A normal practice for us would be character encoding email addresses if there is a specific reason post an email address on a website when a form won't suffice.
However TinyMCE is a bit too clever and coverts the encoding back into its correct symbols!
How are other people protecting email addresses in Umbraco? It would be pretty handy if out of the box Umbraco offered some kind of protection of email addresses, as editors are sometimes going to place email addresses into body without relalising the potential hazards.
We've pretty much given up on encoding email addresses, as it's never been proven to effectively reduce spam. If it can be read/deciphered by code then spammers can surely harvest the addresses? Other techniques such as using images bring usability downsides that outwight any anti-spam benefits and most techniques have been around for years so spammers have had plenty of chances to catch up. Here's a recent question from stackoverflow -> http://stackoverflow.com/questions/563571/does-html-encoding-a-mailto-tag-stop-spammers.
The answer seems to always be "it may reduce it, for now...". With this in mind it has to be asked if the effort taken to encode addresses is worth the payoff for "reduced" spam. If even one or two spambots can get your address, sooner or later more will.
We always tell our clients to expect spam, and to invest in a good spam filter. This is the only surefire way as far as I can see it, as you must expect that any email address you put online will be harvested eventually.
I've used SafeMailLink (HttpModule) for a few of my clients. It's easy to install/set-up, (it's a HttpModule in the Web.config), and will convert all mailto links to JavaScript encoded versions. (Using a regular expression on the Response.OutputStream).
Like Dan says, its difficult to know how effective these anti-spam encodings are ... but if its peace of mind for your clients, then so be it!
I have just tried it for the first time on a v4.5 site and it appears to work OK. As per Matt's comment above (almost), you need to add the following -
Email Address Protection
Hello,
A normal practice for us would be character encoding email addresses if there is a specific reason post an email address on a website when a form won't suffice.
However TinyMCE is a bit too clever and coverts the encoding back into its correct symbols!
How are other people protecting email addresses in Umbraco? It would be pretty handy if out of the box Umbraco offered some kind of protection of email addresses, as editors are sometimes going to place email addresses into body without relalising the potential hazards.
Your thoughts would be greatly appreciated,
Laurie
We've pretty much given up on encoding email addresses, as it's never been proven to effectively reduce spam. If it can be read/deciphered by code then spammers can surely harvest the addresses? Other techniques such as using images bring usability downsides that outwight any anti-spam benefits and most techniques have been around for years so spammers have had plenty of chances to catch up. Here's a recent question from stackoverflow -> http://stackoverflow.com/questions/563571/does-html-encoding-a-mailto-tag-stop-spammers.
The answer seems to always be "it may reduce it, for now...". With this in mind it has to be asked if the effort taken to encode addresses is worth the payoff for "reduced" spam. If even one or two spambots can get your address, sooner or later more will.
We always tell our clients to expect spam, and to invest in a good spam filter. This is the only surefire way as far as I can see it, as you must expect that any email address you put online will be harvested eventually.
Dan
Hi Laurence,
I've used SafeMailLink (HttpModule) for a few of my clients. It's easy to install/set-up, (it's a HttpModule in the Web.config), and will convert all mailto links to JavaScript encoded versions. (Using a regular expression on the Response.OutputStream).
Like Dan says, its difficult to know how effective these anti-spam encodings are ... but if its peace of mind for your clients, then so be it!
Good luck, Lee.
Hi Lee, I don't suppose you have an updated link for the above resource? Thanks! Laurie
Hi Laurence,
Morten has a version of the code on his blog.
http://www.mortenbock.dk/blog/2007/06/18/protect-e-mail-links-in-umbraco-v3.aspx
If that doesn't work, just google around for "SafeMailLink" - if you can't find anything, let me know - I'll dig out my code.
Cheers, Lee.
Hmm, doesn't seem to be doing anything nor throwing any errors! Hmm.
Hey Laurence
Are you using 4.5? You may want to add a handler to the configuration/system.webServer/handler section of your web.config aswell.
Matt
Laurance,
If you need the source for safelink you can get it from here http://www.box.net/shared/4094fatkt3
I have a version of SafeMailLink available here http://www.gordonsaxby.me.uk/umbraco-stuff.aspx (sorry about the state of that website!!)
I have just tried it for the first time on a v4.5 site and it appears to work OK. As per Matt's comment above (almost), you need to add the following -
and
to the configuration / system.webServer / modules section of the web.config.
As as been said above, this is in no way a guard against getting spam but it may help.
is working on a reply...