The commenting system is up and running. It's built with some simple abuse protection mechanism. Others update includes updates to the blogging system and page's template. I've also changed the website's font size to smaller ones to save spaces. One new thing I've learned when I'm designing the commenting system - email address encryption/obfuscation.
Protecting your email adress ? Why ?
Posting your email address on a website is a sure-fire way to get an Inbox full of unsolicited email advertisements. In short, these sites are a spammer's paradise. "Professional" spammers uses spambot to get the job done.
Spambots are small spider programs let loose on the Internet by spammers to harvest email addresses on the web pages like newsgroup postings, discussion boards, guestbooks, special-interest group (SIG) postings, and chat-room conversations etc. They do not obey the robots.txt rule and request webpages like a beggar who has not eaten for months, there by exhausting megabytes of bandwidth of your web server within minutes. Their intention is to just get all email addresses, if found, on the webpages. Spambots can disguise themselves in many ways. Since they are programmed by the humans (SPAMMERs), they come in different flavors. It is very hard to keep track all of them. But we can prevent them harvesting emails by installing some scripts on the server.
There are a number of methods web site developers are currently employing in attempt to disguise email address links from email harvesting spam bots. These include techniques such as replacing characters in the address with numeric entities, writing the addresses with JavaScript, and writing addresses in plain English. Because many of these are coded directly into a web page using HTML and related technologies, they each depend on the inability of user-agents to properly 'decode' the links.
There seems to be a lot of blind-faith in using these methods, and assumptions that email harvesting bots will not be designed to distinguish anything but a simple mailto:user@example.com style link. Perhaps there is not currently a need to design smarter bots since the majority of web sites do not employ any methods for hiding email addresses. Many modern programming languages include the tools to develop a simple user-agent that could be used to collect email addresses in a matter of hours. A simple bot just needs to make an HTTP request for a web page, scrape it for email addresses, and then continue to make requests for any URLs linked to the original page.
The manner in which an email bot discovers an email address or email link can be wide-ranging, from a simple match on an email address (user@example.com) or mailto link (mailto:user@example.com) to more advanced rendering of HTML entities and JavaScript to find hidden addresses. I believe that if an email harvesting user-agent were to be built on top of a modern web browsing rendering engine, if this hasn't happened already, it would be capable of discovering just about any email address no matter how it is hidden.
source:
http://mikebrittain.com/research/spambots/
Considering the fact of this, every single email address in the comments section(and all pages) will be spam protected to a certain extent. Simple spambots won't be able to decode it but it's weak against smarter/advance bots. Besides that, there is no way to stop a HUMAN spammer. He/she is able to read the email address just like me and you. There is no 100% secure way to publish your personal email address on the Internet. You're at risk at the moment you decide to give out your email adress.
DaRen (site admin) Sat October 8, 2005 @ 7:09 pm
I'll make the first comment here !