{"id":71,"date":"2005-08-25T21:50:38","date_gmt":"2005-08-25T11:50:38","guid":{"rendered":"http:\/\/www.somethinkodd.com\/oddthinking\/emailshroud-wordpress-plugin\/"},"modified":"2006-09-15T00:25:15","modified_gmt":"2006-09-14T13:25:15","slug":"emailshroud-wordpress-plugin-1-0","status":"publish","type":"page","link":"https:\/\/www.somethinkodd.com\/oddthinking\/emailshroud-wordpress-plugin\/emailshroud-version-history\/emailshroud-wordpress-plugin-1-0\/","title":{"rendered":"1.0.1"},"content":{"rendered":"<h1>Obsolete<\/h1>\n<div class=\"aside\">This is a historical record of the EmailShroud 1.0.1 release. Please see EmailShroud 2.0 for latest version of EmailShroud.<\/div>\n<p>EmailShroud is a <a href=\"http:\/\/wordpress.org\">WordPress<\/a> plugin.<\/p>\n<h3>What does it do?<\/h3>\n<p>In order for spammers to send email to millions of people, they need millions of email addresses. One way to get these addresses is to automatically search the web, harvesting email addresses from unsuspecting web-sites. EmailShroud helps to protect email addresses that are published on a WordPress Blog.<\/p>\n<p><em>Note: EmailShroud is not like most of the anti-spam plugins for WordPress. EmailShroud does not protect the blog against <a href=\"http:\/\/codex.wordpress.org\/Combating_Comment_Spam\"><em>Comment<\/em> Spam<\/a>. EmailShroud helps to protect the owner, authors and other people mentioned on a blog from receiving <\/em><em>email<\/em> spam.<\/p>\n<h3>How does it work?<\/h3>\n<p>EmailShroud does more than just use \u00e2\u20ac\u0153escape codes\u00e2\u20ac\u009d, which is a poor-man\u00e2\u20ac\u2122s solution to this problem.<\/p>\n<p>It uses JavaScript to \u00e2\u20ac\u0153obfuscate\u00e2\u20ac\u009d the email address. Spammers don\u00e2\u20ac\u2122t run JavaScript during their harvesting, as it would take too much effort and is unlikely to help produce many more email addresses. Almost all browsers used to actually read blogs <em>do<\/em> run JavaScript \u00e2\u20ac\u201c the browser transparently decodes the email address without the reader even noticing.<\/p>\n<p>EmailShroud gracefully handles browsers that are not running JavaScript.<\/p>\n<h3>How do I install it?<\/h3>\n<p>Installation is simple, and you should have the basic system up and running in a couple of minutes.<\/p>\n<ol>\n<li>Install the file.\n<ol>\n<li>Get the <a href=\"http:\/\/www.somethinkodd.com\/emailshroud\/emailshroud.zip\">latest version of EmailShroud<\/a>.<\/li>\n<li>Extract the file <code>sto_emailshroud.php<\/code> and copy it to your Word Press directory, under the <code>wp-content\\plugins<\/code> subdirectory, on your server.<\/li>\n<\/ol>\n<\/li>\n<li>Activate the plug-in.\n<ol>\n<li>Login to your WordPress Admin site.<\/li>\n<li>Select the Plugins page.<\/li>\n<li>Under the Plugins tab, find EmailShroud and click Activate.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p>The system is now installed and activated. It will handle almost all of the situations and almost all of your readers\u00e2\u20ac\u2122 browsers.<\/p>\n<p>You may like to read <a href=\"http:\/\/www.somethinkodd.com\/oddthinking\/wp-admin\/post.php#limitations\">Limitations of EmailShroud<\/a> to find out about the tiny minority of situations that EmailShroud won\u00e2\u20ac\u2122t automatically handle.<\/p>\n<p>You may like to read <a href=\"http:\/\/www.somethinkodd.com\/oddthinking\/wp-admin\/post.php#advanced\">Advanced Settings of EmailShroud<\/a> to find out about how to improve the look-and-feel for the tiny minority of users who aren\u00e2\u20ac\u2122t running JavaScript.<\/p>\n<h3>Features<\/h3>\n<h4>What EmailShroud will detect and protect<\/h4>\n<p>EmailShroud will search for email addresses in the following places:<\/p>\n<ul>\n<li>The contents of WordPress pages.<\/li>\n<li>The contents of posts.