Protecting email address with .htaccess
|I hate spam, i received since i created my first email account and i am always interested in web development tricks and techniques for protecting email accounts. Recently i read book about email security and found there very interesting technique which allows users to send email to you while proveiding email harvester with completely false email address, i created variation of this trick which i will share here as well.
First method requires, to create a new fail let’s call it my_false_email@not_exisiting.com, if you are unsure then: YES, file should be named like a valid email address, any UNIX system should handle such file. Next thing we need to do is add following lines in .htaccess file:
<filesMatch "my_false_email@not_exisiting.com"> ForceType application/x-httpd-php </filesMatch> |
Now our file will be executed as a PHP script, so open it and put there following script:
<?php header('Location: mailto:my_real_email@my_real_domain.com'); ?> |
When someone tries to access file my_false_email@not_exisiting.com default email software will open with your real email address. Such solution will never expose your email address to email harvester, however there are also few downsides of this method. First it requires to create additional file, second if someone wants to copy your email from the website and then use it, then obviously he will get the fake email and won’t be able to contact you.
First problem can be resolved by using my modification to this method, instead of creating additional file, we can use redirection, put in .htaccess following line:
RedirectMatch my_false_email@not_exisiting.com mailto:my_real_email@my_real_domain.com
Now whenever in the URL my_false_email@not_exisiting.com will be found, email application will open, just like when you would click link mailto:my_real_email@my_real_domain.com
The second problem is a bit more complicated because you can’t do much about, the safest way to avoid copying email from website is using such or similar anchors:
click to get my real email address
Also note that if you will use “mailto:” in href parameter, both of this techniques will NOT work at all, well i guess it is another downside of this method isn’t it?
You know, you can avoid the problems you have created for yourself by just linking to email.php with the anchor of click here to email me. You aren’t giving out any email address so there is nothing to scrape and people aren’t going to be confused and you don’t need to worry about creating new entries in your htaccess or server conf files.
You could also use javascript to create the link wherever you need it to take it one step further.
Although, I would prefer a secure and properly coded comment form because at the end of the day, that’s what is going to be easiest for your users.