I use a PHP script on my contacts page (jmfloorcovering.com/contact.html). Any link that would otherwise be a mailto: link is now a link to the contact page. Even viewing the source code of the contact page will not reveal my email address now. The script can be found here, free of charge --> regretless.com/scripts/scripts.php#dodosmail R'gards, Grump
I don't think that the dodo script is secure against all header injections. They only parse one field for injection when it can be done from any field.
we fight spam to our corporate site by inserting a small transparent gif into our home page with a hyperlink to a bogus email address at our domain, i.e. "bogus_user2@yourdomain.com". then, at our mail server, we automatically blacklist any senders who send emails to that email address. The only people who might be sending an email to this bogus email address are those who spidered the url looking for email addresses to strip. this is the only email address available on our site inside the html - all others are behind forms. VG
Yeah I have seen pages that take a robot into a spiral of fake pages with hundreds of email addresses that are bogus. I think it's meant just to disrupt them a bit. Lately I have been getting massive spam. I think whois was spidered and now I get at least 100 per day of the same crappy type of spam. I believe in 2006 I will for the 3rd time be changing my primary email address. It's frustrating because it seems like eventually you lose no matter what.
I agree with the cautious people here. Do not put someone else's email address where it can be seen. It would be almost trivial to write a generic harvester that could be customized in 10 minutes (or less) to overcome pretty much any of the pattern-based schemes here. That's totally ignoring the human harvesters. Besides, wasn't the original post about an auction site? (I've forgotten after reading through all the replies). Do you really think your customers want to take the chance that you're going to hand over their email to some sicko/email stalker? Use a form/script to do it for you and hide (protect) your customers' addresses. Use the image test (google for captcha--I think that's the term). Keep your customers happy. It's a little extra effort, but not much, and well worth it.
You are correct, harvesters consist of software which unfortunately, much like any other program, must be able to overcome obstacles if the programmer wishes to earn, say $200 / sale of same. I've heard some are as fancy as having built-in OCR readers (Optical Character Recognition) which even defeats image-based email addresses and I wouldn't put much past the crafty programmer. Someone else said the best thing to do is don't put your address anywhere on the site - Concurr. Meanwhile, route the domains catch-all to blackhole and have as FEW email addresses as possible (the fewer, the better). Try as one might, it appears at least ONE obvious address is required, thou between all the following: webmaster / admin / support / service / info / ... it soon became obvious to ME I didn't need but maybe ONE of those and no more. This helps reduce some of the standard spam attacks which target the above. Oh, nice google ads (I dunno if you see it, but I am seeing bulk e-mail marketing 'adwords' right as I am writing this ... sigh ...
I'm almost ready to go with one of those "even your mother has to verify her email address" spam blockers that I saw mentioned (by you, Iabrocca?) in another thread. Just because it gets so annoying.