<\/li>\n<li>The contents of post excerpts.<\/li>\n<li>The contents of RSS feeds.<\/li>\n<\/ul>\n<p>It will search for:<\/p>\n<ul>\n<li>Links to email addresses (i.e. anchor tags with mailto addresses.)<\/li>\n<li>Email addresses written in the content of a post with the text mailto: in front of it.<\/li>\n<li>Email addresses simply written in the content of a post.<\/li>\n<\/ul>\n<h3><a name=\"limitations\"><\/a>Limitations of EmailShroud<\/h3>\n<p>In the following rare circumstances, EmailShroud may pass through the email addresses, unprotected:<\/p>\n<ul>\n<li>Multiple email addresses within a single anchor tag, including \u00e2\u20ac\u02dccc\u00e2\u20ac\u2122 and \u00e2\u20ac\u02dcbcc\u00e2\u20ac\u2122 addresses.<\/li>\n<li>Domain names with multiple consecutive dashes.<\/li>\n<li>Email addresses in WordPress page titles and post titles.<\/li>\n<li>Where the anchor tag is malformed, so it is not recognized as an anchor tag.<\/li>\n<li>Where the email tag appears outside of the pages, posts, excerpts and RSS feeds. In particular, in a list of links in a side-bar or in templates.<\/li>\n<\/ul>\n<p>In the following rare circumstances, EmailShroud may <em>damage<\/em> existing links:<\/p>\n<ul>\n<li>Where a user-name and password is included in a URL.\n<ul>\n<li>i.e. using the userinfo subcomponent of a URL.<\/li>\n<li>This is rarely used outside of phishing attempts.<\/li>\n<\/ul>\n<\/li>\n<li>Where the anchor tag is malformed, so it is not recognized as an anchor tag.<\/li>\n<li>Automatically generated excerpts may have their email addresses stripped.\n<ul>\n<li>See below for more information.<\/li>\n<\/ul>\n<\/li>\n<li>Email addresses in Category Descriptions.\n<ul>\n<li>This bug-fix is pending the repair of another bug-fix in WordPress<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>In the following unusual circumstances, EmailShroud may make links disappear:<\/p>\n<ul>\n<li>Where the page is served as XHTML 1.0 Strict in the DOCTYPE tag, and the user is not using Internet Explorer and JavaScript is turned on.<\/li>\n<\/ul>\n<h4>Special Behaviour for Excerpts<\/h4>\n<p>In some circumstances (for example, category views or for RSS feeds) an excerpt of a post may appear. WordPress allows the author to produce their own excerpt \u00e2\u20ac\u201c if they don\u00e2\u20ac\u2122t, an automatically generated excerpt is used.<br \/>\nIf the user manually enters an excerpt, it is treated by EmailShroud much like regular content. If WordPress automatically generates an excerpt, it strips all tags, and the email address will not appear.<\/p>\n<h3>Compatibility<\/h3>\n<h4>WordPress<\/h4>\n<p>EmailShroud requires WordPress 1.5, or above. It has been tested on WordPress 1.5.2, 2.0, 2.0.1 and 2.0.2.<\/p>\n<h4>Browsers<\/h4>\n<p>EmailShroud has been tested on:<\/p>\n<ul>\n<li>Mozilla Firefox 1.0.4, 1.5.0.4 (Windows)<\/li>\n<li>Microsoft Internet Explorer 6.0 &#038; 7.0 Beta 2 (Windows)<\/li>\n<li>Opera 8.0.2 (Windows)<\/li>\n<\/ul>\n<h4>XHTML Compliance<\/h4>\n<p>EmailShroud breaks Strict XHTML in two ways. However, it works correctly with Transitional XHTML.<\/p>\n<p>EmailShroud uses Document.Write(), which is not supported in Strict XHTML. It is hoped that this will be remedied in a future release.<\/p>\n<p>EmailShroud also may put a &#8220;noscript&#8221; tag inside other tags, like a paragraph tag. This is a perfectly safe action &#8211; if the browser does not expect the tag it should be ignored, which is the correct behaviour. However, you may receive warnings if the web-site is passed through an XHTML validator; they can be ignored. Correcting this issue is likely to make the plug-in far more complicated, and increase the size of the download, but this will be considered for inclusion in a later version.<\/p>\n<h3><a name=\"advanced\"><\/a>Advanced Settings for EmailShroud<\/h3>\n<h4>Dealing without JavaScript.