I'm trying to come up with a JavaScript email obfuscator to reduce the chance for spam in emails listed on a web site. Right now I've got a JavaScript based obfuscator that uses a combination of HTML encoding & JavaScript to convert an obfuscated email into a normal email transparently.
What I do is this:
Format the "mailto:" part of the href in links to be HTML encoded like:
mailto:
I also encode the email, replacing the @
sign with (a)
, so that the email reads something like:
stackoverflow(a)example.com
I then use some JavaScript to decipher all mailto links which have this (a)
sign in the email and convert them to @
on page load.
This works fairly well. For people using browsers with JavaScript enabled, they see everything working normally. For people without JavaScript enabled, every mail client I know would consider the email address as invalid, however the user should be able to infer what is needed to correct the symbol.
I was wondering if there was any better (less intrusive (or at best, not very intrusive) but more spammer resistant) way of obfuscating emails on a web page.
As with any type of obfuscation, if a human or computer can easily de-obfuscate it, then a spammer could easily do the same. Because of this, I'm not expecting a foolproof obfuscation, however I was curious to see what other suggestions were out there. Searching Google didn't reveal any solutions that I consider better than my current solution. I was wondering if there were any other good alternatives.
I've used HiveLogic Enkoder in the past with pretty good success. If anything you might want to take a look at how Dan's encoding works as it might give you some ideas to make an even more robust obfuscator.
If you really want to protect email adresses there will be no other way then generating images for non-JavaScript users.
I used to use something like this:
<script type="text/javascript">
//<![CDATA[
scrambler('c.arb@oof||mo');
//]]>
</script>
<noscript>
<img src="scrambler.php?t=c.arb@oof||mo" alt="Emailadresse" />
</noscript>
scramble
is a very simple JavaScript function, I think you easily could figure out what it does. (It will result in: <a href="mailto:foo@bar.com">foo@bar.com</a>
) scrambler.php
is the same, except in php and a gd backend to generate images.
Figure something out that is not about some encodingtricks or replacing something by something else.
EDIT: Here is my algo:
function scrambler (text) {
parts = text.split("||");
var reverse = function (s) {
var ret ='';
for (var i=s.length-1;i>=0;i--)
ret+=s.charAt(i);
return ret;
}
text = reverse(parts[0])+reverse(parts[1]);
document.write(text);
}
I have used this generator http://www.wbwip.com/wbw/emailencoder.html service for awhile and it works great. I usually use parts of the encoded address and part that are not.
For example ...
user@po.com == user@po.com
I might change to...
user@po.com == user@po.com
One way to obfuscate the email for a computer would be to write the email as an image and not as text. This way it is still easy for a human to read the email adress and quite hard for a computer.
As stated by Steve Gilham it is not that hard to get the email with OCR. And text only browsers don't support them. Thus, Scott's solution is probably the best solution.