• Print

Requirement of an Imprint Attracts Spam Harvesters

- how to nevertheless prevent to prevent thumbing of eMails? -

eMail spam is turning out to out to be a killjoy in the Internet. How the heck do these spammers get your eMail address? Well, from the Internet, blogs, forums and imprints. eMails addresses are easily retrievable. They are out there waiting to be harvested and that is done fully automatically! Similar to search engines, harvesters send out their robots (crawlers, spiders) through the endless wideness of the world wide web. However, they do not collect contents for indexing but eMail addresses. And while everyone else can decide freely, whether or not to announce his or her address in forums etc., the legislature commands webpage operators to publish – and a directly clickable at that – eMail address. The keyword is "Requirement of an Imprint". Spammers harvest yours and others eMail addresses to later pollute other persons’ inboxes from your imprint.


We would like to introduce a small technical trick against the eMail harvester here. This hint comes with the explicit disclaimer, as this idea is still is only a beta version, in its test phase. Therefore, a success cannot be guaranteed and especially shall not be promised.

The common workarounds (eMail address as a picture to be typed, or camouflaged per JavaScript) are not technically reliable and also legally dubious, because they are at least subject for admonishments. JavaScript is by far not activated in every browser. The legislature does not trust the consumer, the government’s sovereign, to type the eMail address**.

Bigger websites protect their systems with complicated server-side scripts and/or comprehensive and care intensive updated lists of IP-addresses to be blocked. For small sites having only one eMail on its imprint needing protection, such approach is not practicable.

The approach is based on the concept of robots, programmed for “grazing” websites en mass for addresses. These robots do want to wait if an after error message from the contacted server follows or not but go for the next victim. Therefore, it would be a good idea when clicking on the link “imprint (contact or eMail, or similar)” not to immediately show the requested page but an error message to lead the bot astray. Only the human visitor will receive the expected site into his or her browser, containing the special error page which is preventing automatic harvesting his or her protected information, e.g. his clickable eMail address. Following steps are necessary:

Step 1: Add Error Page

Just add a normal page with the details to be protected and upload into the root directory of your server. It is not such a good idea to simply name this page “error.html” but something difficult to guess e.g. 'dr65fgq0.html' .


At least older versions of the Internet Explorer do not show individually drafted error pages that are smaller than 512 bytes. The same is true with dynamic suffixes (like .php). So, best will be to avoid both otherwise your obligation to have an imprint will not have been met.

Step 2: Write Error Rule

Add following lines into .htaccess (with an Apache server

# 403-Embedd ErrorDocument 403 /dr65fgq0.html

Of course, you could lead to a 404 error message (file not found). But a 403 (access denied) is more elegant; broken or dangling links in one’s presentation look pretty "neglected".

Step 3: Linking up the Page>


Set the "Contact" or "Imprint" link either to

- an already "existing", but per .htaccess blocked access page, like - e.g.


- an existing directory (without indicating a file), e.g.

The second variant will only work if displaying the directory’s content has been deactivated (standard with Apache server) and no other index-file has been determined when accessing the directory.

The eMail harvester only searches pages that are directly linked from the frontpage, or technically index-page, (like the blocked page, that then displays 403-error message). It is therefore recommendable to place in between the start page and real "contact page" with your clickable eMail address a further link depth or another page. (N.B. Case law accepts two clicks until you retrieve the contact data. A typical hierarchy could be like start page -> imprint page (in reality only the error page) -> blocked page with the clickable contact data.


Step 4: Redirecting Page Access: :

Who ever wants to place this in an existing internet presentation should not change the contact link on each and every page but better install in .htaccess a domainwide working (301-) redirecting:

Redirect permanent /contact.html http://www.domain.de/blockedpage.html




Even if the horse has already bolted, there are still several possibilities to react against spam or other scams in the internet. There are surely many sites out on the internet informing you of spam, spoof & co.

In German, we can recommend:

When contacting them, please forward my regards to these really nice colleagues!

Sure, you can integrate a contact form into website! But then you will be inviting not only eMail harvesters but also al those cute applets that supect a guestbook behind any form, which can felicitously spammed full.

**Therefore, the sovereign is presumably well advised, to deny his legislator any and all understanding of technical, i.e. informationtechnical, matters.