no" loading="lazy" allowtransparency="true" allowfullscreen="true">
  See the Pen <a href="https://codepen.io/jaymaymo/pen/OgoBYM">
  email encoder from http://wbwip.com/wbw/emailencoder.html</a> by Jammie Mountz (<a href="https://codepen.io/jaymaymo">@jaymaymo</a>)
  on <a href="https://codepen.io">CodePen</a>.
</iframe>

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文