I
I
Ilya2019-04-29 09:20:54
Email
Ilya, 2019-04-29 09:20:54

How do you protect mail on the site from spam bots in 2019?

The usual site-page-landing of one local company.
1) By "mail" I mean an explicit e-mail address - text. So that a real visitor can see it with his eyes, remember it and enter it with his hands somewhere in his mailer. Or click on this mailto link.
The long-known methods of hiding mail - pictures, scripts, all sorts of replacing @ with "dog", "bun", etc., as far as I understand, are more or less successfully managed by modern bots - up to screenshotting a real page render from a headless browser with further text recognition.
Or are there methods? Anything in PHP - with processing on the server?
2) Well, the site has a standard feedback form. It usually comes down to installing a captcha. From the same Google. But I heard that it is bypassed. Wouldn't it be better to install some kind of captcha or "secret question" of your own unique type with ReCaptcha?
3) And in general, h tz. modern trends or just logic can leave only the form, and remove the explicit postal address from the page?

Answer the question

In order to leave comments, you need to log in

5 answer(s)
L
Lynn "Coffee Man", 2019-04-29
@Lynn

Normal mail service with normal spam protection.

U
Urvin, 2019-04-29
@Urvin

2) Well, the site has a standard feedback form. It usually comes down to installing a captcha. From the same Google. But I heard that it is bypassed. Wouldn't it be better to install some kind of captcha or "secret question" of your own unique type with ReCaptcha?

Not better. To solve the usual captcha in the corresponding services costs 30 rubles, recaptcha - 50-160.
Invest in a spam filter better. An ordinary client of one local firm will not say "thank you" to you for the difficulties provided, but will spit and use the services of a neighboring one.

M
Moses Fender, 2019-04-29
@mosesfender

Do not use soap - the simplest solution to the problem.
Well, yoksel-moksel, what can you think of from spammers, besides fighting their spam? It is impossible to forbid the cops to look at your documents? Same here.

Y
Yakov, 2019-05-09
@yakovmanshin

I have seen postal address obfuscators (for example, here ). They replace part of the characters in the address with the codes of these characters. There are no visual differences, including if you insert such an address into a mailto link. Email programs that open when you click on a link also work correctly. But bots that search for email addresses using regex should stumble over such a mess of characters [sort of].
I put such a link to the site, but I find it difficult to evaluate the effectiveness of protection (in any case, I have not encountered spam streams).
Example:
[email protected] after obfuscation becomes

john.doe@example.com
,
but it looks like [email protected] (I've pasted the same characters here, but without the code tag).

I
Ilya, 2019-05-10
@rexen

Thanks for answers. I myself have been "smoking" articles on anti-spam for several days. Generally speaking, there is no "holy grail". The first rule of security also works here - 100% protection does not exist - there is only protection that makes hacking economically unprofitable.
Modern bots understand html5, css3, js, are indistinguishable from a browser by cookies and http_referer, use behavioral surfing models, a proxy pool, a script recorder, an editor, a player ... and another bald thing in the form of Indians who solve captcha pictures for $ 0.001 .
This was written about above.
In my opinion, the most effective way out in this situation is to use the specificity of the protected site. For example, on a Russian-language bicycle resource, you can ask human questions on the topic - not just "how much will be 2 + 3", but "write one of the two top bicycle transmission manufacturers" - and already on the backend in PHP compare the answer. "Indians" not only do they not know Russian (and the "laborers" who own it are more expensive), they will not google the answer.
Time is money. Ask a question in "Aesopian language" - a real visitor will not be sorry to spend ten seconds solving it, and a "Hindu-half-bot" will spit and go to waste time on other sites - even a tired Google recaptcha with traffic lights loads the brain less.
As for hiding the mail address - I see reputable offices do not take a steam bath at all - they write in the most open form - they probably transfer the front of the fight against spam to the backend. Although those who wish can apply the same Aesopian language here - write "ivanpetrov on a rambler" - a person will understand, and an ordinary bot scanner will fly by.
Again, this has already been written about.
Well, it’s also easy to google about protecting forms - hidden fields, timings, etc.
And one more thought - come up with non-standard names of boxes. I believe that [email protected], [email protected], [email protected] and similar obvious names are sorted out by bots on any site.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question