Introduction
Spamfree Email module works on Javascript enabled and disabled browsers preventing email harvesting. The Email address given in content type fields like (body, summary etc,) are converted into corresponding mailto links and provides email obfuscation to protect email addresses from harvesting bots. A javascript array of the original email address is generated and is parsed back to HTML, this way it is shown in Javascript-enabled browser, at the same time for non JS browsers an image of the email address (using Gd library) is generated and displayed. This prevents non-javascript capable bots from harvesting email addresses. Every time the email generated javascript array will change making it difficult for the bots to do any guess work. Spamfree Email does not use any common css class names or ids making it further difficult for the bots to grab the text within that.
Working
After obfuscation, this email address: example.one@example.org turns into this, but only for bots:
var eWNnEZVIu = new Array('g','@example.or','example.one');
document.getElementById('YvynIpoMZ').innerHTML = eWNnEZVIu[2]+eWNnEZVIu[1]+eWNnEZVIu[0];
document.getElementById('YvynIpoMZ').href = 'mailto:'+eWNnEZVIu[2]+eWNnEZVIu[1]+eWNnEZVIu[0];
Additional feature to handle non JS environment, can be turned off from admin side.
<noscript><img src="path to image" /></noscript>
Requirements
Should work on any Drupal 7 installation. If non Js browser support is needed Gd library should be enabled, which will be on in most cases.
Installation
- Select the field types you need to be processed: admin/config/content/spamfree_email .
- If support for non Javascript browser is enabled, GD library is a must which will usually be installed on server.
Usage
- Install the module and go to configuration page and select the fields in which
obfuscation to be added. - For selecting the font family, you need to upload the font and click Save first
and then only the font will appear in the font list.
Alternately we could call this manually like:
if (module_exists('spamfree_email')) {
$string_with_obfuscated_email = spamfree_email_obfuscate($string);
}
How its different from others
When I examined other modules I could see that they are wrapping the email address with some specific HTML tags or CSS classes. A bot can simply grab the text within that HTML tag or class and process it to get the email. Also the modules have dependency on jquery or heavy decoding functions such as base 64 decode in javascript. Where as Spamfree email uses only pure javascript and js array for manipulating.
Some similar modules and differences
- Spamspan: Module obfuscates email in a special format for non Js enabled browsers foe eg: example [at] example [dot] com . This can be easily decoded by a bot.
- Graceful Email Obfuscation Filter: This module has a dependancy with Contact module. Also the module uses a sepcial format for links which also is easy for the spambots to grab. eg: contact[at]example[dot]com
- Invisimail: In this module if we need to apply the filter we must select it as a formatter in display. Also it works only in JS environment.
Known problems
This module currently replaces the text in a tags with corresponding email address.
eg: <a href="mailto:example@example.org">Click here</a>
will become:
<a href="mailto:example@example.org">example@example.org</a>
To Do
Option to do the same on view fields
Project information
- Project categories: Security
51 sites report using this module- Created by abhiklpm on , updated
Stable releases for this project are covered by the security advisory policy.
There are currently no supported stable releases.
