Blog Home  Home Feed your aggregator (RSS 2.0)  
What did you learn today? - Help in the fight against spam
Phil Denoncourt's Technology Rants
 
Archive
<July 2008>
SunMonTueWedThuFriSat
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789
Navigation
Home
My Website
Microsoft Profile
Linkedin Profile
Users
Categories
 
 
 
 
 
 
 
 
Blogroll
 Benjamin Day
 Chris Reeder
 Jason Haley
 Sam Gentile
 Scott Hanselman
Contact
Send mail to the author(s) Email Me

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Sign In
 Thursday, October 27, 2005
Help in the fight against spam by phildenoncourt
Last night I posted a webcontrol that I wrote to my website that makes life more difficult for spammers. It's a substitute for hyperlink control in ASP.NET named the obscure hyperlink control

One of the ways that spammers get email addresses is that they have programs that spider the web, looking for email addresses embedded in webpages. They target forum based sites because people are more likely to leave their email addresses there. This has caused people to start leaving their email addresses in cryptic formats (for example: me {at} mydomain.com). I find these techniques annoying as an end user trying to contact someone, but I also have to believe that spammers have caught on and look for variants with the word "at" in them. The obscure hyperlink control can be used for any hyperlink, mailto or http. Besides thwarting spammers, another use of the control would be to link to an objectionable site without contributing to its search engine rank.

What the obscure hyperlink control does is scrambles (note - I'm not saying encrypt) the hyperlink when the page is being created on the webserver using a random technique. An scrambled example of my email address is 'mcstiostucoe@ipolamit:hldnnorascae.o'. You can see a functioning example here. A matching javascript function is added to the webpage that unscrambles the hyperlink when the user clicks on it. When you view the source of the webpage, the link is removed, and an onClick handler is added to the hyperlink. Nowhere will you see the text of the hyperlink. It is present in the onClick handler, but it is not very legible. The Url is not stored in Viewstate, so it can't be taken from there, either.

Here are pros & cons of this control:
Pros:
  • Easy to use (works exactly the same as the existing hyperlink control)
  • The hyperlink information is not in the href attribute, but in the onClick (an area that spammers don't always pay atttention to)
  • The diversity of scrambling algorithms makes it difficult for spammers to target a specific implementation
  • Doesn't require a lot of server resources
Cons:
  • Doesn't completely prevent spammers from getting email addresses. A determined spammer could reverse engineer the control. This is just adds a roadblock for spammers.
  • Requires that the user's browser supports javascript and that it is enabled.
  • Limited number of scrambling algorithms. Right now there are 5. If this fills a need, I intend to add more, but it will still be a finite number.
Thursday, October 27, 2005 4:02:31 PM (GMT Standard Time, UTC+00:00)  #    Comments [0]   Development | DotNet | ASP.NET  | 
Comments are closed.
Copyright © 2008 Phil Denoncourt III. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme: