Just noticed that IE7 (and maybe IE6) caches the referrer with the page, too. In other words, if you navigate on a page, when you click on a link on a different page that leads to the first page, the referrer does not refer to the page where the link resides but to the page that leaded for first to that page.
Please tell me that I’m wrong, I can not believe that there is such a bug in IE7 (even if I know that referrer can not be relied upon, but for different reasons.)
In my continuous quest to fight spam, I think I’ve found a simple solution to an aspect of this problem. It isn’t the definitive one, and we can consider it a variation on the theme of the captcha, even if there’s no image involved, because there must be a “human intelligence” involved in the interaction.
We know that one of the problems behind spam are mail-harvesters: servers that search for email addresses in the Internet (see Project Honey Pot). I don’t know exactly how they work, but I think that they find a web server someway (trying IPs or searching for HTTP addresses on search engines), then they start to suck every accessible page on it and search in the HTML text for acceptable email addresses. But we know that a web page can have a behaviour, too: I think it’s very difficult that mail-harvesters “run” the pages they get, because that would be very resource intensive and slow. Besides running them, they should fire all registered events and follow their consequences: definitely too much work.
That said, my idea is simple: manually encrypt your email and embed the encrypted string in the page; it will be decrypted on demand based on user action and opportunity. An example is the link with my name under “Author” in the sidebar of my blog site: when you pass on it with the mouse, an event is fired that decrypts my email and puts it in the href attribute with the mailto protocol; then you can click on it and send me an email with your email client.
It seems at least strange that a harvester can do these actions in a timely fashion.
If you want to use this trick, you can encrypt your text here , and copy the result from here directly in your page source.
Then use this code (or a similar one):
<a data="...encrypted string..."
I’ve just grabbed the beta update 220.127.116.11 of Firefox and, surprise, Venkman is disabled again. So I’ve done what someone else did here for Firefox 1.5 (thanks!): I’ve grabbed the jw2 version and changed the max version number to 1.6.
Note that I’ve not tested it throughly, so there are no garantees.
And now the most important question: what will be the future of Venkman?
[EDIT 2006/02/01] From the date of publication (on 26 january), hits on my site are more than doubled and Venkman was downloaded more than 500 times! I’m glad that my small hack helped so many people in the developer community. My only worry is that none seems to know what the future of Venkman will be: does someone know it?