Anyone who’s ever done it knows: don’t post your email address on the web.
It’s a sad state, but the internet is so innundated with spam, that if you post an email address virtually anywhere, no matter how remote, the spambots will probably find it. Just like google, spammers search the internet, but they’re not looking for interesting content, they’re looking solely for your email address. Though I could see a future where spambots collect contextual information and tie it to the email addresses they harvest, to target spam more effectively.
The following strategies offer some help:
- remove any mailto: links — this is the easiest target.
- remove any email addressses — the @ symbol is like the smell of blood to these sharks. But spambots are even getting clever enough to figure out things like user AT example.com or user @ example.com
- use an image instead of text — either the whole email address or just the @ symbol.
- use a contact form, possibly with a captcha.
But what do you do for your users’ sake? If they can’t click on your email address, they might not go to the effort of finding your form, or deciphering your obfuscated email: aarone (AT) NOSPAM one-shore (DOT) com.
It’s called hidemailto and here’s how it works:
Here’s an example I set up:
Which has the following link:
A few things could be done to make it a bit more secure.
- don’t use the word ‘mailto’ in the link
- before the redirect there could be a captcha
It’s a nice touch to make it wait for the redirect, because spambots are so successful precisely because it’s so computationally cheap.
Okay, now that you know the techical details (or have skimmed to this point) here’s how you install it.
I assume you have a working installation of Silverstripe, download the hidemailto controller from here:
The module should be a compressed tarball, and look something like this:
To unzip it, type something like this.
tar -xvzf hidemailto-trunk-r62511.tar.gz
Some versions of tar don’t have the ‘z’ flag to decompress gzip. If that command doesn’t work, try it in two steps:
tar -xvf hidemailto-trunk-r62511.tar
Then rename the extracted folder from hidemailto-trunk-r62511 to hidemailto:
mv hidemailto-trunk-r62511 hidemailto
and finally copy it to your silverstripe installation directory.
cp hidemailto /your/path/to/silverstripe/
for example, if silverstripe was installed in /var/www/silverstripe you’d type:
cp hidemailto /var/www/silverstripe/
You may also need to do the same with another module called gallery. The Hidemailto documentation mentions a dependency on gallery. Follow the same steps:
- copy it to the silverstripe directory
If you don’t have shell access, do the first three steps locally, and then use FTP to copy the hidemailto (and gallery) folders to the silverstripe directory on your server.
There’s one more step you need to do before it will work. Add the domain part of the email address (such as one-shore.com) to the file named _config.php in the hidemailto directory (/your/path/to/silverstripe/hidemailto/_.config.php):
You might want to remove silverstripe.com from that list, since you probably won’t be receiving any email for that domain.
Feel free to email me (with the link above) or comment here if you have questions or corrections.
3 thoughts on “Silverstripe spam prevention”
Here are a couple links about spam prevention:
— this is a more complete example including step by setp implementation
— this has several links to implementations including the one below it
— this is probably the definitive article on spam prevention
— and this is great practical follow up
Is the hidemailto module compatible with Silverstripe 2.4? I tried and i does not work and it should. When I click on the link silverstripe tries to open the mailto/xxx/xxx/Subject link which result in 404 Not found error.