Obfuscating email addresses

[riley]

If you don't know what this is or are not otherwise doing it, you should be aware that many of the bots (spiders) that visit your site are harvesting email addresses from your pages for spam email. To avoid this, most web sites will obfuscate (obscure) any email address they show on their pages, thereby rendering them unreadable by bots. But the trick is to successfully obfuscate the links while leaving them fully functional to actual visitors.

After experimenting with many methods over the years, here is what I've settled on (for now):

<a href="#" onMouseOver="this.href='mail'+'to:me'+'@'+'mydomain.com'">My Email</a>

Most who use this method use the onClick event instead of the onMouseOver event. The problem with the onClick event is that when a user right-clicks the link and selects "Copy Shortcut", they wont get the shortcut unless they have already followed the link. However, I'm not sure the onMouseOver event would work either if the user navigates via the keyboard.

I'm interested to know what method(s) other people are using to obfuscate email addresses on their web sites.

riley

 

[Logan]

I'm interested to know what method(s) other people are using to obfuscate email addresses on their web sites.

There are lots of ways, such as is detailed at http://www.joemaller.com/js-mailer.shtml, or http://www.b-link.co.uk/stevedawson/script_hide_email.htm. There are two cool ways at http://ssmedia.com/Utilities/Unicode, I have used the latter one on this page.

 

[riley]

There are lots of ways, such as is detailed at http://www.joemaller.com/js-mailer.shtml, or http://www.b-link.co.uk/stevedawson/script_hide_email.htm. There are two cool ways at http://ssmedia.com/Utilities/Unicode, I have used the latter one on this page.

Yes, these are commonly used methods. But I visited the last link you posted and there is a message above the latter one on the page that states, "Note: The below unicode method doesn't work. Please use the javascript method above instead. (I'm leaving it here because it is an interested method of encoding content.)"

Also, I suspect that bots will become smart enough to decipher such encoding, if they aren't already.

riley

 

[SubSpace]

Possibly.. The unicode thing used to work several years ago, but since it's fairly easy to implement I doubt that's still the case.

The JavaScript thing has a bigger chance of working, and nothing stops you from using a combination of the two. The JavaScript thing will of course break the page for people with JavaScript disabled.

 

[yorri]

Thanks Riley,

These types of things are so useful because it is difficult to know all of the bad things that can happen on the internet. I have just avoided putting email addresses in a page because of this reason. It wasn't that important for me to find a solution but it's nice to know that there is one.(although I wasn't anticipating that there would be one).

Just would like to add that there are tools out there that can decode javascript. It is highly unlikely that the tools for email scraping have gotten that sophisticated but I am sure that if this method becomes common practice the tools will build support for javacript processing to get what they want.

I would probably still only put an email on a webpage if is was 100% absolutely necessary to do so. That way we are guaranteed that spammers don't get the address (at least from a web page).

 

[WebDeveloper]

Here's what I use:

function email(name,domain){
	document.write('<a href=\"mailto:' + name + '@' + domain + '\">');
	document.write(name + '@' + domain + '</a>');
}

<script>email('myself','mydomain.com');</script>

This function is useful too:

function emailadv(name,domain,text){
	document.write('<a href=\"mailto:' + name + '@' + domain + '\">');
	document.write(text + '</a>');
}

<script>email('myself','mydomain.com','Email Me!');</script>

 

[Logan]

...there is a message above the latter one on the page that states, "Note: The below unicode method doesn't work. Please use the javascript method above instead. (I'm leaving it here because it is an interested method of encoding content.)"

Yah, sorry about that. I should have seen the big red flashing letters

 

[Logan]

function email(name,domain){
	document.write('<a href=\"mailto:' + name + '@' + domain + '\">');
	document.write(name + '@' + domain + '</a>');
}

<script>email('myself','mydomain.com');</script>

You need <script> tags around the function too right? Just in case someone like me tries this who doesn't code too much in javascript

 

[WebDeveloper]

You need <script> tags around the function too right? Just in case someone like me tries this who doesn't code too much in javascript

OOPS! Yeah, forgot those!

 

[riley]

You need <script> tags around the function too right? Just in case someone like me tries this who doesn't code too much in javascript

Yes, and only put it in the page in one place. The part that uses the function can be used many times on the page, defining many different links.

I used this method until recently and it works quite well. Frankly, I can't remember why I switched. I guess I was looking for the "perfect" solution, something that likely does not exist for this issue.

riley

 

[SubSpace]

Put it in a separate .js file which you include, even less chance for anything to parse it then

 

[riley]

Here is one more I've used in the distant past.

<script language="JavaScript">
function doEmail(mailbox,domain) {
	document.location.href='mailto:'+mailbox+'@'+domain;
}
</script>

<a href="javascript:void(0)" onclick="doEmail('me','mydomain.com');" target="_blank">Email Me</a>

This method also uses javascript, but it is different in the respect that it never actually sets the link's href property. Instead, it sets the document's href to a mailto when the user follows the link, thus starting the user's email client. It is very limited in functionallity because the user can neither see
nor copy the link (shortcut).

So far, the methods WebDeveloper posted are the ones I like best. I suspect that if you are looking for the perfect method for protecting email addresses, the only perfect method is the one yorri has used: don't put them on the page.

riley

 

[Ross]

Agreed, provide a form so that the user can be emailed directly from the site... that's the method i use. You can then provide the return address in the "reply-to" header.

OR, if you want to keep e-mail addresses secret from the recipient too, provide a "reply" link that comes back through the site.

Essentially a protected e-mail based PM system, which is what we use at: www.tm-exchange.com

 

[Good Oyster]

Where I work we use the form method Ross mentioned, and create an image to display the email address. The image is then linked to the email form if someone likes the idea of clicking on an email address.

 

[riley]

Where I work we use the form method Ross mentioned, and create an image to display the email address. The image is then linked to the email form if someone likes the idea of clicking on an email address.

I've used images too, but found them to be too much trouble. I change email addresses frequently and each time I do, I would have to change the images too.

As for email forms, I think they are essesial for any site and I always include one. Many visitors find them convenient. But many visitors do not like to use them, preferring to use their own email client. For the latter, it's important to somehow include a mailto link.

riley

 

[karmul]

Or you could just get a web based email like hotmail or yahoo.
And just let them put all the spam into a "junk file".