保护电子邮件免受收割者和恶意软件的侵害垃圾邮件
我见过的大多数反垃圾邮件脚本实际上都是 JavaScript 脚本,它们通过使用字符实体进行编码来模糊电子邮件。但我认为一个好的机器人仍然会发现很容易再次解码?
在我的网站上,我使用了一个单独的控制器,仅用于发送邮件。该页面通过 GET 接收加密的电子邮件参数,并使用特定的私钥对其进行解密。然后将标头设置为:mailto: $email 并将用户重定向回他来自的地方。
这是保护电子邮件链接的有效方法还是我正在监督一些重要的事情?
if ($this->uri->total_segments() >= 1) {
$email = $this->decode($this->uri->uri_string());
if ($email) {
header("location: mailto: " . $email);
if (isset($_SERVER['HTTP_REFERER'])) {
redirect($_SERVER['HTTP_REFERER'], 'refresh');
}
}
}
Most anti-spam scripts I have seen are actually javascript scripts that obscure the email by encoding it with character entities. But I think a good bot would still find this easy to decode again?
On my website I used a separate controller that is only used to send mails. The page receives an encrypted email parameter through GET and decypts it using a specific private key. Then sets the header to: mailto: $email and redirects the user back to where he came from.
Is this an effective way to protect email links or am I overseeing something important?
if ($this->uri->total_segments() >= 1) {
$email = $this->decode($this->uri->uri_string());
if ($email) {
header("location: mailto: " . $email);
if (isset($_SERVER['HTTP_REFERER'])) {
redirect($_SERVER['HTTP_REFERER'], 'refresh');
}
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这工作正常,并且是一种已知的技术,例如 http://www.maxi- pedia.com/prevent+email+address+harvesting & http://csarven.ca/hiding-email-addresses#javascript。
它仍然可以被解码,所以它不是100%有效。此外,这可能是一个可访问性问题 - 屏幕阅读器将无法获取您的电子邮件地址,因此它并不适合所有情况。
This works fine, and is a known technique, e.g. http://www.maxi-pedia.com/prevent+email+address+harvesting & http://csarven.ca/hiding-email-addresses#javascript.
It can still be decoded, so it's not 100% effective. Also, it may be an accessibility issue - screen readers won't be able to pick up your email address, so it won't be appropriate for all scenarios.