123Webmaster.com : Onsite : Privacy and Legal
Prevent Email Harvesting

by Jason M. DesRoches

Unsolicited email (Spam), we all get it, and we all hate it. Where does it come from? How do these people find us? Well, if you are a webmaster (which you most likely are if you are reading this) it could be that your contact page, or any place on your website that contained your email address, was spidered by a malicious bot, with intentions of harvesting, using, and selling your email address to countless clients.

At this point you may be thinking "spidering bots? Malicious harvesting? Are you making this up? This sounds like it’s straight out of the Matrix." Well, while I did enjoy the flick, there is no movie magic behind these malicious bots. There are programs that exist only to capture the email address from your page. Once your address has been captured, it is stored in a database, and then distributed in a market that caters to this type of business all throughout the world. Pretty soon you begin to receive advertisements for little blue miracle pills, cable de-scrambling instructions, so-called "free" pagers, and even investment opportunities for bogus stocks. And what’s worse, you don’t just get one copy of the email, but several, and to all of the email addresses that were posted on your contact page. Well, at least there is a way to Opt-Out of this nonsense, you say to yourself as you click the "unsubscribe link", but what’s this? The unsubscribe link doesn’t work, and in the off chance that it does work, it is not an unsubscribe link at all, but just a method of checking if the email was sent to a "live address".

Curse you! You shout in frustration, and reply to the email with all sorts of nasty words, only to receive a bounce moments later. “Curse you all! I know what to do”, you think to yourself, “I’ll just block the sender, and then no more junk from these people can get through”. A fine idea, fine indeed, unfortunately the sender will more than likely never use the same email address more than once if it is indeed bon-e-fide Spam. So what else can you do to nail these jerks? Well, you can always use a free reporting service such as http://www.spamcop.net to send an email to the host or ISP of the sender, and kindly inform them that they have a user that is committing a TOS violation, and a crime with penalties ranging from a per user fine, to felony prison time. This will surely evoke a response, and pretty soon… congratulations, you’ve successfully gotten the attention of the low life’s ISP, and his account has been terminated. Unfortunately though, the fiend has a copy of his harvested email list stored elsewhere on the Internet, and did not plan on using the same host to send his next mailing. Drat!

So what can you do? How can you stop the nonsense of ever growing harvesting and increasing daily Spam to your business account? Well, as in medicine, the best cure is prevention, and to prevent this atrocity, you must first understand what is happening, and how these spider-bots work. When one of these spiders reaches your page, it searches through your source code for something that looks like an email address, such as your@email.com, or possibly for the content inside of a “mailto” tag. As soon as it finds this information, it grabs it, and stores it for keeps.

Ah-Ha! So that’s how they do it! And it can be fought without any disruption to your visitors that wish to send you legitimate email by applying a simple JavaScript. Please pay close attention to the script posted below:

<script language="Javascript">
//this simple script by a1javascripts.com
//please leave credit and instructions intact
//simply enter your emailname and emailserver below
//and copy and paste to entire script where you want it to show.
emailname = "webmaster"
emailserver = "your-domain.com"
//change the font face, color and size below
document.write("<font face='Arial,Helvetica' size=-1>");
document.write("<a href='mailto:" + emailname + "@" + emailserver + "'>");
document.write("<font color='ff0000'>");
document.write(emailname + "@" + emailserver);

When this script is correctly inserted in place of your standard email link, it will ward off even the cleverest of spider-bots, and prevent the harvesting of your email address, thus saving you from dozens, hundreds, or even thousands of unsolicited emails. So what should you do about the Spammers that already have your email address stored? Well, first off it might not all be Spam. It is more than likely that you could have inadvertently subscribed for many mailings without even realizing it, in which case, the unsubscribe link will work successfully. However, for the rest of mailings that are truly Spam, it’s always worth a shot to try out some of the methods for blocking addresses, and reporting Spammers discussed earlier in this article. I also suggest checking out http://www.spamcop.com (not to be confused with the reporting service at spamcop.net) for other ideas on keeping your inbox clear of clutter.

Discussion - Security, Privacy & Legality