True they can't read it from the database, but they can run things to get the pages to display and get the email addresses. One way around that as you have done is make the forums section a sign up section and to avoid spamming to the forums turn on no anonymous postings allowed. If you use a robots.txt this can reduce spam from robots and spiders. You can also turn on mod_rewrite and set parameters. This way you can monitor your access logs and you will see repeat hits....such as emailsiphon, cyveillance. BUT be aware places like nameprotect.com and turnitin.com get around the robots.txt. Those are mostly spambots/spybots/offline downloaders that ignore the robots.txt You set your rewrite to block them.... example: RewriteCond %{HTTP_USER_AGENT} EmailSiphon RewriteRule .* - [F,L] See http://httpd.apache.org/docs/2.0/misc/rewriteguide.html for more information. If mod_rewrite is not enabled on your system you can use mod_setenvif as you can find in using Apache to stop bad robots http://www.evolt.org/article/Using_Apache_to_stop_bad_robots/18/15126/ Also in the access logs you will find others--- claim to be from referrer pages like www.iaea.org or a user-agent that will have the phrase Microsoft URL Control. I would also suggest checking out http://www.webmasterworld.com/ as they have lots of information on blocking robots and preventing spam. You can also search Google for something like EmailSiphon htaccess or htaccess block robots to find additional examples and lists of User-Agents to block. For a more heuristic approach to identifying rude robots, check out Neil Gunton's A Spambot Trap and Lee Killough's How to Defeat Bad Web Robots With Apache. Both demonstrate techniques for setting traps within your website for rude robots to fall into. Lim Chee came up with an interesting way to hide email addresses from spammers see http://phoenity.com/newtedge/hide_email_spambots/ For those of you wanting to know about spam: How do spammers get email addresses? Spammers generally gather email addresses in the following ways: Using spambots to scour web pages This is the main focus of this page. Spambots basically follow links and grab email addresses from "mailto" links, storing them as they go along. Using spambots that scour usenet If you've been on usenet (aka newsgroups) you know the deal: you have to hide your email address or you will be swamped with spam. Not only do you have to disguise it in the body of your post, but in your newsreader client settings as well. Spambots love to grab those email messages. Specialized spambots Some spambots are more specifically designed to scour certain places, such as a local bulletin boards, chatrooms on AOL, etc. Usually it is up to the company running a service to discourage or prevent use, not the users. Buying lists from other spammers or companies You may have seen the spam - "Over 1 million email addresses on a CD!" Not just CDs but on ftp sites, web pages, etc. Once your email is harvested, it may get copied around for years. The only good news is that they want to charge other people for their hard work, so it does usually cost them some money to buy the addresses. From a mailing list This is a partiularly despicable way. Spammers join a mailing list, then gather the email addresses of the members, either from a list of the members provided by the mailing list software, or from people as they post. It's hard to avoid this, short of not joining the list. On some mailing lists, you can "lurk", that is, hide your existence so that nobody knows that you are on the list. Until you decide to post, that is. :) By people themselves Commonly seen as part of a spam message: "To stop any future mailings, just reply to this message with a subject of REMOVE". Yeah, right. If you reply to the spammer, you accomplish three things: 1.. You verify an email address for the spammer as valid. 2.. You verify to the spammer that you actually read the mail, and took the time to reply to it. 3.. You demonstrate your lack of anti-spam knowledge to the spammer, by falling for this trick. All of this means that you are more likely to receive more spam by replying. This scheme is also known as a opt-out mailing list and is a terrible alternative to opt-in. Other ways Web pages and usenet are the main ways. The Center for Democracy & Technology has written a very good report entitled Unsolicited Commercial E-mail Research Six Month Report. Jill > Date: Mon, 25 Sep 2006 15:45:28 -0400 > From: wwwuser@yourhostingaccount.com > Subject: [WILLIAMS-DNA] New Message Posted in the Williams Genealogy > Forums! > To: williams-dna@rootsweb.com > Message-ID: <E1GRwOO-00071V-On@cgi0905.int.bizland.net> > > The following new message has been added to the Williams Genealogy Forums, on the Williams DNA Project board under the existing topic of Re: How to get those in a group to communicate??... > > > -------------------------------- > > Thomas, > > You bring up a very good point and a common concern for many > folks. > > We should not have to worry about spambots (the programmatic > robots that scour the internet and harvest email addresses) for one > simple reason. The email address are all stored in a data base and > the only way to get them out is to run the webpage itself, which then > runs a small piece of programming to "select" that information from > the database. The spambots cannot run the webpages...they can only > look at existing html code and pull from that. And, they cannot read > from a database. > > I hope this helps to quell anyone's fear about spam! It has long > been a concern of mine and I make many efforts to protect everyone > from it. > > - Adrian