Safe way to list e-mail address on webpage

  • Thread starter cepheid
  • Start date
  • Tags
    List
In summary, if you append your e-mail address to a HTML title ("E-mail: <span title="append @domain"> username</span>"), the address will be displayed on the page and in the message "append @domain" when the user moves the mouse pointer over the username. This is a spam impervious way to present the address online, but can be circumvented by a phishing bot by simply reading the page source code. There are several better ways to protect your e-mail address.
  • #1
cepheid
Staff Emeritus
Science Advisor
Gold Member
5,199
38
If I do something like this in HTML:

Code: 
E-mail: <span title="append @domain"> username</span>

the effect is to present the text

E-mail: username

on the web page and the message "append @domain" will appear when the user moves the mouse pointer over the username. Is this a safe (spam impervious) way to present my e-mail address online?

Also: can you think of a better way?
 
Computer science news on Phys.org
  • #2
cepheid said:
If I do something like this in HTML:

Code: 
E-mail: <span title="append @domain"> username</span>

the effect is to present the text

E-mail: username

on the web page and the message "append @domain" will appear when the user moves the mouse pointer over the username. Is this a safe (spam impervious) way to present my e-mail address online?

Also: can you think of a better way?

Assuming the address (your @domain part) is held in the HTML code of the page it isn't difficult to obtain by reading the page source code. So no, I don't think this is a particularly strong method of defence against phishing.

Your best bet would be having a link which retrieves it from somewhere (even if it's only simple PHP) and shows it in a message so it's never presented on the page itself and in its code. But they could even get around that that. So to improve that you need a 'captcha' system that requires the user enter a randomly generated pair of words before it retrieves it. That way it's very difficult for a computer to get it.
 
  • #3
Or, you could make a captcha-like picture that has your email in it. Or, write it in purty cursive on a piece of paper then take a picture of it and use that. Just about anything unfeasible for visual parsing would work. Then again, would a phishing bot even attempt to parse a picture? I doubt it. The resources consumed for visual parsing, as compared to just text parsing, is exponentially larger.
 
  • #4
TylerH said:
Or, you could make a captcha-like picture that has your email in it. Or, write it in purty cursive on a piece of paper then take a picture of it and use that. Just about anything unfeasible for visual parsing would work. Then again, would a phishing bot even attempt to parse a picture? I doubt it. The resources consumed for visual parsing, as compared to just text parsing, is exponentially larger.

Problem with that system is that it's not easy to update. Having it retrieved from a database or hidden source means you can quickly update through a "members access" or the like.

In general, I try to avoid using pictures to show users important info as it's not so easy to manage and quite bulky if not done correctly.

I believe you can get capture services to run off-site so you don't have to store all the images - but this brings it back to my original idea.
 
  • #5
jarednjames said:
Problem with that system is that it's not easy to update. Having it retrieved from a database or hidden source means you can quickly update through a "members access" or the like.

In general, I try to avoid using pictures to show users important info as it's not so easy to manage and quite bulky if not done correctly.

I believe you can get capture services to run off-site so you don't have to store all the images - but this brings it back to my original idea.

True. I was thinking small, even personal, scale.
 
  • #6
Thanks for the tips guys. This would just be for my personal academic web page on the web space that has been allocated to me on my university department's web server.

As it turns out, everyone in my department has his/her e-mail username listed in a table on the personnel page, with a note above the table saying "Email addresses are made by concatenating the 'email id' with [@domain]."

So, if what you are saying is true, and malicious software programs are able to perform this concatentation automatically, then I guess that thanks to the department webmaster, my e-mail address is already a target for "phishing" anyway.

EDIT: so you mean if I just upload a JPEG or PNG image of my e-mail address in typed text, it would be safe? Or it has to be all fancy and cursive to make it impervious to "visual parsing?"
 
  • #7
cepheid said:
So, if what you are saying is true, and malicious software programs are able to perform this concatentation automatically, then I guess that thanks to the department webmaster, my e-mail address is already a target for "phishing" anyway.

To target it, you'd have to write an algorithm to do just that. You'd need to know the page and write the code to work with the page. Relatively pointless on such a small scale, easier to do it by hand.

It's only if this technique is found in large scale would there be something looking for it, and even then it would be very difficult to determine the username part (every word on the page is a potential username).

So no, phishing isn't really a worry given the method used by your department/university. It generally looks for what it recognises as complete addresses.

I thought you meant that it would display your whole email address when the user clicks - which would mean storing it in the HTML, which is a problem.
 
  • #8
cepheid said:
EDIT: so you mean if I just upload a JPEG or PNG image of my e-mail address in typed text, it would be safe? Or it has to be all fancy and cursive to make it impervious to "visual parsing?"

They generally don't run text recognition, it just doesn't pay to. An image would mean nothing could grab it without taking the picture or running text based analysis.
 
