Email Address on Your Site, SPAM Protection, Obfuscating

Placing emails on your site

For most site owners, placing an email on the site so visitors can get in contact, is very important. Preferably visitors only need to click on the email address, write a message and sent it.

Unfortunately, putting your email on your site or any other place on the Internet, has become a problem. With the growing use of the Internet and emails, the problem of spam is also getting bigger and bigger. One of the things spammers do is email harvesting. That is, scanning the Internet to find emails to which they can send their spam. For this reason, it is not a good idea to put an email on you site just like that, without obfuscating it from spammers. If you do, it won't take long before you start receiving spam, and it won't take long before you receive so many spam mails, it becomes difficult to find emails that interest you between them. That is why you need to protect emails on your site by hiding them from spammers.

Go down to: Obfuscate your email address icon in-page link

Four classic ways to hide emails

Basically there are four ways to hide emails from harvesting bots.

Placing the email as an image. This used to work very well but now there are bots using Optical Character Recognition (OCR) to extract emails from images. I am pretty sure one of my emails became target of spammers like this. Because some people disable Java or don't have it on their system, possibly for safety reasons, I still use images for emails but I cut it up so reading one image will not reveal my email. Let's see for how long that works well enough.
Replacing key characters and introducing illogical characters or words, in a way that humans can still recognise the address but robots can not. This technique is often referred to as obfuscating or munging. Most common is replacing [@] with [at] and [.] with [dot]. Example: "me@mysite.com" becomes "me [at] mysite [dot] com". Some other examples, where characters are introduced to fool spam bots, are: "m e [ a t ] m y s i t e [ d o t ] c o m", "m-e [at] m-y-s-i-t-e[dot]-c-o-m" or "me [at] mydelitethissite [dot] com". Simply replacing [@] and [.] with [at] and [dot], like in the first example, isn't effective anymore. Harvest bots already recognise this. Other varieties, I think, are either to complicated for site visitors to solve or it will only be a matter of time before the harvest bots can decipher it.
Placing HTML tags in the email address is also used. I don't think this can be very effective. HTML is a standard and standards are meant to make life easer. If you use the HTML or any other standard tags, to hide an email, you make life easy for the decipherer. A harvest bot writer only needs to build in a filter for HTML tags to detect and decipher emails hidden this way.
Changing letters into codes. There are many sites claiming to provide obfuscators or encrypters. Most don't do much more than changing letters to their ASCII code or Unicode. That seems a bit to simple to fool people who can earn a lot of money with harvesting email addresses. Because this encoding is based on a standard, ASCII or Unicode, it is easy to build software that recognises these codes and changes them back. To improve protection a bit some use "ROT13" (rotate by 13 places) which means the value 13 is added to the value of the ASCII code. More detail at Wikipedia Not very difficult to crack.

This multi-key email address obfuscater

The email address obfuscater on this page should provide better protection because it uses different keys for standard elements and non-standard elements of the email address. Moreover, it produces a Java script which needs to be run in the visitors browser to decode the email. It seems that, at least for the moment, spambots can not run Java scripts.

Using the same key for everything makes it too easy to find the email address. As said above, it is not very difficult to discover a key based on a standard. Standard elements like [mailto:] or the domain name can give away the key. Comparing the encoded email address with standard elements like this, makes it possible to derive the key and discover the enciphered email. Using a separate key for different parts of the email address makes it much more difficult to find the hidden email address. That is the principle behind the email address obfuscater on this page. Care was also taken that no part of the encoded email is recognisable anywhere in the produced Java script.

Go down to: Encrypt your email address icon in-page link

Privacy

As can be expected from this page, I don't like spamming nor other invasion of privacy. Therefore I will not collect, much less pass to others or sell the email, entered in the fields, to be encoded. The code is generated automatically and, as far as I can control it, non of the entered or generated information will be stored or provided to others.

Free

Some things still are for free. I use much of the free stuff available on the Internet, some of it is really good. That is one of the reasons I chose to place this email address obfuscater on my site and allow visitors to use it for free, to contribute, to give something back.

Obfuscate your email address

To have your email address enciphered or obfuscated, type it in the given spaces, click [Generate] and the JavaScript code will generated. Select all the Java code from the box. Copy and past it to the page where you want the email to appear, at the place where you want it to appear. For your visitors it will work as a normal [mailto] link. They can read it, click on it so their email program opens with the address in the right place, they can copy and past the email address. Email harvest bots will neither recognise it nor will they be able to decipher it.

