Making obfuscated email address on contact page clickable

They have: 2 posts

Joined: Oct 2006

I decided in favour of allowing visitors to use their own email client instead of a webform for the benefit of their own record keeping, and rather than using an image of the address or javascript encryption (incase they have them disabled in their browser) I went with a textlogo shrunken to normal-size text with inline CSS using output of the automatic generator from Email Mini-logo

I want to keep it clickable but without the address on the page itself I have only found two non-javascript methods that do this.
1. Transparent munging using HTML entities or URI escape codes on seperate pages referred to via CSS (works in IE and Firefox only)
contact.html (minimal example):


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>Contact us</title>
<link rel="stylesheet" type="text/css" href="hidden.css" >
</head><body><pre style="font-size: 1.34px; line-height: 1px; letter-spacing: 0px; -moz-binding: url(hidden.xml#entities)">
<a href="#" class="escaped" style="text-decoration: none;">(Text-logo of email)</a>
</pre></body></html>
'

hidden.css file for IE-based browsers (trident engine):


A.escaped:active {
background: url("mailto:(escaped address [@ = %40 etc.])?subject=(insert subject)&body=(insert body)");
}
'

hidden.xml file for Mozilla-based browsers (gecko engine):


<?xml version="1.0"?>
<bindings xmlns="http://www.mozilla.org/xbl" xmlns:h="http://www.w3.org/1999/xhtml">
   <binding id="entities">
<content>
<h:a href="(format of mailto:[email protected]?subject=(insert subject)&body=(insert body) converted to HTML decimal and hexadecimal entities [@ = @ or &#x40; etc.])" style="text-decoration: none;">
<children/>
</h:a>
</content>
   </binding>
</bindings>
'

2. Using the service at tinyurl.com to redirect to the mailto protocol. (entering mailto:[email protected] as the URL then using the resulting http://tinyurl.com/TheCode address as the link)
change one line in contact.html to:
<a href="http://tinyurl.com/TheCode" style="text-decoration: none;">(Text-logo of email)</a>'

Method #1 is limited to the two major browsers, but will always work on them and for other browsers I can put an audio file of the address being spoken into the link instead of #
Method #2 should work in all browsers (no subject or body), but only as long as tinyurl supports it, and relies on trusting them with the address.

Which of those two would you choose to make the address clickable?

Abhishek Reddy's picture

He has: 3,348 posts

Joined: Jul 2001

Wow, those are pretty neat tricks. Thanks for sharing. Smiling

I would not consider using the first method at all for the general case. It simply supports too few browsers.

I would consider a modified version of the second method. Rather than using tinyurl to rewrite the URL, perhaps mod_rewrite or an Apache redirect in the site's own domain would work:

.htaccess:
Redirect /mail mailto:[email protected]
<a
href="http://example.com/mail" style="text-decoration: none;">(Text-logo of email)</a>
'

It would not surprise me, however, if harvesters can extract the address from that.

A problem I have with most email address obfuscators is that they disable some operations that I frequently use. For example, right-clicking a mailto link and selecting "Copy email address" to save it to clipboard, instead of clicking it, loading my email client, and extracting it from there. Partly the point of a URI is to have machine-readability so that tasks like these can be done.

I would more readily invest effort in honing my spam filters than obfuscating my mail links. Wink

They have: 2 posts

Joined: Oct 2006

Abhishek Reddy;208776 wrote: .. right-clicking a mailto link and selecting "Copy email address" to save it to clipboard, instead of clicking it, loading my email client, and extracting it from there.

I think that should still work in Firefox with the XBL method in #1. If you're "extracting it" from the email client to use in gmail or another webmail service there is an extension also for Firefox that opens mailto: links in webmail - https://addons.mozilla.org/firefox/206/

Abhishek Reddy;208776 wrote: Partly the point of a URI is to have machine-readability so that tasks like these can be done.

It's a shame this point has been exploited by automated email harvestors, leaving us with the job of filtering the spam after the fact.
I simply prefer the "prevention is better than a cure" approach, which is why I went for the most transparent method of obfuscation I could find. The CSS trick at least is visible in all browsers. I can always put a form on the same page.. which probably needs captchas these days to prevent direct spam - another example of bad accessibility being the only alternative to spam filtering Sad

Abhishek Reddy's picture

He has: 3,348 posts

Joined: Jul 2001

I mainly use Konqueror (KHTML engine) these days. Neither the CSS nor XBL schemes work with it. That's the drawback with relying on non-standard features. Sad

It's also highly unlikely to work on any Links variant, Dillo, or wget, all of which I sometimes use. I'm concerned about this because an email address is a fundamentally important piece of information for humans -- not something that degrades gracefully. If, for instance, I'm operating on a remote computer, or a broken/incomplete operating system, these are the tools I'd use to fetch their address. (Been there on several occasions.) Smiling

I guess one can justify case-by-case priorities by volume of spam, target audience, and so on. I agree that there is usually a troublesome tradeoff. Yet, while training your spam filters would take more time and effort, it's often better for you (say, as a company) to do that, than for your visitors (say, customers) to encounter difficulties. But yes, sometimes that's just not viable. Smiling

It's a good thing you pointed out that Firefox extension too. To some extent, client technology should improve like this to accommodate abuse-preventing measures. I think this will happen in the future, so I tend to reluctantly accept some un-accessible techniques as a stopgap solution.

By the same token, bots may improve to circumvent them... sigh. Sad

Welcome to TWF, by the way. An interesting first thread. Smiling

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.