techblog

Using character data to mask email addresses

(2 votes, average: 3 out of 5)

Loading ...

Posted by jay on Nov 26th, 2006

Thanks to Mark Baker who showed me this little trick.

Whenever you display and email address in a web page there is a good chance a spambot will harvest that address and add it to a database. This technique allows you to publish email addresses in a way that browsers and email programs correctly understand but very few spambots do.

The way it works is to write out the email address using HTML character data - i.e. each letter is written like &#number; . So the email address jay@nominet.org.uk gets written in HTML as follows (line breaks added for clarity)

<a href=”mailto:jay@n
ominet
.org.u
k”>jay@n
ominet
.org.u
k</a>

which ends up looking like this:

jay@nominet.org.uk

Can you tell the difference?

Some of you may be thinking that this trick will be quickly discovered by spambot authors. However I think that spambots are generally only after the quick pickings and unless this trick becomes very popular it is not going to appear on their radar.

Web , Anti-Spam

Highest Rated

Recent .uk phishing activity (8 votes)
VoIP and Emergency Calls - Where is the Caller? (7 votes)
IPv4 Heat Maps (5 votes)
UNBOUND released ! (3 votes)
Spotting 'invisible' null pointer dereferences with Coverity Prevent (3 votes)
Adding charts to Spring web applications with JFreeChart (2 votes)
Anoto pens, Moleskine notebooks and OSX (2 votes)
Loss of .uk nameserver (2 votes)
Implement IronPort servers for anti-spam (1 votes)
SJPhone settings for SIP (1 votes)

Using character data to mask email addresses

Leave a Comment

Recent Posts

Highest Rated

Categories

Archives

Blogroll

Nominet

Meta: