Stopping Email Spam
August 15, 2004 6:53 PM   Subscribe

ObfuscationFilter: I know putting a unobfuscated email address on your website is a bad idea these days, mmmkay. So I was wondering how can I put my email address on my website without being spammed to hell and back.
posted by keswick to Computers & Internet (15 answers total)
Insert it as a graphic, rather than a mailto: link.
posted by stonerose at 6:56 PM on August 15, 2004

use javascript to write it out in two parts, like document.write('mailto:me');

or you could use an encoder like the one here to put it in as character entities.
posted by Hackworth at 7:17 PM on August 15, 2004

I like the Enkoder from Automatic Labs. They're good people; it's safe to use their online form to encode your address. They make a desktop app you can keep around if you have many addresses to encode.
posted by bcwinters at 7:19 PM on August 15, 2004

In my experience it's enough to replace at-signs with "@" and dots with ".". Browser understand it, spammers apparently not.
posted by reynaert at 7:23 PM on August 15, 2004

*sigh* looked fine on preview

... at-signs with "& # 6 4 ;" and dots with "& # 4 6 ;" (without the spaces) ...
posted by reynaert at 7:24 PM on August 15, 2004

Here's a method I created (at least I think it's original, someone might have beat me to it) back in the day. It seems to have worked pretty well for me.

First, write your web address directly in the HTML in a way that a human can read, but neither browsers nor spambots can translate into an actual working link. E.g. <a href="firstnameATthisdomainDOTcom">firstnameATthisdomainDOTcom</a>

Then, add this javascript to your header:
window.onload = function() {
if (!(document.getElementById && document.getElementsByTagName)) return;
var trueaddress = 'myaccount'+'@'+'mydomain.'+'com'; //this is your actual email address, broken up into parts
var hiddenaddress = 'firstnameATthisdomainDOTcom';//this is the somewhat obfuscated address you use in the HTML
for (var i = 0; document.getElementsByTagName('a')[i]; i++) {//loops through all links in page
document.getElementsByTagName('a')[i].href = document.getElementsByTagName('a')[i].href.replace(hiddenaddress, trueaddress);
if (document.getElementsByTagName('a')[i].title) document.getElementsByTagName('a')[i].title = document.getElementsByTagName('a')[i].title.replace(hiddenaddress, trueaddress);
if (document.getElementsByTagName('a')[i].innerHTML) document.getElementsByTagName('a')[i].innerHTML = document.getElementsByTagName('a')[i].innerHTML.replace(hiddenaddress, trueaddress);
This way, modern browsers with javascript replace the obfuscated version with a true clickable link, but users without javascript still get an address they can manually figure out.
posted by kickingtheground at 7:47 PM on August 15, 2004

In kickingthegrounds example, it might be worth noting that innerHTML is an IE property, mozilla and other browsers do not support it.
posted by lkc at 8:09 PM on August 15, 2004

In kickingthegrounds example, it might be worth noting that innerHTML is an IE property, mozilla and other browsers do not support it.
Actually, while .innerHTML is indeed non-standard, it works just fine in IE, Mozilla, and Opera (and, I believe, Safari as well).
posted by kickingtheground at 8:25 PM on August 15, 2004

If you have access to CGI, do this:

Make the HREF point to a CGI script. Make that CGI script fire off a HTTP redirect to "".

Spambots will generally scan actual HTML for addresses, but not look at HTTP headers, or follow the redirect.

I've found this works fine in most browsers, though - they'll "redirect" to the mail client.
posted by Jimbob at 8:25 PM on August 15, 2004

There are email-harvesters clever enough to ferret out things protected by some javascript ofuscators. This page lets you test web pages to see how well you've protected your email addresses (of course, it may be better or worse than any given spammer's harvester.)

It got the email address on the page I'd protected with the method Hackworth cited; kickingtheground's look like it stands a good chance of beating it, though.
posted by Zed_Lopez at 8:30 PM on August 15, 2004

If you have a Mac, SpamStopper's nice -- just plug in an email address and let it go.
posted by Katemonkey at 12:37 AM on August 16, 2004

You could try this little flash app I wrote:

Works with any browser with flash (pretty much 100%), and also gives the benefits of actually being able to see the e-mail address in the page
posted by derbs at 3:22 AM on August 16, 2004

If you're using dreawmweaver there's a nice little extension you can get that obfuscates emails. It rocks.
posted by damnitkage at 5:51 AM on August 16, 2004

Put up an unobfuscated email, and just change it every so often. e.g., Whenever you start getting spam there, change randomstring and point the old one to the bit bucket.

(There are of course many different ways to set it up so that you only change your email address in one place, and it changes it on all your pages. I use server-side includes.)
posted by DevilsAdvocate at 9:37 AM on August 16, 2004

Response by poster: DevilsAdvocate: that is not an option. I need an address that will remain static. It's a contact email for a business.

Thanks to everyone for the suggestions!
posted by keswick at 9:59 AM on August 16, 2004

« Older Which pr0n movies are your favorite?   |   B2 Visa to USA Newer »
This thread is closed to new comments.