Click here to Skip to main content
6,305,776 members and growing! (17,966 online)
Email Password   helpLost your password?
Web Development » ASP.NET » General     Intermediate

Avoiding spam-bots

By Ralph Arvesen

Prevent spam-bots from harvesting email addresses in web pages. 		C#, VB, Javascript, HTML, Windows, .NET, ASP.NET, Visual Studio, Dev
Posted:25 Aug 2004
Updated:31 Aug 2004
Views:73,117
Bookmarked:69 times
Announcements
Comp Monthly Competition
Loading...
Articles
Desktop Development
Web Development
Enterprise Systems
Multimedia
Database
Platforms, Frameworks & Libraries
Languages
General Programming
Graphics / Design
Development Lifecycle
General Reading
Third Party Products
Services
Product Catalog
Code-signing Certificates
Job Board
CodeProject VS2008 Addin
Feature Zones
Product Showcase
WhitePapers / Webcasts
IBM DeveloperWorks
ASP.NET Web Hosting
 
Search    
Advanced Search
printPrint   Broken Article?Report       add Share
  Discuss Discuss   Recommend Article Email
32 votes for this article.
Popularity: 6.74 Rating: 4.48 out of 5
1 vote, 3.1%
1		 2 votes, 6.3%
2		 1 vote, 3.1%
3		 5 votes, 15.6%
4		 23 votes, 71.9%
5

Introduction

Spam-bots scan the web and harvest email addresses from web pages, news groups, and other sources. This article shows you a simple technique you can use in web pages to avoid spam-bots. The idea is used in the FotoVision sample I created, but I thought it would be useful to discuss this particular piece outside of the FotoVision sample. The idea is pretty simple; instead of storing the real email address in the HTML, an encoded version of the address is stored and decoded on the client when necessary.

Step 1. Encode the email address

First, the email address needs to be encoded. The encoded string can be pre-calculated or dynamically calculated on the server. The following function uses the BitConverter class to encode the email address derf@example.com to the string 64657266406578616D706C652E636F6D.

// C#

string EncodeEmailAddress(string email)
{
  return BitConverter.ToString(
    ASCIIEncoding.ASCII.GetBytes(email)).Replace("-", "");
}
' VB.NET

Function EncodeEmailAddress(ByVal email As String) As String
  Return BitConverter.ToString( _
    ASCIIEncoding.ASCII.GetBytes(email)).Replace("-", "")
End Function

Step 2. Use the encoded email in the HTML

Instead of using the real email address in the HTML link, use the encoded value. For example:

<a href="javascript:sendEmail('64657266406578616D706C652E636F6D')">Email Derf</a>

I considered using HTML encoding for the email address, but I think spam-bots would be more likely to process the value and using a custom encoding algorithm is a better solution.

Step 3. Decode the email address on the client

The client-side function sendEmail is called on the client; this function decodes the email address and displays the email application. The sendEmail function contains the following:

// open the client email with the specified address

function sendEmail(encodedEmail)
{
  // do the mailto: link

  location.href = "mailto:" + decodeEmail(encodedEmail);
}

// return the decoded email address

function decodeEmail(encodedEmail)
{
  // holds the decoded email address

  var email = "";

  // go through and decode the email address

  for (i=0; i < encodedEmail.length;)
  {
    // holds each letter (2 digits)

    var letter = "";
    letter = encodedEmail.charAt(i) + encodedEmail.charAt(i+1)

    // build the real email address

    email += String.fromCharCode(parseInt(letter,16));
    i += 2;
  }
  
  return email;
}

That's it, now derf@example.com will not be picked up by spam-bots since the text never appears in the HTML, but the email link still works like expected (the email program is displayed with the correct address when clicked).

