
How to Hide your Email Address on Web Pages - Ashuu
http://www.labnol.org/internet/hide-email-address-web-pages/28364/
======
JohnTHaller
I use my own function to character encode all the letters except the @ sign
and split it into multiple writelns via JavaScript. It has a NOSCRIPT fallback
as well (email AT address DOT com) which is also character encoded. The
combination has worked well on client sites with clean email addresses. My own
personal email address was in the clear for years and still is on other sites,
so that one is a bit hopeless.

My Obfuscate Mailto function is available for direct use on my site as well as
a PHP and ASP function for plugging in to other sites:
[http://johnhaller.com/useful-stuff/obfuscate-
mailto](http://johnhaller.com/useful-stuff/obfuscate-mailto)

You can view the result by plugging an email in to that form or by viewing the
source on my contact page:
[http://johnhaller.com/contact](http://johnhaller.com/contact)

------
jrockway
Is spam from address-scraping bots still a problem? I get why people did it
before there was spam filtering, but these days, who cares?

~~~
ChuckMcM
No it isn't. It it still possible to quickly add an address to the spam pile
by putting it on a web page. And I've done that to provide honeypot addresses
which let me dump all email from senders to any address that also goes to the
honeypot address.

------
kilian
The reality is, spambots will get through it eventually no matter what, and
you will only end up increasingly inconveniencing your visitors. (How pissed
would you be if you copied an email address somewhere and it appeared in
reverse?) With email being what it is today, it's up to the receiving end to
have good anti-spam software running.

------
arkitaip
Make sure to read "Nine ways to obfuscate e-mail addresses compared" as it
tells which technique is most effective

[http://techblog.tilllate.com/2008/07/20/ten-methods-to-
obfus...](http://techblog.tilllate.com/2008/07/20/ten-methods-to-obfuscate-e-
mail-addresses-compared/)

Ultimately, obfuscating your email address might be futile

[http://www.theguardian.com/technology/2010/dec/21/keeping-
em...](http://www.theguardian.com/technology/2010/dec/21/keeping-email-
address-secret-spambots)

~~~
Casseres
Considering this experiment was started in 2006 and the results published in
2008, I imagine most bots or newer bots have been configured to handle these.

Anyone interested in starting a new experiment? I guess I will. It might get
me on the front page of HN in 1 to 2 yeras!

------
kylec
To me, email address obfuscation seems like one of those things that everyone
does because everyone else is doing it. However, I've had my email address
public and unobfuscated for years and I get very minimal amounts of spam,
largely thanks to Gmail's wonderful spam filter.

~~~
na85
Well you probably get shit-tons of spam addressed to you, though it might not
make it all the way to your inbox proper.

------
sdfjkl
Unicode may help a bit too: ﹫＠ != @

The one that spammers haven't figured out yet is: "My name is Bob and you can
email me at this domain." (anywhere in a page under bob.com).

~~~
corin_
You can do that without needing it to be such an easy address - for example,
you can contact me using my gmail.com address which is corin.c.cole

------
neilk
I have had my email address available on a web page, with only minor
obfuscation (escaping characters, sometimes in different encoding schemes) for
over a decade. I don't get a lot of spam on that address.

I doubt there's any economic incentive for an email-harvester to solve the
problem of even trivial obfuscation. These days you can buy tens of thousands
of email addresses for a small amount of money. These are harvested from
e-commerce and social media, and are much more likely to be real and current,
and the targets more unsophisticated about clicking on ads.

EDIT: Actually there is an incentive; when the algorithm is applied on behalf
of many naive users. So maybe the built-in algorithm in WordPress is actually
more targetable than something you make up yourself. This isn't crypto; it's
just obfuscation, so being original may help.

------
krapp
I typically have a form on the site do the emailing directly. Here is a plugin
I wrote for Wordpress to do this, which is basically just a mailer with a CSRF
token:
[http://wordpress.org/plugins/plainmail/](http://wordpress.org/plugins/plainmail/)

The best solution to me is to simply never have an email address visible on
your site anywhere.

... and yes, before someone points it out, having a _form_ on your site is
just as much of an issue potentially.

~~~
zAy0LfpBZLC8mAC
It's the best if you never want to hear from me.

I have my mail software set up so that I can comfortably write emails, match
and track responses, and all that. If you want me to use your mailer instead,
I'll probably just forget about it.

~~~
krapp
Admittedly, that is another drawback.

------
al2o3cr
All of these are interesting, but ultimately fall down on the same point: spam
"bots" harvesting emails aren't always programs anymore. One could write a
pretty straightforward program that grabs all the bits of webpages that look
email-like (techniques like these would make them EASIER to ID) and then gets
them read by people with a Mechanical Turk-style process.

------
__david__
My technique was to use a "+spam" suffix on my email user with the idea that
when the spambots got it, I'd just ban that address and change the web site to
use "+spam1". That was over 10 years ago and I've never once gotten spam to
that address. Turns out spambots aren't a problem any more after all.

------
elliottlan
I've always been a fan of codeigniter's 'safe_mailto' function.

See here:
[https://github.com/EllisLab/CodeIgniter/blob/develop/system/...](https://github.com/EllisLab/CodeIgniter/blob/develop/system/helpers/url_helper.php#L260)

------
sogen
I remember reading an article that tried several methods on publicly email
addresses and tallied how each one got spam. Turns out ROT13 was the best. I
use this tool:
[http://rot13.florianbersier.com/](http://rot13.florianbersier.com/) So far so
great.

------
vezzy-fnord
You can also simply display the address as an image. I don't know how many
spambots actively crawl and apply OCR to general images, rather than just
specifically programmed CAPTCHA procedures.

~~~
zAy0LfpBZLC8mAC
That's a good idea especially if you want to prevent visually impaired people
from being able to communicate with you.

------
yogo
Clever trick. However, the bots will eventually catch on.

------
bound008
You can also use [http://boun.cr](http://boun.cr) it's like bit.ly for email
addresses.

------
foolproof
or just use scr.im [¹], originally developed by Ozh [²].

[1] [http://scr.im](http://scr.im)

[2] [http://ozh.org](http://ozh.org)

