Email Form To Avoid SPAM - Recommendation?

[Ken Hall]

Can someone recommend an email form (CGI, etc.) that does not expose
my email address in the page source? I've tried everything else and
nothing works. Javascript encoding/obscuring don't work. My company
is just me, and I'm getting covered up in SPAM. I get 3000+ SPAM
messages a day and my various filters can only narrow this down to
about 600 to 800. Since I don't want to drive away customers I don't
want to use a GIF/JPEG for the addresses. I've read that email forms
with the address located in a concealed directory work. Seems
logical. Is there a particular one of these that folks recommend?

Ken

 

[Guest]

http://www.websunlimited.com/order/Product/SpamStopper/spam_stopper_help_dir.htm

 

[Jack Brewster]

Ken,

First thing, check with your web host. They may have a CGI or other
application already in place that you can take advantage of. The best thing
with this type of solution is that the support will be very specific to your
needs. Barring that, if you're comfortable with ASP take a look at "rolling
your own" with CDO:
Intro: http://www.asp101.com/samples/email.asp
HTML format: http://www.asp101.com/samples/email_html.asp
Attachments: http://www.asp101.com/samples/email_attach.asp

or PHP:
http://phpmailer.sourceforge.net

Another alternative, if you're hosted on a Windows server and you can use
executables in CGI:
MailForm - http://www.lss.com.au/lss/windows/mf/mf_ins.htm

I used this a couple years ago and was pleased with the functionality. The
configuration info can be stored in an externail config file saving your
address from harvesting. The downside is that it's not free (but not
expensive, either) and I don't think it's been updated since I used it.

 

[Mike Mueller]

Good afternoon Ken-
What I use is a form to get the information for the
email, and I use a custom written ASP page to process the
form. The ASP page I use utilizes CDONTS as I am currently
on a NT4 server. There is also CDOSYS which is an updated
version used on Windows 2000 or 2003 servers. It is very
easy to use. Using the custom asp page also allows more
flexibility, as mine uses the info to send the mail,
database the mail, and display the mail, all on one page.
The following links from MS should help in the programming
of CDO

CDONTS:
http://msdn.microsoft.com/library/d...ml/_denali_newmail_object_cdonts_library_.asp
CDOSYS:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/e2k3/e2k3/_techsel_tech_1.asp

Here is an example using CDONTS, the form variables are
SenderName, SenderAddress, MessageSubject, MessageBody

<%
' Read the form info
dim strSenderName, strSenderAddress, strMessageSubject,
strMessageBody
strSenderName = Request.Form("SenderName")
strSenderAddress = Request.Form("SenderAddress")
strMessageSubject = Request.Form("MessageSubject")
strMessageBody = Request.Form("MessageBody")

'Assemble message information
dim strSenderInfo, strSentFrom, strSentTo
strSenderInfo = strSenderName &"<"& strSenderAddress
&">"
strSentFrom = "Website Email <[email protected]>"
strSentTo = "(e-mail address removed)"

'Assemble the email
on error resume next
Set Mailer = Server.CreateObject("CDONTS.NewMail")
Mailer.From = strSentFrom
Mailer.To = strSentTo
Mailer.Value("Reply-To") = strSenderInfo
Mailer.Subject = strMessageSubject
Mailer.Body = strMessageBody

'Send the mail
Mailer.Send
If err.num <> 0 Then
Response.Write "CDONTS Error: " & err.num & " - " &
err.description
End If

'Clean up
set mailer = nothing
%>



: Ken Hall wrote:
: Can someone recommend an email form (CGI, etc.) that does
: not expose my email address in the page source? I've
: tried everything else and nothing works. Javascript
: encoding/obscuring don't work. My company is just me,
: and I'm getting covered up in SPAM. I get 3000+ SPAM
: messages a day and my various filters can only narrow
: this down to about 600 to 800. Since I don't want to
: drive away customers I don't want to use a GIF/JPEG for
: the addresses. I've read that email forms with the
: address located in a concealed directory work. Seems
: logical. Is there a particular one of these that folks
: recommend?
:
: Ken

 

[Ken Hall]

http://www.websunlimited.com/order/Product/SpamStopper/spam_stopper_help_dir.htm

I'd seen that before. I couldn't find a clear explanation or an
example of the method it uses, but it says it "converts the mailto
hyperlinks contained within a page to JavaScript code." As I said in
my post, Javascript encoded/obscured email addresses don't work. They
can be read by the SPAM-Bot email harvesters. I know this because I
tested several of the frequently recommended Javascript encoders using
the two most widely used SPAM-Bots. It doesn't matter if the masking
is further enclosed in HEX or ASCII decimal. I concluded if browsers
can decode the Javascript so can the SPAM-Bot programs -- which is
logical when you think about it.