<\/h4>\n<p>For users with JavaScript, EmailShroud appears transparent \u00e2\u20ac\u201c they won\u00e2\u20ac\u2122t even notice it is there.<\/p>\n<p>However, a small minority of people use browsers which do not support JavaScript \u00e2\u20ac\u201c often this is for reasons of extra security. For these users, EmailShroud is noticeable. There are three ways that EmailShroud can handle these cases, known as \u00e2\u20ac\u0153Action Plans\u00e2\u20ac\u009d<\/p>\n<h5>Divert to default decoder page on EmailShroud site.<\/h5>\n<p>The default behaviour is to replace the email address with a link to a decoder web-page on SomethinkOdd.com. This web-page decodes the obfuscated email address and displays it, but the user must type it in manually to their email program.<\/p>\n<p><em>Note: This default behaviour diverts the user to a 3rd party web-site \u00e2\u20ac\u201c i.e. this one. <\/em>In the unlikely case that the amount of bandwidth used by this service becomes non-trivial, I reserve the right to add (tasteful) adverts to the page that they see. I understand that may be unacceptable to some people, and I offer them two alternative actions plans \u00e2\u20ac\u201c see below.<\/p>\n<h5>Transform Address<\/h5>\n<p>One alternative action plan is to include the email address in the text, after being transformed in some way so it is no longer recognizable as an email address (e.g. including some garbage in the email address, with instructions to the reader to remove it.<\/p>\n<p>You can use the default transformation, or change the parameters to produce your own. I encourage you to produce your own to (a) localize the text to your blog\u00e2\u20ac\u2122s language or style, and (b) to prevent spammers from writing code to overcome this technique.<\/p>\n<p>The transformation occurs in three parts:<\/p>\n<ul>\n<li>a prefix, placed before the address.<\/li>\n<li>a replacement for the @ symbol.<\/li>\n<li>a suffix, placed after the address.<\/li>\n<\/ul>\n<p>This allows popular transformations like:<\/p>\n<ul>\n<li>replace the \u00e2\u20ac\u0153@\u00e2\u20ac\u009d with \u00e2\u20ac\u0153@NOSPAM.\u00e2\u20ac\u009d Or \u00e2\u20ac\u0153@REMOVEME\u00e2\u20ac\u009d<\/li>\n<li>replace the \u00e2\u20ac\u0153@\u00e2\u20ac\u009d with \u00e2\u20ac\u0153 AT \u00e2\u20ac\u0153.<\/li>\n<li>Optionally, add some text to explain to people how to modify the address.<\/li>\n<\/ul>\n<h5>Divert to custom decoder page in the template file<\/h5>\n<p>A third action plan is still is to redirect the user to a script running on your own site. In theory, this means they will continue to see the colours and style of your own site. In practice, this requires non-trivial modifications to your WordPress template.<\/p>\n<h4>How to Set and Debug the Options<\/h4>\n<ol>\n<li>Open the Options Panel\n<ol>\n<li>Login to your WordPress Admin site.<\/li>\n<li>Select the Options page.<\/li>\n<li>Click on the EmailShroud tab.<\/li>\n<\/ol>\n<\/li>\n<li>Select the Desired Action Plan.<\/li>\n<li>If you chose to divert to the EmailShroud Site there is nothing more to do.<\/li>\n<li>If you chose Transform, you can select the desired transformation parameters.\n<ul>\n<li>Tip: Take care with leading and trailing spaces.<\/li>\n<\/ul>\n<\/li>\n<li>If you chose to divert to your own custom decoder, you need to ensure there is a PHP file in your template directory to handle it.\n<ul>\n<li>Here is an <a href=\"http:\/\/www.somethinkodd.com\/emailshroud\/emailAddress.php_fragment\">example code fragment<\/a> that does the computation \u00e2\u20ac\u201c the required change is to make it fit with your web-sites side-bars, headers, styles, etc.<\/li>\n<li>This is likely to be non-trivial. I would like to <a   rel=\"nofollow\" id=\"sto_emailShroud0\" href=\"http:\/\/www.somethinkodd.com\/emailshroud\/emailaddress.php?encryptedAddress=moc%40%40duorhsliame.ddoknihtemos&amp;ver=2.2.1\">hear from you<\/a> if you were successful, especially with any of the more popular themes.