resources

What

Email addresses are gathered using a number of techniques and sources by email harvesters. These email addresses can then be used for building email lists which may be sold, or used for a variety of spamming purposes.

Publishing email addresses on a website even if for legitimate reasons provides one source for email harvesters. Research on the most popular sources for emails for harvesting disagree on whether websites are still the major source or not (eg other sources include newsgroups, whois domain name registers, irc) although all agree a website is still a popular source.

Eliminating harvesting is probably impossible but there are a number of techniques each with their own pros and cons that help minimize the practice (see Roberts, A (2003) for one overview). Xarigami Sitecontact module offers a number of these anti-harvesting techniques.

If you are using Xarigami Core you will have the added benefit of the Sitecontact obfuscation function independent of Sitecontact in the Mail module, and as part of the dynamic data Email property. This article discusses:

1. Using Sitecontact forms
2. Using the obfuscation function in code and templates
3. Using the Dynamic Data Email property with inbuilt obfuscation in templates and from the Dynamic Data property modification page (only in Xarigami Core Xaraya).

1. Preventing email harvesting with Sitecontact Forms

One of the most popular ways of allowing website visitors to contact others or the webmaster, instead of using a published email address, is via web forms. The submitted web form data is then emailed on to the recipient via a script.

The Sitecontact module allows Xaraya users to create multiple and varied forms per site, as needed, quickly and easily without coding. These forms can be individually templated, and have various options for emailing submitted data to nominated recipients. Most importantly the forms are secured in a number of ways, can have additional Captcha or AntiBot options installed, and email addresses are never displayed or exposed via your website.

Instructions for creating and using a Sitecontact form can be found in the Sitecontact module itself, with support documentation on the Sitecontact Project home page.

2. Reducing harvesting with the Sitecontact obfuscation

This same function has also been added to Xarigami Core and can be used independent of Sitecontact, using Mail instead of Sitecontact as the module name.

To use the function you must specify the email address (email) and optionally, the text (text) used for the click-able email link, and whether you want an image icon to display (image).

You should always specify some text used for the email link. However, if you choose not to do so, the actual email address will be loosely obfuscated as eg me at domain dot com in the link. Better than nothing, but better to specify the text.

For code:

$myemail = xarModAPIFunc('sitecontact','user','obfuemail',
array('email'=>'me@somedomain.com',
'text'=>'Services and Support',
'image'=>true))

This will return an array consiting of:

$myemail['link'] full mailto: link with link text

Alternatively use the following variables to build your own link:

$myemail['text'] just the text portion

$myemai['encoded'] the encoded email portion

In your template:

<xar:set name="enquiryemail">xarModAPIFunc('sitecontact','user','obfuemail',
array('email'=>'talktous@xarigami.com',
'text'=>'Services and Support',
'image'=>true));
</xar:set> 

And then adding to your email link in your template:

#$enquiryemail.link#

And what will the output look like?

Without a specified text link we get complete obfuscation of the email address in the template, but only loose obfuscation of the actual text link made up of the munged email address.

If you specify the text link, and an image option, then you get fully obfuscated email address in the template, and no hint at all of the email address.

Oh, too much trouble?? Then look a little further ...

3. Reducing harvesting with a Dynamic Data Email Property

We can do this a lot simplier now using the the Dynamic Data Email property either directly in your template, or when you setup a Dynamic Data property in your itemtype or object (eg Articles, XarPages). The output display is similar to the options when using the function.

In your template:

Use the following tag where you want to obfuscate email. Some attributes are optional:

<xar:data-output type="email" format="encoded" image="true" value="me@somedomain.com" id="useremail" text="contact us" />

The tag itself and attribute values are never displayed in your template. The values passed to the tag are:

• value of the property, in this case the email address (value="me@somedomain.com")
• optional flag to obfuscate the email (format="encoded")
• optional flag to dipslay an email icon (image="true")
• optional text to display in the email link(text="contact us")

If there is no text provided for the email link, the email address itself will be used and loosely obfuscated on display as previously discussed. Best to supply the text if practical.

From the Dynamic Data modify property page:

When you setup a new Email dynamic data property and save it, you will have the option of going back and clicking on the Validation link to set up options. You may choose from any of the optional attributes used in the data output tag by checking the check-box for obfuscation of use of an image. You can also specify some text link as well eg Contact Email.

The screen shot displays the options available when the Email dynamic data property validation is edited.