Hiding email field value from spammers on web?

[dannyg]

Hi,

I am using FMP5.5 on OSX Jaguar. I have a small database for a local orginization that I am publishing on the web. Ihave a form set up to allow members to add thier information to a Member List. The information includes thier email address. I am trying to figure out if there is a way to hide the address from spammers yet make it available to other members. I am not including the mailto: tag Any Ideas. I did search many times but was un successful. Thanks in advance.

I am using web companion and cdml.

Dan

[Ender]

I'm not sure how smart the bots are nowadays, but encoding email addresses in javascript used to work. The javascript looks something like this:

<SCRIPT LANGUAGE=Javascript><!--//

	domain = "mydomain.com";

	webmail = "johnsmith";

	document.write('Email me at: <A HREF="mailto:'+webmail+'@'+domain+'">'+webmail+'@'+domain+'</A>.');

							

	//--></SCRIPT>

Since the bots look at the html, not the rendered page, they don't see the full address on the finished page. But like I said, I don't know if this fools them all (though it works well for me.)

Note that web browsers with javascript turned off will not see the result.

I don't know CDML well enough to give details of building this into your solution.

[Barbecue]

Unfortunately, javascript-based obfuscation techniques are not as useful as they once were. Not only are the 'bots getting smarter about reading source code, but there are now 'bots that can actually execute javascript while downloading.

The best solution really depends on what you're trying to achieve. If your list is basically just for the members to be able to find one another, require some sort of authentication from users. That will eliminate any chance of spambots or other robots getting the addresses.

On the other hand, if your goal is to publicize the emails for all people everywhere to see and you just want to foil the spammers, that's a lot tougher.

One thing you could do is require humans to submit some sort of simple form before presenting the list, and make it impossible to get to the list through any other means. Most robots won't submit forms unless they're the simplest "I agree" or "I Accept" things.

[dannyg]

I don;t think the java script would work because I am pullling the email with a [FMP-Field] tag using CDML and the variables would be different for each record.

Would requiring a password with the Web Security db work. So when someone would click on the link they would be required to enter the password before viewing? If so could I put the username and password on the page as an image so it would be easy to view and see the password but not be picked up by bots?

dan

[Garry Claridge]

You may be able to use a Calculated field which splits the email address into "User" and "Domain". Then present it as two entities on the page. For example:

<tr><td>User</td><td>Domain</td></tr>

[FMP-Record]

<tr><td>[FMP-Field: user]</td><td>[FMP-Field: domain]</td></tr>

[FMP-Record]

Good Luck.

Garry

[Barbecue]

If so could I put the username and password on the page as an image so it would be easy to view and see the password but not be picked up by bots?

That would probably weed out most 'bots. You'd probably want to use an unusual font, though, because amazingly enough, there are actually harvestbots out there that retrieve graphics and do optical character recognition on them looking for email addresses.

Another option is to ask the user to supply some piece of information that you can verify in your database, such as their own email address. If the address they supply is in your database, they get to see the rest of the list. If it isn't, they get a nice page telling them about the benefits of joining your fine organization.

[dannyg]

Barbecue,

That sounds like what I am looking for. Could you give me some direction on how I would do this. Obviously the user would enter the info in a field, and I am guessing it would be a calculation of some sort. Any info to get me started is apreciated.

Dan

[Barbecue]

One way to do this would be to create a global field for the user to enter their email address in, create a relationship between the global field and the actual email address field, and hanve a calculation that returns one of two different links depending on the value of IsEmpty(SomeRelatedField). That should be pretty easy. I'm sure there are probably better ways as well.

[Unable]

Regardomg the global, you had best test that with a few users trying it at once. What happens if one user sets the global during a period of heavy use? Can another user submit a near-simultaneous request and change the global? That is the biggest issue with globals on the web from previous posts here.

[Steve T.]

Howdy! If you check your web logs you may see friendly-bots checking to see if you have a robots.txt file. Since we're talking about unfriendlies, though, there are many different solutions to foil bots/spiders but most rely on tricks that bot-makers can incorporate into their next versions. I've wanted to share my solution but the problem is that if it becomes well-known, then it will no longer work well over time.

A while back when I was reseraching some of this, I read an article about how Apache web servers can be configured to trap/block spiders and bots from crawling your site, but it required more tech savy-ness than I had at the time... The site/article also showed many people's low-tech solutions (graphic @, space characters, username at domain dot com, interjecting code as Garry mentions, [email protected], etc.) as well as the JS solutions, but whatever you come up with, try to make it hard to program around. I stopped legitimately using the mailto: a long time ago and no longer publish straight [email protected] addresses anymore.

--ST