Rails - Mar 2011 - obfuscated email not really obfuscated. but why not?

I have a page with an email address visible (so humans can print the
page if necessary). I used the following to code to obfuscate the
email. When I view the page source in my browser it appears all is
well, but I was told today by the SEO person at our web developer that
the email address is not obfuscated on this page. He had a printout
with the email address clearly visible after some obfuscated text.

So, is the following incorrect in some way I just can''t see?

Email: <%= mail_to @post.employer.email, @post.employer.email, :encode
=> "javascript", :subject => ''request for information:
''+ @post.title
%><% end %>

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On 23 Mar 2011, at 04:39, "sol.manager"
<sol.manager-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> I have a page with an email address visible (so humans can print the
> page if necessary). I used the following to code to obfuscate the
> email. When I view the page source in my browser it appears all is
> well, but I was told today by the SEO person at our web developer that
> the email address is not obfuscated on this page. He had a printout
> with the email address clearly visible after some obfuscated text.
> 
What does the output look like if you view the HTML source in your browser?

Fred
> So, is the following incorrect in some way I just can''t see?
> 
> Email: <%= mail_to @post.employer.email, @post.employer.email, :encode
> => "javascript", :subject => ''request for
information: ''+ @post.title
> %><% end %>
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

For example, on the web page the following Email:
joe.public-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
had the following source code.

<li>Email: <script
type="text/javascript">eval(unescape(''%64%6f
%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d
%22%6d%61%69%6c%74%6f%3a%6a%6f%65%2e%70%75%62%6c%69%63%40%67%6d
%61%69%6c%2e%63%6f%6d%3f%73%75%62%6a%65%63%74%3d%6a%6f
%62%25%32%30%61%70%70%6c%69%63%61%6e%74%25%32%30%72%65%73%75%6d
%65%25%32%30%66%6f%72%25%32%30%70%6f%73%74%25%32%30%6f%6e%25%32%30%6a
%6f%62%66%69%6e%64%65%72%75%73%61%2e%63%6f%6d%25%33%41%25%32%30%53%6f
%6c%75%74%69%6f%6e%73%25%32%30%41%73%73%69%73%74%61%6e%74%22%3e%6a%6f
%65%2e%70%75%62%6c%69%63%40%67%6d%61%69%6c%2e%63%6f%6d%3c%2f%61%3e
%27%29%3b''))</script></li>

To me this seems obfuscated, but the SEO person produced a print out
with something similar above but looked more like:
after the </script> and before the </li> his print out had
href="mailto:joe.public-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org?subject=job
%20application">joe.public-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org

I didn''t know if this was a difference in web browsers or how he was
able to see this, but he did.

On Mar 23, 4:37 am, Frederick Cheung
<frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On 23 Mar 2011, at 04:39, "sol.manager"
<sol.mana...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > I have a page with an email address visible (so humans can print the
> > page if necessary). I used the following to code to obfuscate the
> > email. When I view the page source in my browser it appears all is
> > well, but I was told today by the SEO person at our web developer that
> > the email address is not obfuscated on this page. He had a printout
> > with the email address clearly visible after some obfuscated text.
>
> What does the output look like if you view the HTML source in your browser?
>
> Fred
>
>
>
> > So, is the following incorrect in some way I just can''t see?
>
> > Email: <%= mail_to @post.employer.email, @post.employer.email,
:encode
> > => "javascript", :subject => ''request for
information: ''+ @post.title
> > %><% end %>
>
> > --
> > You received this message because you are subscribed to the Google
Groups "Ruby on Rails: Talk" group.
> > To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> > For more options, visit this group
athttp://groups.google.com/group/rubyonrails-talk?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Wed, Mar 23, 2011 at 9:29 AM, sol.manager
<sol.manager-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> For example, on the web page the following Email:
joe.public-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
> had the following source code.
>
> <li>Email: <script
type="text/javascript">eval(unescape(''%64%6f
> %63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d
> %22%6d%61%69%6c%74%6f%3a%6a%6f%65%2e%70%75%62%6c%69%63%40%67%6d
> %61%69%6c%2e%63%6f%6d%3f%73%75%62%6a%65%63%74%3d%6a%6f
> %62%25%32%30%61%70%70%6c%69%63%61%6e%74%25%32%30%72%65%73%75%6d
> %65%25%32%30%66%6f%72%25%32%30%70%6f%73%74%25%32%30%6f%6e%25%32%30%6a
> %6f%62%66%69%6e%64%65%72%75%73%61%2e%63%6f%6d%25%33%41%25%32%30%53%6f
> %6c%75%74%69%6f%6e%73%25%32%30%41%73%73%69%73%74%61%6e%74%22%3e%6a%6f
> %65%2e%70%75%62%6c%69%63%40%67%6d%61%69%6c%2e%63%6f%6d%3c%2f%61%3e
> %27%29%3b''))</script></li>
>
> To me this seems obfuscated, but the SEO person produced a print out
> with something similar above but looked more like:
> after the </script> and before the </li> his print out had
>
href="mailto:joe.public-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org?subject=job
> %20application">joe.public-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
>
> I didn''t know if this was a difference in web browsers or how he
was
> able to see this, but he did.
>
>
That''s a good question. What browser and version did he produce that
on?

B.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

The problem seems to be that use was using Firebug add-on for Firefox
and was viewing the page in debug mode, so essentially he was seeing
the "front" and the "back" at the same time. Robots
don''t crawl the
front, the crawl the source. So in the end, I believe this was
operator error and not incorrect obfuscation of an email.

On Mar 23, 10:57 am, Bryan Crossland
<bacrossl...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On Wed, Mar 23, 2011 at 9:29 AM, sol.manager
<sol.mana...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > For example, on the web page the following Email:
joe.pub...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
> > had the following source code.
>
> > <li>Email: <script
type="text/javascript">eval(unescape(''%64%6f
> > %63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d
> > %22%6d%61%69%6c%74%6f%3a%6a%6f%65%2e%70%75%62%6c%69%63%40%67%6d
> > %61%69%6c%2e%63%6f%6d%3f%73%75%62%6a%65%63%74%3d%6a%6f
> > %62%25%32%30%61%70%70%6c%69%63%61%6e%74%25%32%30%72%65%73%75%6d
> > %65%25%32%30%66%6f%72%25%32%30%70%6f%73%74%25%32%30%6f%6e%25%32%30%6a
> > %6f%62%66%69%6e%64%65%72%75%73%61%2e%63%6f%6d%25%33%41%25%32%30%53%6f
> > %6c%75%74%69%6f%6e%73%25%32%30%41%73%73%69%73%74%61%6e%74%22%3e%6a%6f
> > %65%2e%70%75%62%6c%69%63%40%67%6d%61%69%6c%2e%63%6f%6d%3c%2f%61%3e
> > %27%29%3b''))</script></li>
>
> > To me this seems obfuscated, but the SEO person produced a print out
> > with something similar above but looked more like:
> > after the </script> and before the </li> his print out had
> >
href="mailto:joe.pub...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org?subject=job
> >
%20application">joe.pub...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
>
> > I didn''t know if this was a difference in web browsers or how
he was
> > able to see this, but he did.
>
> That''s a good question. What browser and version did he produce
that on?
>
> B.
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Mar 23, 2011, at 8:33 AM, sol.manager wrote:
> The problem seems to be that use was using Firebug add-on for Firefox
> and was viewing the page in debug mode, so essentially he was seeing
> the "front" and the "back" at the same time. Robots
don''t crawl the
> front, the crawl the source. So in the end, I believe this was
> operator error and not incorrect obfuscation of an email.
This is also true if you use Safari/Chrome''s developer inspector.  A
pure view source will show you the javascript mess.  Inspecting the element will
show you the result of the javascript call...

-philip


> On Mar 23, 10:57 am, Bryan Crossland
<bacrossl...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>> On Wed, Mar 23, 2011 at 9:29 AM, sol.manager
<sol.mana...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>> For example, on the web page the following Email:
joe.pub...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
>>> had the following source code.
>> 
>>> <li>Email: <script
type="text/javascript">eval(unescape(''%64%6f
>>> %63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d
>>> %22%6d%61%69%6c%74%6f%3a%6a%6f%65%2e%70%75%62%6c%69%63%40%67%6d
>>> %61%69%6c%2e%63%6f%6d%3f%73%75%62%6a%65%63%74%3d%6a%6f
>>> %62%25%32%30%61%70%70%6c%69%63%61%6e%74%25%32%30%72%65%73%75%6d
>>>
%65%25%32%30%66%6f%72%25%32%30%70%6f%73%74%25%32%30%6f%6e%25%32%30%6a
>>>
%6f%62%66%69%6e%64%65%72%75%73%61%2e%63%6f%6d%25%33%41%25%32%30%53%6f
>>>
%6c%75%74%69%6f%6e%73%25%32%30%41%73%73%69%73%74%61%6e%74%22%3e%6a%6f
>>> %65%2e%70%75%62%6c%69%63%40%67%6d%61%69%6c%2e%63%6f%6d%3c%2f%61%3e
>>> %27%29%3b''))</script></li>
>> 
>>> To me this seems obfuscated, but the SEO person produced a print
out
>>> with something similar above but looked more like:
>>> after the </script> and before the </li> his print out
had
>>>
href="mailto:joe.pub...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org?subject=job
>>>
%20application">joe.pub...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
>> 
>>> I didn''t know if this was a difference in web browsers or
how he was
>>> able to see this, but he did.
>> 
>> That''s a good question. What browser and version did he
produce that on?
>> 
>> B.
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
> 
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On 23 March 2011 15:33, sol.manager
<sol.manager-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> The problem seems to be that use was using Firebug add-on for Firefox
> and was viewing the page in debug mode, so essentially he was seeing
> the "front" and the "back" at the same time. Robots
don''t crawl the
> front, the crawl the source. So in the end, I believe this was
> operator error and not incorrect obfuscation of an email.
Really, don''t even bother.
Firstly, you''re wrong in your assertion that "Robots
don''t crawl the
front, they crawl the source" - nice simple robots may well only look
at the source. But it''s well known that the big search engines can
determine if sneaky JS or CSS methods have been used to stuff keywords
into source, but hide them from view.

Secondly, you have no idea what *nasty* robots are doing - and I
assume they''re the ones you don''t want getting the email
addresses
from your page (for spamming, etc). There''s no reason not to assume
that robots don''t view your whole site exactly as users do, including
ignoring robots.txt files - in fact, a robots.txt file is the first
thing I would look at if I want to know where the juicy stuff might
be...

Just work under the premise that whatever works for your users will
work for robots - if the user can click a mailto link, or read a
legible email address, so can a robot, whatever obfuscation you''ve
tried.

In fact, rather than foiling robots, your method discriminates against
real users who don''t have JS-enabled browsers.

If you *really* want to delay spammers, then render email addresses
like "pavling(at)gmail(dot)com" - or some similar method that is
deducible by humans, but unfamiliar enough to not be easily parsed by
scripts (until loads of people use the method, and it''s worth having
the script look for matching patterns too...) - of course, users can
no longer click-to-send, and I don''t think it''s worth the
hassle.

Life''s too short - use a good spam filter, and don''t worry
about it.
:-)

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.