Do you avoid using mailto: on your website?

Don't ever display valid individual email addresses or mailto: on a website. Nasty people on the web have created "Email Harvesting" tools. These programs search public areas on the Internet to compile, capture, or otherwise "harvest" lists of email addresses from web pages, newsgroups, and chat rooms. Any email address that is spelled out can be captured and therefore gets attacked with spam.

The best way to avoid it is not to display valid individual email addresses in text format (especially in the form of "mailto:") on your website.

FirstnameSurname@ssw.com.au

Figure: Bad way - normal email address in text format

Better way: encryption technique

Store email addresses in the web.config file

<configuration> 
    <appSettings> 
        <add key="SampleEncodedEmailAddress" value="David@sample.com.au" /> 
        ...
    </appSettings> 
</configuration>

Encode them on the server using the BitConverter class

Dim email As String = ConfigurationSettings
        .AppSettings("SampleEncodedEmailAddress")

Application("SampleEncodedEmailAddress") = BitConverter
        .ToString( _ ASCIIEncoding.ASCII.GetBytes(email))
        .Replace("-", "")

Decode on the client with a JavaScript function in the JavaScript

<a id="linkContact" href="javascript:sendEmail('44617669644073616D706C652E636F6D2E6175')">
    CONTACT David
</a>

We have a program called SSW CodeAuditor to check for this rule.

Website Development - ASP.NET

Do you avoid using mailto: on your website?

Better way: encryption technique

Authors

Categories

Authors

Categories