Ask HN: How to obfuscate an email on a website in 2024?

codetrotter · on March 2, 2024

Last time I made a static site for someone that needed people to be able to contact them, I put a Google Forms link on the page. Let Google deal with the spammers, and still the form is sent to the mail of the person I made the site for. Worked very well.

In the form we collect basic information like name and email address and some other relevant info. And then we also have a free-form text area where people can write whatever.

We also put the phone number of the business on the site, so that people can call by phone instead, if they prefer.

mbork_pl · on March 2, 2024

While I personally detest the PI vacuum machine that Google has become, this is actually quite a reasonable idea I might use in this context. Thanks!

brudgers · on March 2, 2024

In a business context an obfuscated email would give me pause.

Because they are making work for me.

Not helping me with my problem.

It's a tell for two scenarios. In the best case it suggests an intent to communicate "not for me" to me. More likely, there will be more hoops to jump through in the future. That's something I might want to avoid. I have the tee shirt.

the person I'm doing it for does not want to change the email provider nor create any email account/alias other than what they have now.

Ask them what they want, do what the want, cash the check. The solution is social, not technical. Good luck.

mbork_pl · on March 2, 2024

Thanks for your reply. One comment, though:

> Ask them what they want, do what the want, cash the check.

That person is very much not tech-savvy, and I consider my role to help them find out what they need (not "want"). (Also, there's no check involved - this is a friend of someone in the family, I'm doing this for free.)

brudgers · on March 3, 2024

What you consider your role is irrelevant. Your role is what the client wants it to be.

For example, they don’t want your role to be setting up a gmail account even though that would make the spam problem mostly disappear (and avoid a bunch of other email footguns) so you aren’t doing that.

Even though they need a gmail account because potential customers will expect and accept it.

And if your client already has email and use it, they already have practice dealing with spam because putting an email address on the web hasn’t been necessary to attract spam for a couple of decades.

bruce511 · on March 4, 2024

Im not downvoting you, but I disagree that Gmail is a good email address to have.

Our organisation considers Gmail addresses as "suspect" when processing orders.

Gmail itself is hard to deal with as a company address when integrating to internal systems (they keep changing things.)

I personally would strongly caution against using a Gmail address for your company.

rozenmd · on March 2, 2024

Don't bother, I've had mine in my footer for years now - have only had pleasant conversations as a result.

micromicron · on March 2, 2024

I just use my plain text email, I've never had a problem with spam for many years

Bender · on March 2, 2024

In the past I used a perl cgi script and then simple regex filters to discard anything that is not alpha-numeric prior to validating input and then discarding anything that had spamish keywords or excessive spacing or lines. UTF is not alpha-numeric. Not perfect but rarely abused. Nowadays I would probably add a one-line form that asks for a free-form answer to a random question from a million question factoid database. An LLM could look up the answer but if enough people did this it would get expensive and if that became a pattern I would just give them offensive questions. Offensive to an LLM in that it would break their terms of use as spammers mostly abuse other peoples resources and rarely self-host anything.

cpach · on March 2, 2024

For a business site I would either put up a contact form or just write the address out in plain text. Don’t make the customer work to get in touch – unless you already have more work than you can handle.

sfmz · on March 2, 2024

Could put it in an image; if you click the image you get a little notification 'copied to clipboard'

codemusings · on March 4, 2024

Building on that you could even trigger a MouseEvent for `mailto:` and obfuscate the address enough in JavaScript code.

sfmz · on March 11, 2024

I think instead of image you could use svg letters, then it should look good at all screen sizes / scales.

richin13 · on March 3, 2024

I read this article a while back, it contains several alternatives

https://spencermortensen.com/articles/email-obfuscation/

dyingkneepad · on March 4, 2024

Wild guess: not leaving it in the html but having a javascript write it after the page loads will probably get rid of 99.9% of the scrapers. Do spiders execute javascript?

helij · on March 5, 2024

They do.

altdataseller · on March 4, 2024

Don’t overthink it. Just “alias AT domain.com” will get rid of 99% of all email harvesters. The other 1% will just land in your spam filter

colesantiago · on March 2, 2024

rot13 <rot13demail>

or if you want to get very obtuse

rotx <rotxdemail>

and let the reader guess what x is to perform the rot operation

KomoD · on March 2, 2024

Some JS (like how Cloudflare does it) or an image is what I most commonly see.

cranberryturkey · on March 2, 2024

i just use my email and let gmail hadnle the spam

mbork_pl · on March 2, 2024

Understandable, though they don't use gmail, and I'm not sure about the quality of the spam filters of their provider.

codemusings · on March 4, 2024

If it's a managed hosting situation: some providers allow you to create email aliases that redirect to other addresses. That way you could have something like `foo42@acme.com` forward all email to the actual business address and easily replace it later on if the spam gets overwhelming.

cranberryturkey · on March 2, 2024

yeah i think just using hex codes is good enough. no spammer going to bother deciphering those