Spambot Wars
A problem that faces many websites is spam – specifically, spam bots (email harvesters) that crawl through sites and harvest email addresses or abuse community facilities such as message boards. Here are some simple ways to keep them at bay…
Unfortunately, avoiding email harvesters is something of an arms race. Inevitably, whatever technique you use to encode the email address will eventually be discovered and circumvented by the spambot writers once it becomes popular with web developers.
The JavaScript approach
As spambots don’t execute JavaScript (yet), techniques that insert email addresses dynamically using JavaScript or AJAX seem to work.
Try this:
<script type="text/javascript">
var user = "user";
var domain = "domain.com";
document.write(email + "@" + domain);
</script>
This would write: user@domain.com
Unfortunately however, this technique violates a basic principle of web accessibility as JavaScript techniques won’t work for users with JavaScript disabled or those who are behind corporate firewalls that disallow JavaScript.
The CSS approach
A more accessible alternative to the JavaScript technique is a CSS technique:
.email:user { content: "user@"; }
.email:domain { content: "domain.com"; }
This would have the same result as the JavaScript approach and could be inserted into a HTML page like this:
<span class="email"></span>
Preventing forum abuse
Preventing spambots or even persistent users from abusing your forum and posting spam can also be difficult. A common technique is to use CAPTCHA images – images that have been distorted in a way that makes them difficult to read by machines like these:
These fool the bots, while a human user can still read them then register and post on your forum. However, there is also an accessibility problem here: some users with impaired vision will be unable to read the image and post legitimately on your forum.
So the simplest technique is to require the user to register with a genuine email address and not allow posting until the user has received a confirmation email at this address and responded to it. Many forum packages will support these and potentially other security measures.