A while ago, I wrote about different methods in JavaScript to prevent spam harvesters from recognizing an email address. These methods work by placing a scrambled version of the email address into the page source so that a spam harvester cannot recognize it as an email address. Using JavaScript, the scrambled text is unscrambled and displayed as usual to human visitors. Usually, the “scrambling” is based on replacing characters of the email address with its hex-entities (Rails’ mail_to helper does so if using :encode => :hex or :encode => :javascript). My theory was/is, that using hex-entities is not sufficient anymore nowadays, since they can be easily reversed with simple search-and-replace operations.

So I came up with the idea to use a scrambling method that cannot be easily reversed. I assumed that spam harvesters probably can decode hex-entities, but still aren’t able to execute JavaScript. However since this was just an assumption, I started a simple test over the last 6 months to find out how good or bad the different scrambling methods perform.

If you put your email address on a public web page, you can usually be sure to get tons of spam from there on, because address harvesters will sooner or later visit your page and recognize the email address.

There are different solutions to prevent harvesters recognizing an email address. I personally don’t like the use of images to display email addresses or the use of feedback forms instead displaying addresses at all. These methods have a negative impact on the site usability, since a visitor wouldn’t be able to easily copy an email address to his email application anymore.

Another method is to scramble email addresses in a way that harvesters cannot recognize it. Using JavaScript, the address is unscrambled and displayed to a human visitor. Even though this is not a foolproof solution, it provides the best measure between safety and usability in my opinion – as long as you do it right.

So here’s an easy way to use scrambled email addresses in Rails views.

A minor bug in TMail (which is used in Rails’ ActionMailer) got fixed finally.

About 2 years ago, I reported bug #6015 to the Ruby on Rails bug tracker. TMail’s create_forward method always returned the first body part of a newly created forwarded mail instead of the forwarded mail itself. Therefore the create_forward method was practically useless. At that time, the ActionMailer and/or TMail developers didn’t seem to be very active. Well… nobody cared about this for about two years.

After I heard that TMail got a new maintainer, I gave it another try and submitted bug #15445 to the newly created TMail bug tracker. Mikel (who is the new TMail maintainer) applied and tested a fix, so the upcoming TMail version will come without this bug. Thanks a lot, Mikel.

Let’s hope this fix will make it into Rails 2.0 so that I can dump one more workaround in my application soon.