This email address obfuscater will not be bot-proof forever but it is better than what I have seen. Until now (last update) it seems to work fine enough. Emails on this site don't seem to be harvested by spambots, only by human email harvesters. Automatic harvesting and spamming typically shows an exponential increase of spam which hasn't occurred and content of received spam is linked to the content of the site. Hopefully this email address obfuscater is going to work fine enough for quite a while longer.

Try it and if you like it, I would appreciate some feedback like an email a message on Signal or my message board icon exit-page link , informing how well it worked. If you don't like it or found a problem, feedback will be greatly appreciated as well.

'Bugfix': the bug I thought was in this script was actually on my site [2024-04-22].
The script is working fine.

Generate code of email address obfuscator

Please, leave intact, in the Java code, the note with author, link and copyright.

/*<![CDATA[*/
/**
***********************************************************
****              Mail Harvesting Protection.
****       This script and its generator developed by
****             (c) 2009-2021 Ton van Hattum
****               www.tonvanhattum.com.br/
****
****               To hava a free JavaSript
****     email address obfuscator for your site, visit:
****     https://tonvanhattum.com.br/email_encrypter.php
****
****           Please leave this message intact.
****
***********************************************************
**/

var mkvur='';
var mkirst='';
var mkdan='';
var mkdrtss='';
var mknt='';

var vur=[69,106,41,113,123,110,111,70,43,118,106,114,117,125,120,67]
var irst=[]
var dan=[]
var drtusse=[45,73]
	var ent=[77,64,114,79]

var sl3=3

var sl5=17
var sl6=11
var sl8=9
var sl9=10

for (var i=0; i<vur.length; i++)
		mkvur+=String.fromCharCode(vur[i]-sl8)
	for (var i=0; i<irst.length; i++)
		mkirst+=String.fromCharCode(irst[i]-sl3)
	for (var i=0; i<dan.length; i++)
		mkdan+=String.fromCharCode(dan[i]-sl9)
	for (var i=0; i<drtusse.length; i++)
		mkdrtss+=String.fromCharCode(drtusse[i]-sl6)
	for (var i=0; i<ent.length; i++)
		mknt+=String.fromCharCode(ent[i]-sl5)
	mailToShow = mkvur+mkirst+mkdan+mkdrtss+mkirst+mkdan+mknt;
	document.getElementById('encrptpost').innerHTML = mailToShow;

/*]]>*/

This is the email address obfuscated with the JavaScrip above:

How to put the JavaScript on your web page

To have the obfuscated email show on your web page, readable and clickable, copy the generated code from the box. Put it in your html file between script tags <script> </script> or without these tags in a file with the extension .js for JavaScript. Something like obfuscated-mail.js

Place an html element like a paragraph or a div with id="encrptpost", there where you want the obfuscated email to appear. With the present code only one email per page possible and only this ID id="encrptpost" will work. The JavaScript will replace the content of this element, if any, with the obfuscated email.

You can write something like a placeholder or warning in the element. Two examples:

<div id="encrptpost">Email should be here.</div>

or

<p id="encrptpost">Something went wrong. The contact email should be here.</p>

After this element, call the JavaScript file into the html file as shown below:

<script src="obfuscated-mail.js"></script>

In case the file is not in the same folder as the one where it is used, the path needs to be informed. Something similar to the following.

<script src="../java/obfuscated-mail.js"></script>

If you really need more than one address on one page this is possible by, for each, using a different HTML ID, a different JavaScript file and making the appropriate changes in the html code and JavaScript.

For each email-address change the ID from encrptpost to thenameyouwant in the respective html tag, like from

<div id="encrptpost">Email should be here.</div>

to

<div id="thenameyouwant">Email should be here.</div>

Change the name of the JavaScript file and in the html file, the JavaScript for calling this file apropriately. Like from

<script src="../java/obfuscated-mail.js"></script>

to something like

<script src="../java/obfuscated-mail-two.js"></script>

In the here generated JavaScript, find the following line

document.getElementById('encrptpost').innerHTML = mailToShow;

and change it to

document.getElementById('thenameyouwant').innerHTML = mailToShow;