Here’s another bit of code to help protect your site from email harvesters and other robots that troll through the HTML source of your site looking for <a href=“mailto:…”> tags.
Most current email obfuscation works by disguising the email address, i.e. everything after the
mailto: part of the link, in order to hide the @-sign.
I’m guessing, though, that trollers have gotten smart to these tricks and will now harvest everything after the characters
mailto: up to the closing quote or end-of-tag, then try a bunch of techniques to decode the characters it found. Converting a string like “&102;&111;&111;&64; …” into a useable email address doesn’t take much computing power, does it?
However, what about not using mailto: at all, and instead use a PHP script that does an HTTP Redirect to a mailto: URI?
Your links could look something like this now:
<a href=”/firstname.lastname@example.org”>mail me</a>
Let’s also obfuscate the actual address, incase the harvesters are simply looking for email@example.com combinations of characters:
<a href=”/send.php?address=foo/example.com”>mail me</a>
Finally, let’s use some simple request-string parsing, and an Apache Force-Type setting to make that even simpler:
<a href=”/send/foo/example.com/Subject”>mail me</a>
All that’s left to do is write the code for the send PHP script. Oh look … here it is.
Combine that with the Turing Protection I mentioned before, and you should have a fairly troll-proof site.
Comments and improvements are always welcome.