To java or not to java

[Volk359]

There are a couple of additions I'd like to add to my website however in reading thru several threads here it appears that the majority of people have disabled the java scripting in their browsers, to the tune of 90% if I remember correctly. Yet I see a number of threads asking for help with a particular subject and the response include links to a thread or webpage describing the solution in java.

My question is mainly in regards to menu pulldowns, mailto: coding (anti-spam) and other "simpler" script. The concern is the features on the page will be rendered useless and making navigation, for example, impossible.

How much of java is actually being disabled? Is java still usable or is it on it's way out and should I concentrate more on CSS or another form of code?

 

[manarth]

the majority of people have disabled the java scripting in their browsers, to the tune of 90%

Someone's got their stats the wrong way around:s ource from theCounter says 8% without JavaScript.

Nothing wrong with a javascript menu dropdown, as long as you can get to each page without javascript.

Javascript email obfustication is pointless - spamtools already exist which can handle this.

Is java still usable or is it on it's way out and should I concentrate more on CSS

You can do some much with plain old HTML, CSS, and server-side scripts that JavaScript shouldn't be required.

<marc> i wonder what will happen if i press this...[ul][li]please tell us if our suggestion has helped[/li][li]need some help? faq581-3339[/li][/ul]

 

[Volk359]

I think you are correct, after re-reading a couple of threads it apears some of the data was backwards.

I'll take your advice and stick to HTML and CSS.

On a further note, is email obfustication totally pointless or are there some get arounds? Seems to me, as with any other security system, as soon as a new schem to foil the bots comes about the spammers figure it out and add it to the list of things for bots to look for.

 

[jstreich]

Require a login to veiw e-mails, or ruin e-mail addresses in an uncommon way and explain to your visitors in a link how to unscramble them...

<a href=explainemail.html>this _ email * yahoo | com</a>

and then explain that * replaces the @, all spaces are to be removed and the | is a dot (.) on your explainemail.html ...

Or ruin it in the usual way: somthing AT hotmail DOT com
But I think some spam spider programs are smart enough to figure those out.

 

[Volk359]

somthing AT hotmail DOT com

Ya, I've seen that before and figured that bot's had already gotten that. One I was intrigued by was basically a formula:

a = mailto:
b = myname
c = mydomaine

and then a seperate script to put it all together:

a + b + @ + c

or something to that effect. The idea being all the little pieces parts and the formula are in different parts of the page making it difficult for the bots to harvest it. But then we're getting smarter bots all the time, eh?

 

[manarth]

But then we're getting smarter bots all the time, eh?

Indeed. Following links provided by erstwhile TT members, I read recently an article which explained that the latest harvesting software doesn't just grab the HTML, it behaves like a web browser. It loads all the data - including javascript - and builds a standard DOM. It then parses the DOM for email addresses.

The only 'answer' seems to be human-interpretable obfustication - e.g. manarth_remove-me_at_n02Junk_example_dot_com.

Hopefully, most people will translate this to manarth@example.com(*) - assuming they understand english like 'remove-me', are conversant with these anti-spam techniques, and probably a few other caveats as well.

(*) Whenever describing a domain for testing purposes, please use example.com. This domain is reserved under RFC2606 for this purpose.

<marc> i wonder what will happen if i press this...[ul][li]please tell us if our suggestion has helped[/li][li]need some help? faq581-3339[/li][/ul]

 

[ChrisHunt]

I think the best way to stop spammers getting your address is to not put it on your site at all - put a form up instead so your address is kept secret.

However, even then, you'll need to give names to the feilds and the script that won't alert the bots - they're smart enough to recognise names like formmail.pl.

-- Chris Hunt
Webmaster & Tragedian
Extra Connections Ltd

 

[BillyRayPreachersSon]

One easy way to defeat the current email harvesting software is to put your email address as an image, rather than as text.

The pros:

- Cannot be harvested (until harvesting software has OCR abilities) - unless someone specifically types is it (which they could do if it was obfuscated anyway).

The cons:

- Cannot be copy/pasted

- Cannot be linked to a mailto HREF (otherwise the mailto link could still be harvested)

- Would not show up for text-only browsers.

Personally, I would say the best bet is to publish your email address in full-text, to make the site as widely accessible as possible, and to buy decent spam filtering software.

My spam levels used to be huge (100+ emails per day), until my ISP installed Brightmail spam filtering. Now I get 3 or 4 a day, max.

Hope this helps,
Dan

 

[Volk359]

Good suggestions all. Unfortunately there tends to be a fine line between convenience for the client and the user and avoiding spam harvesters.

I did a website for a church and the pastor was horrified when he started receiving spam, most of which was porn related. As well as I could do to explain how things worked they blamed it on the website and I lost a client. Lessons to be learned here.

My ISP has a pretty good spam filter, although something tend to leak thru, and we've just gotten used to having a junk email address and keep the good ones as private as possible. It's too bad that the only real solution to a contaminated email address is to create a new one.

I'm very interested in the Jeremy Jaynes case, tho. Perhaps this will set a precedence for the future.