RE: Hiding email addresses in an accessible way from Owen on 2003-08-18 (w3c-wai-ig@w3.org from July to September 2003)

From: Owen <owenrodda@optusnet.com.au>
Date: Tue, 19 Aug 2003 00:04:09 +1000
To: "'wai-ig list'" <w3c-wai-ig@w3.org>
Cc: "'Scarlett Julian $ED$'" <Julian.Scarlett@sheffield.gov.uk>
Message-ID: <000b01c36591$97ff4c60$6401000a@cantide>

I personally take the entity-encoded example a step further and
URL-encode parts of the email link as well. An example:

<a href="m&#97;ilto:username&#37;40hostname&#37;2ecom">username<abbr
title=" at ">@</abbr>hostname<abbr title=" dot ">.</abbr>com</a>

I have no idea how "smart" email harvesters are these days, but it
probably isn't worth the effort for them to decode this kind of address
considering how many plain-text emails are available.  Note that there's
nothing special involved - if the email harvesting script is attached to
any browser, it would have no problems reading that.

This solution works with no apparent side-effects in the browsers I've
tested.  It foils simple searches for mailto: or username@hostname.com
without changing the link's appearance.

Further protection can be provided by substituting an image for any
characters in the displayed email address, usually either the '@' symbol
or the entire address.  That's not as accessible, of course.

Any suggestions, questions or improvements are welcome.

-- 
Owen Rodda


-----Original Message-----
From: w3c-wai-ig-request@w3.org [mailto:w3c-wai-ig-request@w3.org] On
Behalf Of Scarlett Julian (ED)
Sent: Monday, 18 August 2003 11.01 pm
To: wai-ig list
Subject: Hiding email addresses in an accessible way



Does anyone have any way of hiding email addresses from spidering that
doesn't use javascript? We use a CMS and have no way of stopping content
authors from using their work email address as a contact (and in the
interests of open government we wouldn't want to anyway) which means
that our organisation is opening itself to huge amounts of spam. If
there was some bit of server-side witchcraft that we could use to
obscure these from email harvesters then I would dearly love to hear it.
I realise that we could use &#64; instead of @ in the mark-up but I'm
petty sure that spiders are wise to this now. Obviously I'd rather not
use client-side scripting if at all possible.

A couple of constraints: 
the address must be a useable link (mailto: unless anyone knows any
other way)
the address must appear on the page so that non-IT-savvy users recognise
that it is an email address i.e. no replacing "@" with "AT" or "." with
DOT

Thanks all.
Julian

Received on Monday, 18 August 2003 10:13:48 UTC