We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Javascript email address encoding ineffective?

March 17, 2009 7:03pm

Subscribe [2]

  • #1 / Mar 17, 2009 7:03pm

    designstation

    48 posts

    Hi there,

    One of my clients has been pestered by someone who’s saying that the javascript encoding used by ExpressionEngine to disguise email addresses from spam harvesters is ineffective. According to him, it would only take a few minutes to harvest all of the email addresses encoded on the site.

    Now, I know javascript will only get you so far and the only way to secure your email address would be to never put it online at all (and never use it to email anyone!), but my understanding has been that javascript of the sort used by ExpressionEngine is enough as harvesters aren’t sophisticated enough to decode javascript—that it would consume too much bandwidth and processing power to decode every scrap of javascript they come across.

    So who’s right? Does he have a point? What can I tell my client to put their mind at ease?

    Thanks,

    Christopher

  • #2 / Mar 17, 2009 8:02pm

    silenz

    1651 posts

    but my understanding has been that javascript of the sort used by ExpressionEngine is enough as harvesters aren’t sophisticated enough to decode javascript—that it would consume too much bandwidth and processing power to decode every scrap of javascript they come across.

    They could of course decode it and I don’t think the processing power or bandwidth would pose a problem.

    I think the main point is whether they care to try it. When there is an abundance of unencoded addresses floating around in the web, is it really worth the programming effort to decode any little proprietary mechanism that there may exist?

    Take captchas. It’s a pure cost-benefit analysis. Is it really worth writing a software that breaks EE’s captchas? They are not really difficult after all. But what do you gain? Probably not much except a few more blogs to fill with comment spam. I don’t think anyone took a stab at it.

    They broke Yahoo, Gmail, Hotmail beacuse it’s lucrative to get free email accounts, the broke phpbb because there way more of those forums around to fill with spam than EE sites.

    I think the fact that it is encoded at all protects it from the vast majority of all harvesters because they simply don’t care. If the encoding mechanism is EllisLabs own creation and nothing common that is found in many other sites (which I don’t know) I would bet noone ever tried at all.

  • #3 / Mar 18, 2009 2:20pm

    designstation

    48 posts

    Hi silenz,

    Thanks for your thoughts! I think you make some good arguments.

    Christopher

  • #4 / Mar 18, 2009 5:23pm

    ak4mc

    429 posts

    I use the javascript encoding for e-mail addresses, and CAPTCHA along with several other means to thwart spammers. These days the only spam attempts I get anymore are warm bodies with nothing better to do than make clumsy attempts to register on my site. And since I put the actual registration form behind a boilerplate page after the “Register” link on the live site, even those have all but disappeared.

    I suppose they might be willing to go to the trouble while they’re at it to try to collect encoded e-mail addresses by hand, but as Silenz says, the payoff from my site would be effectively nil for the time invested. These poor saps submit a registration request, if they get that far, and move on.

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register