<\/li>\n<li>I&#8217;d appreciate it if you would include a pointer to the http:\/\/www.somethinkodd.com\/emailShroud home page in the HTML source.<\/li>\n<\/ul>\n<\/li>\n<li>Test your settings by turning off JavaScript in your browser, and clicking on an email address.<\/li>\n<\/ol>\n<h2>Support<\/h2>\n<p>Feel free to <a   rel=\"nofollow\" id=\"sto_emailShroud1\" href=\"http:\/\/www.somethinkodd.com\/emailshroud\/emailaddress.php?encryptedAddress=moc%40%40duorhsliame.ddoknihtemos&amp;ver=2.2.1\">report<\/a> any bugs you notice or any suggestions you have. I plan to spend a limited amount of time on support.<\/p>\n<h2>Acknowledgements and Further Reading<\/h2>\n<ul>\n<li><a href=\"http:\/\/joemaller.com\">Joe Maller<\/a> describes a <a href=\"http:\/\/joemaller.com\/js-mailer.shtml\">similar technology<\/a> \u00e2\u20ac\u201c some of the ideas from that site were helpful in improving my code.<\/li>\n<li><a href=\"http:\/\/www.ajaydsouza.com\/wordpress\/plugins\/transpose-email-plugin\/\">Transpose Email<\/a> is a much simpler WordPress plugin with a very similar goal. As of V1.2, it doesn&#8217;t automatically replace all email addresses &#8211; it requires the author to manually enter a special piece of code instead of an email address. This makes it harder to use, but it won&#8217;t trip up if you are someone who has to put usernames and passwords in a URL. It requires your reader&#8217;s browser to support JavaScript. Nonetheless, this plugin is worth keeping an eye on as a potential alternative to EmailShroud.<\/li>\n<li><a href=\"http:\/\/www.emailcloak.com\/\">EmailCloak<\/a> offer a similar technology for a small price.<\/li>\n<li>The <a href=\"http:\/\/hivelogic.com\/articles\/2006\/02\/07\/enkoder_plugin\">Enkoder<\/a> plugin for Ruby on Rails has a similar goal. It includes some very basic encryption (ROT3?). It isn&#8217;t suitable for WordPress, but may work with some of the WordPress competitors.<\/li>\n<li>The \u00e2\u20ac\u0153regular expressions\u00e2\u20ac\u009d that form the basis of the code were influenced by some of the items at the <a href=\"http:\/\/regexplib.com\">RegExLib.com Regular Expression Library<\/a>.<\/li>\n<li>I have tried hard to comply to the official advice on <a href=\"http:\/\/codex.wordpress.org\/Writing_a_Plugin\">writing a plugin<\/a>.<\/li>\n<\/ul>\n<h2>Version History<\/h2>\n<ul>\n<li>1.0.1 Lowered filter priorities to avoid <a href=\"http:\/\/www.somethinkodd.com\/oddthinking\/2005\/09\/03\/lining-up-the-wordpress-filters\/\">clash<\/a> with <a href=\"http:\/\/www.michelf.com\/projects\/php-markdown\/\">PHP Markdown<\/a> 1.0.1b, and later<\/li>\n<li>1.0.0 First version to go live.<\/li>\n<li>0.91 Beta Test version<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Obsolete This is a historical record of the EmailShroud 1.0.1 release. Please see EmailShroud 2.0 for latest version of EmailShroud. EmailShroud is a WordPress plugin. What does it do? In order for spammers to send email to millions of people, they need millions of email addresses. One way to get these addresses is to automatically [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":295,"menu_order":40,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_s2mail":"","footnotes":""},"class_list":["post-71","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/pages\/71","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/comments?post=71"}],"version-history":[{"count":0,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/pages\/71\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/pages\/295"}],"wp:attachment":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/media?parent=71"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}