  • #9
jarednjames said:
So no, phishing isn't really a worry given the method used by your department/university. It generally looks for what it recognises as complete addresses.

I thought you meant that it would display your whole email address when the user clicks - which would mean storing it in the HTML, which is a problem.

Ahh I see. No, my complete e-mail address does not appear anywhere in the source code for the webpage.

jarednjames said:
They generally don't run text recognition, it just doesn't pay to. An image would mean nothing could grab it without taking the picture or running text based analysis.

I tried this by making a text box in a drawing program with the same font, text colour and background colour as my page, and then exporting it as a PNG. Then I experimented with the width and height attributes in the <IMG> tag until it matched the surrounding text. It looks quite nice.

Thanks to both of you for the replies.
 
  • #10
reCAPTCHA has an email hiding service.
http://www.google.com/recaptcha/mailhide/

On my personal site I used a png file. The text isn't distorted at all, but I have it the format of:
"my email is at hotmail, and the name is PNG"

A note about the image route is that you should add alt text so that the blind can still get your email address. Since the alt text is readable by bots it must be somewhat obfuscated again.
 
Last edited by a moderator:
  • #11
DaleSwanson said:
reCAPTCHA has an email hiding service.
http://www.google.com/recaptcha/mailhide/

On my personal site I used a png file. The text isn't distorted at all, but I have it the format of:
"my email is at hotmail, and the name is PNG"

A note about the image route is that you should add alt text so that the blind can still get your email address. Since the alt text is readable by bots it must be somewhat obfuscated again.

Sorry for being slow, but I'm not sure I know what you mean by "alt text." Can you explain?
 
Last edited by a moderator:
  • #12
Alt text for the blind? Sounds like a comb for a bald man.

Normally for text based captcha images they have a sound file to read the word out.
 
  • #13
cepheid said:
I'm not sure I know what you mean by "alt text."

When you display an inline image in a Web page you can do it with an HTML tag that looks like this:

Code: 
<img src="myimage.jpg" alt="My Image">

If the person viewing the page is using a browser that can't display images (e.g. the Lynx browser for text-only terminals), or has set his browser to disable automatic display of images, he sees the text "My Image" instead of the image itself.

If you're using Firefox, go to Preferences, choose the Content tab, uncheck the "Load images automatically" box, and refresh your current page to see what the result looks like.
 
  • #14
As jtbell said alt text is as simple as adding alt="Alt Text" to your image tags. Blind users will hear that text read to them.

If you want one, a much more thorough explanation of alt text is here:
http://jimthatcher.com/webcourse2.htm"
 
Last edited by a moderator:

What is the safest way to list an e-mail address on a webpage?

The safest way to list an e-mail address on a webpage is by using an image instead of text. This prevents spam bots from harvesting the e-mail address and sending unsolicited emails.

How can I make sure my e-mail address is not visible to spam bots?

To make sure your e-mail address is not visible to spam bots, you can use a contact form or a JavaScript code to display the e-mail address. This prevents bots from reading the code and harvesting the e-mail address.

Is it safe to use a "mailto" link to display my e-mail address?

No, using a "mailto" link to display your e-mail address is not safe as it can be easily scanned by spam bots. It is recommended to use an image or a contact form instead.

Can I use a fake e-mail address to prevent spam?

Using a fake e-mail address is not recommended as it can lead to bounced emails and damage your credibility. It is better to use one of the safe methods mentioned above to display your e-mail address.

Are there any other ways to protect my e-mail address from spam?

Yes, you can also use a CAPTCHA or a password-protected page to prevent spam bots from accessing your e-mail address. Additionally, you can set up filters and rules to automatically delete spam emails from your inbox.

Similar threads

Receiving E-mails Not Addressed to Me
    • Computing and Technology
Replies
5
Views
1K
Send Bulk Email from .TXT File w/ Linux (Ubuntu 9.04)
    • Computing and Technology
Replies
8
Views
3K
Suggestion Managing E-mail User Names on PF
    • Feedback and Announcements
Replies
12
Views
3K
Didn't receive Confirmation E-mail
    • Feedback and Announcements
Replies
34
Views
7K
Is Google Scanning Your Emails Really a Privacy Concern?
    • Computing and Technology
Replies
8
Views
3K
Web Scraping Py Script Generates Error for Old Norse Chars
    • Programming and Computer Science
Replies
4
Views
1K
Anonimity: Time to take the internet back.
    • Computing and Technology
Replies
4
Views
3K
Online videos may be conduits for viruses
    • Computing and Technology
Replies
2
Views
4K
Physics Forums Privacy Policy
    • Feedback and Announcements
Replies
0
Views
94K
Writing Web-Browser Math and Physics Demos
    • Programming and Computer Science
Replies
4
Views
3K

Hot Threads

Recent Insights

Back
Top