The Dark Forces of Spam: Defending your site

Spam email chafes. It’s like wet sand in your bathing suit. It’s the electronic version of a freeway driver flipping you off – not with gestures – but with daily offers of stuff you don’t want – or worse – things that offend you.

No unsolicited commercial emails please!

We’ve all received ‘em: solicitations for Canadian drugs, cheap software, implants, enlargements, and the list goes on ad nauseum – leaving the email reading public irked and in extreme cases “spam enraged”. Still, good people are often surprised to discover that their own websites may be unwittingly contributing to the problem. Contributing how, you ask?

One way is by publishing email addresses in plain view on their sites. Bots (robot programs) crawl the web constantly, harvesting addresses that are sitting on websites screaming to be hijacked. To the naked eye, these addresses look something like this: To bots they look like this: mailto:

For the uninitiated, Mailto: is html code that instructs the browser to open a window in the users default email client – e.g. Microsoft Outlook- and insert the address from the web page. So by searching for mailto: on your web pages, bots can easily harvest your stuff.
No spam please
How do you defend against email harvesters? One way is to use forms instead of email addresses. Forms can be filled out by the visitor and submitted to one or more email addresses without ever revealing the recipient addresses. Two other advantages are that one, user information can be saved to a database for later use and that two, forms work regardless of whether the user has an mail client available on the computer they happen to be using at the time.

Don’t have the resources or knowledge to implement forms? There are other strategies that can be used:

  • Replace the email address text with an image of the address. This is effective but has the drawback that the user cannot simply click the image and send an email. Cut and paste doesn’t work either. Unfortunately, the user has to manually open their email editor and hand type the address.
  • Another strategy is to use email address text that can be interpreted by a human but not so easily┬áby a bot program. For example, becomes This has the advantage that the user can cut and paste the address into their email client, but he or she must still edit the address by replacing the red text with “@”.

Another way spammers spam is by creating programs that automatically complete and submit web forms – forms like contact us, feedback, tell a friend, blog comments and user registrations.

So how can you defend against the form bots? The best and most widely used defense is a technology called CAPTCHA and it’s a process that’s designed to distinguish humans from computers. CAPTCHA comes in many styles – for example the “reCAPTCHA” API from the inventors of CAPTCHA technology at Carnegie Mellon University:

CAPTCHA solutions like the one above are easy to implement on most blog sites. For example, the reCAPTCHA plugin for WordPress, developed by Ben Masters, is free and simple to install. To the contrary, implementing CAPTCHA solutions on regular websites usually involves some code twiddling and is probably best left to coder types.

There’s volumes more that can be written about spam defense, but if this post has at least heightened the awareness of site owners to the risk of exposed e-addresses on their sites, and has succeeded in providing some practical strategies for protecting against “the dark forces of spam” we’ll chafe less here at topLingo, knowing we’ve help someone somewhere avoid spam rage.

Client Testimonial

See what is being said about topLingo. Design World Online

topLingo took on a web project that most other web providers would not touch based on timing and cost. They not only stepped up and took on the project, but kept costs under control for a custom & rush development situation. With strong leaders and ...

Portfolio Slideshow

Tap into our design expertise. topLingo Portfolio
Web Development Firm