Ken

 

[MD Websunlimited]

Ken,

In our test Spam Stopper prevents email harvesting. Spam harvesters can not contain the intelligence to put an email address back
together. It would have no way to know what pieces belong where.

You can use an ASP / PHP form to send the email to an address that is only on the server. That requires that you're customers can
only communicate with you via the form or if you provide them with an email address that is not published.

 

[chris leeds]

that got dragged to the tips folder. nice collection of links. ;-)

 

[Ken Hall]

Thanks for all the replies. I realize now I should have mentioned I'm
on a Unix server and have no ASP support.

Ken

 

[Jack Brewster]

Ken,

In that case, you probably have PHP support so take a look at the PHP
suggestion I offered:
http://phpmailer.sourceforge.net

If you're at all comfortable with coding, even if you don't know PHP, this
should be easy to implement. Also, have you checked with your host yet? Do
they offer any solutions that are already available on the server?

 

[FrankC]

Thanks for all the replies. I realize now I should have mentioned I'm
on a Unix server and have no ASP support.

Ken, take a look at the "nms FormMail" scripts at
http://nms-cgi.sourceforge.net/scripts.shtml. Very bullet-proof.

 

[Ken Hall]

Ken, take a look at the "nms FormMail" scripts at
http://nms-cgi.sourceforge.net/scripts.shtml. Very bullet-proof.

Thanks. That link didn't work when I tried it just now. I'll try it
again later.

Ken

 

[Tom Pepper Willett]

How did you 'hide' the contact email addresses? Don't they show in html
(source) view?
--
=====================================================
Tom Pepper Willett [Microsoft MVP - FrontPage]
----------------------------------------------------------------------------
-
Microsoft FrontPage:
http://www.microsoft.com/office/frontpage/prodinfo/default.mspx
http://msdn.microsoft.com/office/understanding/frontpage/

=====================================================

I took all email addresses off my sites so they wouldnt be harvested, and

instead put up contact pages, easily done in Front Page. It helped, but
now after 2 months Im getting even more emails.... somehow the spammers
can harvest email addresses off most mail servers and even my hidden contact
email addresses get spammed now. grrrrr. So, I guess I am real curious
to see anyone elses responses here as well. Spam Assasin has helped, but
like you I think it is only about 50-60% effective.

 

[Thomas A. Rowe]

To completely hide the email address for forms, you must use a server-side script to process the
form.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, WebCircle, MS KB Quick Links, etc.
==============================================

I took all email addresses off my sites so they wouldnt be harvested, and instead put up contact

pages, easily done in Front Page. It helped, but now after 2 months Im getting even more
emails.... somehow the spammers can harvest email addresses off most mail servers and even my
hidden contact email addresses get spammed now. grrrrr. So, I guess I am real curious to see
anyone elses responses here as well. Spam Assasin has helped, but like you I think it is only
about 50-60% effective.

 

[Ken Hall]

I took all email addresses off my sites so they wouldnt be harvested, and instead put up contact pages, easily done in Front Page. It helped, but now after 2 months Im getting even more emails.... somehow the spammers can harvest email addresses off most mail servers and even my hidden contact email addresses get spammed now. grrrrr. So, I guess I am real curious to see anyone elses responses here as well. Spam Assasin has helped, but like you I think it is only about 50-60% effective.

As others are saying, if you simply use a FP form your email address
will be available in the HTML source code (view source). The email
harvesting programs find addresses in the HTML source so this provides
no protection.

Ken

 

[Ken Hall]

All these form processing scripts require the HTML form be created
separately. Can the forms made by FP be used to link to the processor
scripts?

Ken

 

[Ken Hall]

Actually there is a way to use the form to deal with SPAM.

Use an email address that isn't used for any other purpose. Put some
unusual word (or string of letters) in the form will be sent with the
form. Then set up a filter in your mail reader that looks for that
word and lets through messages from the special address that contain
the word. Following this filter add another that deletes all messages
to the special address. You can use this same address in as many
forms as you have. The SPAMmers will pick up and use the address,
but you're sending all their messages to the bit bucket with the
filter. When the volume of SPAM to the special address becomes
onerous, change it to a new one in the forms and filters, and throw
the old one away

Ken

 

[Thomas A. Rowe]

Yes. Under Form Properties, select Send to Other and then enter the path to the script.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, WebCircle, MS KB Quick Links, etc.
==============================================

 

[Ken Hall]

Yes. Under Form Properties, select Send to Other and then enter the path to the script.

Thanks.

Ken