Home -> Net Tips -> Fighting the Spammers

Fighting the Spammers

One of the major problems of running a public website is dealing with unsolicited bulk email, or "spam". I prefer to make my email address available freely, so it is easy to get in touch. Unfortunately, this leaves it open to spammers, the people who send the unsolicited email.

The people and companies who send bulk email are under the misguided impression that it will produce results - in reality, it produces a nasty backlash. If you're thinking of sending spam, don't. In the rest of this article I'll cover my pet hates regarding spam, followed by the methods now being employed on this website to fight the spammers.

Pet Hates

Spam only relevant to the United States being sent to my .co.uk address (I didn't say spammers were very clever...).
Spam with "this is not spam, it complies with federal law" in it. Yes, it is spam. And I don't care about federal law, US congress or anything else in the US. Federal law does not apply to my .co.uk domain.
Spam selling email addresses to send spam to.
Christine Hall (who may or may not be a real person - if you've had an encounter with this name, you'll understand).

Defence Against Spam

Early Prevention

When examining spam defence, my first priority was to stop spammers getting hold of my address in the first place. Some already have it, but they can be dealt with separately. The easiest way would be to remove every email address from the website and have a contact form instead. I hate contact forms and prefer being able to click a link and send an email from my mail client, so that wasn't really an acceptable option. Any solution needed to fulfil the following requirements:

No email addresses should appear in an identifiable form (a form which an automated email-harvester could read)
Standard clickable email links must remain available for as many visitors as possible

The solution is fairly simple - for those browsers with JavaScript support, a simple script re-builds the email address when a link is clicked. Those browsers without JavaScript support simply get directed to a page where the email address is displayed on screen, but with additional "junk" HTML in between to disguise it. Since most visitors use Internet Explorer, clicking the link is generally all that is required.

The code below rebuilds a mailto: link from the username and domain:


//---------------------------------------------------------------
// Anti-spam JavaScript function
// You may reproduce this script, but please include this message
//---------------------------------------------------------------
// Copyright (C) 2002, Ashley Brown. http://www.ashleybrown.co.uk/
//---------------------------------------------------------------
function despammail(strUser, strDomain)
{
	document.location = "mailto:" + strUser + "@" + strDomain;
}

Within the HTML code, the email links look like the following:

<a href="/antispam.asp" onclick="despammail('webmaster', 'ashleybrown.co.uk');return false;" class="copyright">