Honeypot for spam/best practice for mailto links

Evening! Just wondering if anyone has a good link/advice for cutting down spam for forms/mailto links? A while ago I read that for forms you can have some success with an invisible field which a bot will likely check - and filter based on that. I was also considering taking that IP and banning on the backend based on that range or something? (I run fail2ban on the server, but don't really know much about this) RE the mailto link - don't i have a similar problem here too in terms of exposing the email address? Thanks!
4 Replies
b1mind
b1mind2y ago
sry miss read this at first so forms you would want some kinda captcha probably https://developers.google.com/recaptcha for mailto links I typically do something like this https://github.com/b1mind/bfolio/blob/dev/src/routes/contact.svelte so its not a "real" mailto ref but works like one via the form js handler* haha you could add captcha too it and brrrr you also could put in a debounce of some sort to prevent fast spams but yea ban the bad ips for sure
JWode
JWodeOP2y ago
oh ok, so is it right to think that as long as I keep the email address in the JS it'll be less accessible to bots? I was thinking more scraping the address, but maybe that isn't really a concern. Debouncing's not a bad idea too. but ugh, I've looked at captures before - was hoping to avoid them, seems to be a lot of (justified imo) hate for average use, but if it's the only real option... ooh, feel like timing the submission is a good one, forgot about that set a timer from the first click of the input field, if < 3 seconds, discard
13eck
13eck2y ago
I've seen tell of people using JS to add the mailto link a second or two after page load, so when bots initially scrape the page there is no mailto link but by the time a person scroll down far enough it's there. Something like this:
const addEmail = () => {
const link = document.createElement("a");
link.addAttribute("href", "mailto:[email protected]");
link.innerText = "Send me an email!";
const linkParentElement = document.querySelector(".email-link-element");
linkParentElement.append(link);
}

setTimeout(addEmail, 1200);
const addEmail = () => {
const link = document.createElement("a");
link.addAttribute("href", "mailto:[email protected]");
link.innerText = "Send me an email!";
const linkParentElement = document.querySelector(".email-link-element");
linkParentElement.append(link);
}

setTimeout(addEmail, 1200);
Minor downside to this is if the JS doesn't load (or if the user turns JS off) it won't populate the mailto link
JWode
JWodeOP2y ago
Sorry, been away for a couple of days - yeah that looks like a decent option for the mailto links, thanks. I was also wondering if there's a way to have my server respond with a mailto link or redirect or something - basically I turn what looks like a mailto link into a form submission that I can then use recaptcha (or in this case I'm going to try out cloudfare turnstile) and honeypots as i would for a form
Want results from more Discord servers?
Add your server