WebTools Pro is a small program that you launch after opening up a webpage in your IE browser. When opened, a vertical toolbar is visible giving you access to numerous features that every web developer should get their hands on. From viewing source code like never before to seeing exactly where table and layer borders are, this tool set lets you dive into the intracasies of a webpage in ways you never thought imaginable.

WebTools Pro lets you disect a webpage down to viewing scripting, detailed page information (including file sizes and download times), easily access validation services and so much more. There’s too many features to mention here. You’ll have to try it for yourself.

WebTools Pro is available as a free trial version, which limits which features are available, but there is no time limit on its use. There’s so much to see with the trial version alone, that it’s well worth taking a spin. If you like what you see, you can unlock the remaining features by purchasing a license for only $29.50 USD.

There is one feature I can’t do without, and WebTools Pro makes it so easy. Have you ever wanted to know how a particular website uses its CSS to make their site look so great? Now you can dive deep into their CSS and see for yourself. WebTools Pro has a feature that will show you the CSS code and examples of each style without hunting down class names and stylesheets.

Take a look at how this site looks when the CSS is evaluated:

If you ever derive some inspiration from other websites, this tool will make finding out how they do it a breeze. Give it a try today. You can download the trial version right here:

4 Methods to Protect Email

by Ryan Smith

Make no mistake. You can’t escape death, taxes, or spam. The only thing you can do is try to reduce spam and prevent spammers from getting your email address *easily*. The following briefly explains why this is, and offers a balanced solution to make getting your email address as difficult as possible for spambot harvesters, while still making your site friendly for users.

There are a couple email gold-mines for spammers to get your address.

1) Malware on other people’s computers
2) Harvesting addresses from web sites.

Malware on other people’s computers harvests addresses and/or sends spam. The only way to stop that is for people to use anti-virus software and a firewall. But that’s not anything that you can control.

Harvesting addresses from web sites is where you can make it either impossible, or extremely difficult for a spammer to get your email address. Your options are:

1) Don’t put any addresses on your site

While this is obvious, it makes it pretty hard for potential customers to contact you. Not a good idea.

2) Use an email form

Email forms force you to rely on someone to type their email address properly so that you can respond to them. Though it guarantees that spambots can’t “get your address”, for legitimate users it reduces email reliability, and spammers can still use your email form to spam you directly. If you cannot respond to a potential customer because they accidentally mistyped their email address, you end up looking like the bad guy. Again, not a really great solution.

3) Use a graphic

Putting your email address in a graphic puts up an added barrier and forces your potential customers to type your email address. However, graphics do not offer any real advantage over obfuscation. The technology for OCR (Optical Character Recognition) and principles for cracking captchas are well understood and do not differ for what would be required to rip an email address out of a graphic. Combined with not being very user friendly, this is not the best option.

4) Use obfuscation

Obfuscation is your best bet to put up the most difficult barrier possible while still balancing usability and ease for your web site visitors. You stop spambots from harvesting your address and you still allow users to click on your email address.

Spam is all about numbers and costs have to be low to deal with the massive volumes that spammers need in order to get a sale/victim. CPU cycles are expensive. The more processing power you need, the more computers you need, and that all costs money and/or time. Obfuscation addresses this directly because it makes the processing power needed to extract an email address exorbitantly high.

Getting “johndoe@domain.com” out of simple text is easy. But how easy is it to get “johndoe@domain.com” out of this:
<script type="text/javascript"></script><script type="text/javascript"></script>

Perhaps just a little bit tougher? Actually, it’s almost impossible for a spammer to get it. The script above isn’t the real barrier. It’s every other script on the Internet. If a spammer wants to get that address, their spambot email harvester must parse every single JavaScript on every page that they scan, and this costs processing power. What are the chances that a script contains an email address? Not very good. It’s a total waste of time when there are already so many other people that don’t protect their email addresses.

I’ve written a simple free utility, the Renegade Email Protector, that obfuscates email addresses 4 different ways:

1) JavaScript Hybrid

The first approach is simple for anyone to modify as it is human readable. It inserts random garbage into the email address and strips it out when someone hovers their mouse on the link:

<script type="text/javascript"></script>
John Doe

When a user then clicks, the RenegadeFix4E8tXtGz function has already replaced the garbage that’s inserted into the address to reveal the correct address. Spambots will easily get “johndoe@4E8tXtGzdomain.com” out of it, but who cares? That wrong address will just waste their time.

2) Unicode Encoded (Entities)

The second approach encodes the email address in unicode entities and looks like this:

John Doe

While a browser will easily decode the entities there and display the correct address, none of the spambots tested were able to do this. While not my first choice for protecting email addresses, this can easily be put in a noscript tag for visitors that do not have JavaScript enabled (see below).

Unfortunately, this approach, like the next two, is not human readable and is extremely tedious if you’re typing individual addresses while reading off of a chart.

3) JavaScript Obfuscation

The third simply obfuscates the HTML with the mailto link. It’s not human readable, but your browser can easily understand it.

<script type="text/javascript"></script>

Your browser then understands that as ‘ John Doe ‘.

Underneath that, the escaped text is just a simple function that uses ‘document.write’ to display the proper HTML in your browser.

4) Obfuscated JavaScript Hybrid

Lastly, the ofuscated JavaScript hybrid uses a similar script to #1 above then escapes it as in the third method above:

<script type="text/javascript"></script><script type="text/javascript"></script>

It is divided into 2 parts that are both required to get the proper address.

(For the mathematicians out there: The order of complexity is linear and not a change in magnitude. Never-the-less, of the many spambots tested, none were able to harvest any email addresses from anything except the first script where the wrong address was harvested. A change in order of magnitude becomes a moot point if even simple examples can’t be handled properly. i.e. The exercise is only academic.)

To further make things difficult, you can take the JavaScript and put it in a *.js file then call it from the page like so:

<script src="someMeaninglessName.js" type="text/javascript"></script>Just remember to strip the ‘<script type=”text/javascript”>’ and ‘</script>’ tags when you save the script in the file. Finally, for those visitors that do not have JavaScript enabled in their browser, you can use the unicode encoded method between noscript tags as follows: <script type="text/javascript"></script><script type="text/javascript"></script>
<noscript></noscript>

While more complex algorithms could be designed, the above 4 methods work sufficiently to protect email addresses from spambot email harvesters.

Ryan Smyth owns Renegade Minds and produces audio software for musicians as well as several freeware programs and technical tutorials for programmers and web masters. He is also the ALTools Evangelist at ESTsoft