You are the webmaster of a website and you need to store the email address of several members/subscribers of your site. These addresses are available in their profile (e.g forum, blog etc ....). However, nowadays there are may harmful bots that have been developed to analyze web pages and extract email addresses from them. These bots can then go to the page containing the list of members of a forum and collect all email addresses.
- How to protect these the email address of your subscribers/member then?
- Unfortunately there is no miracle solution. But we can at least limit the damage with a few tweaks.
Limit access to members profiles
Restrict access to the profiles of your members. Anonymous visitors won't have access to these profiles.
- Advantages: If a bot simply browse sites at random without a particular aim, this method will work. Simple bot won't be able to authenticate on your websites.
- Disadvantages: Advanced bots may try to create an account on the site for more privileges. For subsctiption on your site, do not hesitate to make use of CAPTCHA (images containing text). The ordering of the letters in the image must be complex but however you must also consider an alternative for the visually impaired users (an audio validation system).
Make use of image files
When a bots search for email addresses on a websites, in most cases it will analyze the data in the text format. If you put the text in an image, then the information will be overlooked by simple bots. This is a simple method that be used to limit the damage. You can make use of a function that will display the email addresses as images in the members profiles, you will limit already a little more damage.
- Advantages: Simple bots won't be able to recover information from the image files.
- Disadvantage: An image takes longer to load than text and legit users will not be able to copy and paste an email address. Sophisticated bots may have OCR function.
Make use of applets
You can make use of applets, small programs that run on the browser to display an email address. Examples: Flash and Java.
- The effectiveness of these methods will depend on how complex the applets are.
Using an internal messaging system
The implementation of a private messaging function on the site (using PhpBB ) will allow users to communicate among themselves without revealing their email address.....).
- Advantages: In this situation the address remains hidden.
- Disadvantages: The implementation of such a system requires some technical knowledge and the trust of your subscribers.
Using a script
For the algorithm, you can do as you like, provided it is a minimum complex.
Example to display "email@example.com"
- Advantage: A simple bot won't be able to retrieve the email address.
Give the choice to the users
During registration on your website or after registration, your users must be able to choose if they are willing to publicly disclose their personal information or not. If so, they must decide what personal information they are willing to reveal.
There are no fail proof method to hide email addresses from bots, but you can make access to these information more difficult, by implementing the above methods.
This document, titled « Webmaster - Protect email addresses against bots », is available under the Creative Commons
license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM