內容簡介
避免垃圾郵件收件人的方法已有很長一段歷史。一些明顯的目標是將過程對訪客無縫化,具可實施性。經常被忽略的是提高可訪問性,但在某些領域這實際上是法律要求[1]。
方法
據我所知,這個外掛實施到目前為止是最好的方法。這個技術被稱為“Graceful Email Obfuscation”,Roel Van Gils指出了這一點[2]。基本思想非常簡單:使用PHP和JS有效地隱藏地址,並使用基於文本的CAPTCHA確保盲人和視力受損用戶可以輕鬆使用回退功能。
PHP代碼使用字母字符生成經過簡單編碼的字符串,使得很難想像垃圾郵件解析器如何可能檢測它。唯一的方法是載入整個DOM和jQuery來運行解密例程。據我們所知,沒有機器人進行過這樣的操作,但如果主題或任何其他外掛沒有載入jQuery,則可能會在頁面載入時添加一些細微的秒數。
與其他外掛的比較
令人驚訝的是,似乎沒有其他WordPress外掛使用這種方法,其他的要麼提供非常少的防垃圾郵件保護,要麼無法應對關閉JavaScript的用戶(3-10%)。接近的是Private Daddy,但最後一關關卡他失敗了,只提供了一個圖像CAPTCHA,沒有提供非視覺替代品。盡管我的第一個代碼是笨拙的,但如果可訪問性對您來說真的很重要(當然,如果我不這麼認為,我就不會編寫這個功能),那麼它似乎是目前最好的可用選項。還有一個類似的Drupal外掛[3]。
與其他方法的比較
最可行的替代方法是:
使用圖像(參見Visagefolio)。這需要輸入,對每個人都很痛苦。
不好的“test [at] example [dot] com”風格的文本替換不提供保護並擾亂用戶。
像輸出“moc.elpmaxe@tset”並使用CSS unicode規則將其反轉這樣的巧妙方法。不幸的是,這會給盲人帶來麻煩,在某些瀏覽器中使得複製和粘貼鏈接變得混亂。
使用XML注釋或CSS display: none; 刪除連接文本中的元素。仍然沒有可點擊的鏈接,這使得盲人使用非常困難。
JavaScript回退
如果沒有JavaScript,用戶將被帶到一個使用空白內容框的網站頁面,在那裡他們被要求回答一個簡單的文本問題以檢查他們是否為人類。目前問的是簡單的算數問題,但使用testCAPTCHA.com服務可以增加更多的問題。
參考資料
特別是美國的“508”立法。
在A List Apart上的原始描述。
Drupal外掛
進一步閱讀:
肯·卡爾森(Ken Carlson)的GEO評論
垃圾郵件加密比較,建議使用這種方法進行508合規性:.eduGuru文章,作者Michael Fienen
有關詳細的一些注意事項和未來細節
外掛標籤
開發者團隊
原文外掛簡介
Hiding email addresses from spammers has a long history. There are some obvious golden goals, like making the process seamless to your visitors, and be practicable to implement. The one that often gets left out is accessibility, but in some areas this is actually a legal requirement.[1]
The method
To my knowledge, this plugin implements the best method so far devised. Credit goes to Roel Van Gils for this technique, which he calls Graceful Email Obfuscation.[2] The basic idea is actually very simple: use PHP and JS to hide the address effectively, and make sure the fallback can be used easily by blind or visually impaired users by using a text-based CAPTCHA.
The PHP code takes passed-in emails and generates simply-encoded string using alphabetic characters. It is therefore very hard to imagine what sort of spammer’s parser could possibly detect it. The only way is to load the whole DOM and jQuery to run the decryption routine. As far as we know, no bots go to those lengths, but it adds essentially no overhead if the theme or any other plugins already load jQuery; otherwise a fraction of a second might be added to page load.
Comparisons with other plugins
Amazingly, no other WordPress plugins seem to use this method, either offering very little spam protection, or not coping with JavaScript turned off (3-10% of users). Private Daddy comes closest, but falls at the last hurdle by offering an image CAPTCHA with no non-visual alternative. Clunky though my first code bash is, it seems to the best available at the moment if accessibility is really important to you (of course, if I did not think that, I would not have written this). There is a similar Drupal plugin.[3]
Comparisons with other methods
The most viable alternative methods are:
Using images (cf. Visagefolio). This requires typing and is a pain for everyone.
Poor “test [at] example [dot] com” style text replacements provide no protection and annoy users.
Clever things like outputting “moc.elpmaxe@tset” and using CSS unicode rules to reverse it. Unfortunately these cause trouble for the blind and in some browsers make it confusing to copy and paste the link.
Using XML comments or CSS display: none; to remove elements inside the link text. There is still no clickable link, which makes it hard for the blind to use.
JavaScript fallback
If there is no JavaScript, the user is taken to a page on the site using an empty content box where they are asked a simple text question to check whether they are a human. Basic sums are asked at the moment, though a wider range of questions could be added using the testCAPTCHA.com service.
References
See particularly ‘508’ legislation in America.
Original description on A List Apart.
Drupal plugin
Further reading:
GEO review by Ken Carlson
Spam obfuscation comparison recommending use of this method for 508 compliance: .eduGuru article by Michael Fienen
Some notes and future details on my site
