Anyone who’s ever done it knows: don’t post your email address on the web.
It’s a sad state, but the internet is so innundated with spam, that if you post an email address virtually anywhere, no matter how remote, the spambots will probably find it. Just like google, spammers search the internet, but they’re not looking for interesting content, they’re looking solely for your email address. Though I could see a future where spambots collect contextual information and tie it to the email addresses they harvest, to target spam more effectively.
The following strategies offer some help:
- remove any mailto: links — this is the easiest target.
- remove any email addressses — the @ symbol is like the smell of blood to these sharks. But spambots are even getting clever enough to figure out things like user AT example.com or user @ example.com
- use an image instead of text — either the whole email address or just the @ symbol.
- use javascript to generate the text — however, spambots may start being able to parse javascript.
- use a contact form, possibly with a captcha.
But what do you do for your users’ sake? If they can’t click on your email address, they might not go to the effort of finding your form, or deciphering your obfuscated email: aarone (AT) NOSPAM one-shore (DOT) com.
While javascript based email links or captcha based forms might be the best solution at present, it takes a programmer to implement them. Thankfully, Silverstripe has a module that helps out, and actually makes it easy and (fairly) secure to allow users to click on a link that is not a mailto link, but will act like one.
It’s called hidemailto and here’s how it works:
Hidemailto uses an ordinary link to the HideEmail_Controller class, which then opens a page that redirects to a javascript generated mailto link. In effect, you click on the link, which you make to look something like this:
http://mysite/silverstripe/mailto/user/host/subject
Here’s an example I set up:
http://one-shore.com/~aaron/silverstripe/contact-us/
Which has the following link:
http://one-shore.com/%7Eaaron/silverstripe/mailto/aarone/one-shore.com/customer%20service
A few things could be done to make it a bit more secure.
- don’t use the word ‘mailto’ in the link
- obfuscate the javascript a bit more — but if a spambot becomes able to parse javascript it won’t matter.
- before the redirect there could be a captcha
It’s a nice touch to make it wait for the redirect, because spambots are so successful precisely because it’s so computationally cheap.
Okay, now that you know the techical details (or have skimmed to this point) here’s how you install it.
I assume you have a working installation of Silverstripe, download the hidemailto controller from here:
http://silverstripe.org/hide-mail-to-module/
The module should be a compressed tarball, and look something like this:
hidemailto-trunk-r62511.tar.gz
To unzip it, type something like this.
tar -xvzf hidemailto-trunk-r62511.tar.gz
Some versions of tar don’t have the ‘z’ flag to decompress gzip. If that command doesn’t work, try it in two steps:
gunzip hidemailto-trunk-r62511.tar.gz
tar -xvf hidemailto-trunk-r62511.tar
Then rename the extracted folder from hidemailto-trunk-r62511 to hidemailto:
mv hidemailto-trunk-r62511 hidemailto
and finally copy it to your silverstripe installation directory.
cp hidemailto /your/path/to/silverstripe/
for example, if silverstripe was installed in /var/www/silverstripe you’d type:
cp hidemailto /var/www/silverstripe/
You may also need to do the same with another module called gallery. The Hidemailto documentation mentions a dependency on gallery. Follow the same steps:
- download
- unzip
- rename
- copy it to the silverstripe directory
If you don’t have shell access, do the first three steps locally, and then use FTP to copy the hidemailto (and gallery) folders to the silverstripe directory on your server.
There’s one more step you need to do before it will work. Add the domain part of the email address (such as one-shore.com) to the file named _config.php in the hidemailto directory (/your/path/to/silverstripe/hidemailto/_.config.php):
HideEmail_Controller::set_allowed_domains(array('silverstripe.com', 'one-shore.com'));
You might want to remove silverstripe.com from that list, since you probably won’t be receiving any email for that domain.
I can also implement a plain javascript solution that will work without silverstripe in basically the same way, or point the more ambitious to some examples on the internet to help them do it themselves.
Feel free to email me (with the link above) or comment here if you have questions or corrections.
Fijiaaron 
Here are a couple links about spam prevention:
— a quick example on using javascript to write a mailto
http://med.stanford.edu/irt/web/clips/javascript-antispam.html
— this is a more complete example including step by setp implementation
http://www.bronze-age.com/nospam/
— this has several links to implementations including the one below it
http://www.webmasterworld.com/forum91/492.htm
— this is a good example that uses javascript obfuscation
http://rumkin.com/samples/mailto_encoder
— this is probably the definitive article on spam prevention
http://www.alistapart.com/articles/spam
— and this is great practical follow up
http://www.alistapart.com/articles/gracefulemailobfuscation
Is the hidemailto module compatible with Silverstripe 2.4? I tried and i does not work and it should. When I click on the link silverstripe tries to open the mailto/xxx/xxx/Subject link which result in 404 Not found error.