Protecting Email Addresses From SPAM Harvesters With a CAPTCHA

If you manage any websites, you should be aware of the risk of publishing an email address publicly.  SPAM bots spider the web looking for these email addresses, adding them to lists that are sold and used to inundate you with glorious offers of organ enlargement and cheap watches.  Today I encountered the most robust solution that I’ve yet to see.

I’ve seen various solutions for obscuring these addresses to protect them from misuse.  These solutions involve anything from obscuring it visually in the form of foo (at) somewhere (dot) com, which may not be very effective against smart bots, to fancy javascript that decodes and renders the email address in real time for an actual user.

This is the service: it hides an email address and forces the user to solve a CAPTCHA to get the actual address.  While this can be seen as inconvenient for users, it’s dang near impossible for a bot to get through it.  The interface is also one users are likely already familiar with.

This Google service is the same one used to protect blog comments, website registrations, and other online form submissions, but applied to email addresses.

It’s worth noting that there’s still nothing stopping a user from harvesting your address manually and adding it to a list, however unless you’re a high-value / high-profile target that’s probably unlikely to happen.

Leave a Reply