Step 4. Optionally, update the status area

You can extend the link by handling the mouseover and mouseout events to display the email address in the status area. The updated HTML link looks like the following:

<a href="javascript:sendEmail('64657266406578616D706C652E636F6D')" 
  onmouseover="javascript:displayStatus('64657266406578616D706C652E636F6D'); 
  return true;" onmouseout="javascript:clearStatus(); return true;">
  Email Derf</a>

And two functions are added to the client-side script:

// display the email address in the statusbar

function displayStatus(encodedEmail)
{
  window.status = "mailto:" + decodeEmail(encodedEmail);
}

// clear the statusbar message

function clearStatus()
{
  window.status = "";
}

Now, the real email address is displayed in the status area when the mouse is moved over the link.

Sample code and encoding web page

There are two files in the sample code. The file email.js contains the client-side script functions that you can include in your HTML pages. The file test.html is a sample HTML page that uses the email.js file.

The encoded email address can be dynamically calculated on the server, but that's not necessary, you can also pre-calculate the encoded email and use that value in the HTML. I created an encoding web page that encodes an email address that you can paste into your HTML code. If your site contains a lot of email links, it would be easy to create a control that takes in an email address and emits HTML that contains the encoded link.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Ralph Arvesen


Member 		Ralph Arvesen is a software engineer for Vertigo Software and has worked on desktop, web and Pocket PC applications using .NET and C++. Before Vertigo, he designed hardware and firmware for optical inspection systems and has been developing software for the Microsoft platform since Windows 2.0. He co-authored several books and worked as technical editor on others. Ralph lives in the Texas Hill Country west of Austin; his personal site is located at www.lostsprings.com.
Occupation: Web Developer
Location: United States United States

Other popular ASP.NET articles:
Article Top
You must Sign In to use this message board.
FAQ FAQ 
 
Noise Tolerance  Layout  Per page   
 Msgs 1 to 18 of 18 (Total in Forum: 18) (Refresh)FirstPrevNext
GeneralGood PinmemberStefano Castelvetri23:19 20 Jan '07  
QuestionRedirecting the response? Pinmember1.21gigawatts4:42 15 Dec '05  
GeneralLooks good PinmemberMark Focas12:20 9 Sep '04  
GeneralNice Idea, but not very efficient... PinmemberThomas Schittli13:39 31 Aug '04  
GeneralRe: Nice Idea, but not very efficient... PinmemberMichael J. Collins5:07 1 Sep '04  
GeneralRe: Nice Idea, but not very efficient... PinmemberThomas Schittli7:04 1 Sep '04  
GeneralRe: Nice Idea, but not very efficient... PinmemberPaul A. Howes1:36 2 Sep '04  
GeneralEmail Spoofer .NET Pinmemberschoolcraftj7:27 31 Aug '04  
GeneralAssuming Javascript is an issue PinmemberMartin Bonner23:59 30 Aug '04  
GeneralThanks so much! Pinmembergaryjoh5012:26 30 Aug '04  
GeneralOpens new page or blank page PinsussAnonymous6:09 27 Aug '04  
GeneralRe: Opens new page or blank page PinmemberRalph Arvesen6:36 27 Aug '04  
GeneralUse in forms? PinmemberGarkin16:49 26 Aug '04  
GeneralRe: Use in forms? PinmemberRalph Arvesen10:48 27 Aug '04  
GeneralRe: Use in forms? Pinmembersander.vandriel2:14 3 Sep '04  
GeneralViewing local test.html file with XP SP2 PinmemberRalph Arvesen5:16 26 Aug '04  
GeneralNice! PinmemberRavi Bhavnani1:49 26 Aug '04  
GeneralCool :) PinmemberWillemM23:32 25 Aug '04  
Last Visit: 16:55 9 Jul '09     Last Update: 16:55 9 Jul '09 1

General General    News News    Question Question    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

PermaLink | Privacy | Terms of Use
Last Updated: 31 Aug 2004
Editor: Nishant Sivakumar
 Copyright 2004 by Ralph Arvesen
Everything else Copyright © CodeProject, 1999-2009
Web20 | Advertise on the Code Project