Symphony.

The one problem I have with invisible fields is sometimes they can be an issue for people using screen readers. It would have to be clearly labelled, “If you’re human, leave this blank!”

One of the reasons I like the TextCAPTCHA system is it’s all logic-based CAPTCHAs so they’re easy to read and as long as you know red is a color and twelve isn’t you’re good to go. (Sorry, 3 year olds…)

The one problem I have with invisible fields is sometimes they can be an issue for people using screen readers. It would have to be clearly labelled, “If you’re human, leave this blank!”

Even input fields of type hidden?

Even input fields of type hidden?

Yeah, Jaws reads anything in the page, even if it is hidden, and even though it’s very expensive, it’s the standard screen reader for blind users.

Hidden fields are only display:hidden;

To stop Jaws reading it, set a css value for hidden fields of visibility:none;

To stop Jaws reading it, set a css value for hidden fields of visibility:none;

But when you do that does it still work for spammers?

Hey,

I still don’t know how to produce an obfuscated, clickable e-mail address in Symphony, e.g. like

<a href="mailto:hello@me.com">hello@me.com</a>

This long-term study proves that e-mail obfuscation is more important than ever. However, I found that most of the techniques described don’t work in Symphony, or at least I couldn’t get them to work. It seems that the XSLT parser thwarts everything.

If anyone can help, please let me know.

P.S.: I know a simple contact form is generally a fairly safe bet, but in some countries you are required by law to add an email address to your website. So it would be great if this could be done in Symphony as well.

I think it’s generally safer to not include complete email addresses in your HTML source (as txt or in an input). I also hate CAPTCHA’s (as do may users). TextCaptcha is a great exception to that rule, but is not yet available in languages other than English.

Talking about simple email obfuscation, I would guess(!) most people would know what to do when encountering a ‘plain-text’ email address such as “myname [AT] mydomain [DOT] com”.

If the above assumption is correct it’s trivial to write a short Javascript that picks up on these ‘plain’ email addresses and convert them to a working email link. Since most spambots do not actually interpret Javascript (last I checked) this would seem the simplest and most unobtrusive solution.

Note: most people by far have JS support and will never notice the email address (-link) is actually constructed by Javascript. Those without Javascript support will be able to figure out the email address without much trouble.

This is what I do with most sites at the moment, I can’t really compare before-and-after spam counts though, but have not received much spam at all.

A simple (feedback appreciated) jQuery plugin can be found here: http://github.com/davidhund/vs-js/blob/master/snippets/jquery.replacemail.js

In your HTML: <span class="email">david [at] gmail.com</span> In you Javascript: $('.email').replacemail([opts]);

Here’s some interesting info on the captcha arms race. The first link is a basic news story, and the second one is the actual research paper it was based on.

NPR: Spammers Use The Human Touch To Avoid CAPTCHA

Re: CAPTCHAs – Understanding CAPTCHA-Solving Services in an Economic Context

FYI: CloudFlare.com has been a great service to me for my clients. It's a CDN as well as offering apps such as an email obfuscater that it uses in delivering your site. Its free service is very good.