You can get a cheat sheet with all the character codes here: http://www.ilovejackdaniels.com/cheat-s … eat-sheet/

If you actually run your mouse over the links in the page, you will see the address, but yes, in the source most of the letters are spelled out in these codes.  Note that not all the characters are encoded.

Thanks!

yes thats pretty much correct, and there are certainly ways around it for hackers. You do get programs that can scramble your html coding though, replacing variables here and there by encoding it. I personally have never used something like it so i cant recommend but i reckon it would work well for the somewhat paranoid

You can however go to www[dot]ilovejackdaniels.com and search for "html character entities" cheat sheet. It has all the characters on there.

So far anyway, I only get like two spam emails a day to the main address. I have several, as I imagine most of you do.

Bad link reporting, email a friend and contact are all forms,  which I tried to make user friendly. I'd be curious if you agree, waveshoppe..

They show the product (from the location where they selected "report link") and have a drop down to simplify options for what was wrong as well as text area if they're in the mood for that.

I agree with the trust issue being important, but not necessarily that emailing someone makes me trust 'em any more   If you have boatloads of spam, you're in danger of missing something valid anyway.

The short version is I agree with the use of forms.

waveshoppe wrote:

thegyspsy wrote:

Just curious as to why you would put your email on your site at all? It is VERY easy to code a form and grab a free form processor and away you go....

I tend to not advise putting email addys on sites... just contact forms...

Hmm… I look at forms as something non-human and machine like. I don’t know if there are any hard numbers on this but many visitors don’t have confidence or trust in forms.

Trust is super important and an email adds to the trust factor because they feel it will at least go to someone’s Inbox. If the email doesn’t come back people will take the first stem towards trusting you.

When I see a form… I feel exactly the same as I do when I see a site that does not list a contact phone number. I think poor service, email spam, scam, etc

Interesting

If I see a site that just has a mailto: link, email address and no form, I get turned off and go elsewhere. The lack of spam prevention, for their own sake, makes them appear less professional.

Additionally - it assumes you have access to email at the same time you want to contact them; which in most cases is true but there are still a lot of people who use internet cafes etc.

For me - I don't want the site owner to know my email address. If we get talking, the likelihood is they'll get some business from me.

just an email address and no contact form is unprofessional, open to abuse and too pushy for my liking

but even a form needs an email addy to send the message to, which the spammers still grab...corect?
That is my experience - forms do not help and can be hijacked and used to send spam

matte wrote:

but even a form needs an email addy to send the message to, which the spammers still grab...corect?
That is my experience - forms do not help and can be hijacked and used to send spam

There's an email address, but it remains on the server. That's why they're sending the information in a form submission to the server - so they don't get the email address. Without hacking into your server, that is, which is another topic altogether.

I'm only familiar with ASP (not PHP), and that only to a limited extent, But the dynamic bits are handled before the page is transmitted, or in this case, the information you submit is emailed from the server (not really the user) using whichever email client it's set up for.

matte wrote:

but even a form needs an email addy to send the message to, which the spammers still grab...corect?
That is my experience - forms do not help and can be hijacked and used to send spam

DMX wrote:

There's an email address, but it remains on the server. That's why they're sending the information in a form submission to the server - so they don't get the email address. Without hacking into your server, that is, which is another topic altogether.

The form just contains an action, eg <form action='send.php' method='post'>

The processing script, send.php, with have an email address in the php, eg

$to = "my-email@ddress.com";
mail($to,$subject,$message,$headers);

this part of the script runs on the server and doesn't output anything.

It could be extened to this

$to = "my-email@ddress.com";
mail($to,$subject,$message,$headers);
echo "Thank you<br />\n";


which would display 'Thank you'

The thank you is the only part available to anyone looking at the page, users, spammers, SEs etc

As DMX said, the spammer would need access to the files on your server via FTP or SSH in order to view the PHP 'source' and get your email address. Even then the email address might get pulled from a database or somewhere else.....

As far as hijacking the forms go, you can validate the form's information to ensure that it is complete and rinse out certain characters and strings to avoid SQL injection if that was what you were referring to..

I use this resource:
http://www.wmtips.com/tools/html-obfuscator/

It will obfuscate anything into javascript encryption and into the unicode version, just incase the user has javascript off.

Its not just for email addresses either. I use it for hiding source code in the view source. Yeah eventually, once someone has figured out how its encoded, they will be able to break it, but it stopped that little prick competitor from copying everything we do!!

It'll stop a robot too. Although, I encoded a whole page once, google indexed it (accidentaly) and in the SERPS, there was the meta description. And the cache was unencrypted.

So i would go for the javascript encoding for email addys.

I put a spam poisoner on one of my sites (a link to a self generating page of bogus email addresses and links to yet more). It didnt seem to affect my SERPS, BUT, I did end up with about 30 robots online at all times 24/7!

Here is the best php email form I could find. It's relatively secure and presents no email addresses on the screen or in the source code.

It allows the user to select from a drop-down list of people to email (e.g. webmaster, company president, etc.). It also allows you to specify the server it resides on so it will refuse to send email messages from any other server.

I recently started receiving a few spam messages through the form but don't know if the spammers are filling it out manually or have actually created bots to do it. I've had no suggestion that the forms I use have ever been hihacked.

The latest version will (optionally) support captcha images if your server will generate them.


http://jimsun.linxnet.com/SCForm.html


Bob

I'm still not having any spam email problems using this form for over 6 months now.

Is there no way around registering? TA?

No Ryan, there's no way around it -- rest assured, your info is definitely kept private and you don't get but one email from them.

Shivvy, thanks ta

Here is a interesting way to take on spammers. http://www.threadwatch.org/node/14123