obfuscate email in html

Question

Possible Duplicate:
Best way to obfuscate an e-mail address on a website?

I thought about obfuscating my email in my website by requesting (ajax) the server upon key validation for my email and simulate html's mailto via javascript. The app key would only work for my domain path.

I really hate spam and bots :)

How secure do you think this is? Or is there a better method?

How about just using a contact form instead of providing a email address? Add a decent captcha / other human verification and you're good to go. — Cerbrus, Jan 24 '13 at 09:04
@Cerbrus those who contact me might want to save a copy of the conversation in their mailboxes. — yoda, Jan 24 '13 at 09:07
@yoda you could include a "Send a copy of this message to myself"-checkbox ;) — Yoshi, Jan 24 '13 at 09:09
Also, contact forms really help those users who don't have a client-program installed (internet cáfes, etc.), or don't want, or aren't able, to copy the mail address (e.g. gmail, etc.). — Yoshi, Jan 24 '13 at 09:12

winner_joiner · Answer 1 · 2013-01-24T09:31:44.260

2

In my opinion, a Contactform with a captcha is the saves bet, since some bots already "interpret" Javascript.

If you really want to use Javascript. set the mailto-link via script in the Onload.

window.onload = function(){
   //do some really cool stuff
   var at = String.fromCharCode(60 + 4);
   document.getElementById("mailLink").href = "mai" + "lto:" + "great" + at +"solution" + ".com";
}

...
<a href="#" id="mailLink" >No Bots</a> 
<!-- a more inconspicuous id would be better;-) -->
...

ORRR set the Mail onclick

<a id="test" onclick="window.location.href='mailto:c@c.qt'" href="#">Mail</a>
<!--  This Part'mailto:c@c.qt' should be obfuscated like above or better  ;-)  -->

ORRR Maybe better but slower

<a id="test" onclick="MagicFunction()" href="#">Mail</a>
<script>
function Magicfunction()
{
  var ajaxMailResponce = ... some cool AJAX stuff to getmail adress as string
  window.location.href = "mailto:" + ajaxMailResponce; 
  // Maybe the servercan return the mailto part also
}
<script>

edited Jan 24 '13 at 09:31

answered Jan 24 '13 at 09:04

winner_joiner

12,173
4
36
61

captcha is quite ugly from a certain perspective. – yoda Jan 24 '13 at 09:13
2

If we're going all the way, we might as well encode `.com`, as that's recognisable :P Also, if I were writing a email harvester, I'd make sure to read the page after `onload` handlers are done. Maybe set a 1 sec time-out to set the href. – Cerbrus Jan 24 '13 at 09:17
Yes you are right, but it is more or less safe, from Bots. not humans that are tricked to enter captcha's to recieve greate online good's.... HACKERZ... :))) – winner_joiner Jan 24 '13 at 09:18
Yea, I'm just nitpicking now ;-) – Cerbrus Jan 24 '13 at 09:19
Yes you could/should encode more, the timeout is also a great idea. This code is just a baseline, from were to start. More is always better. – winner_joiner Jan 24 '13 at 09:21
I like nitpicking, helps towards a better solution! – winner_joiner Jan 24 '13 at 09:26
The _"set the Mail onclick"_ adds the mail in it's raw form to the html, that's very easy to find for a bot. – Cerbrus Jan 24 '13 at 09:42
Version 1 or 2? P.s.: even inspite the inline HTML Comment? ;-) – winner_joiner Jan 24 '13 at 10:11
The 1st one, but I didn't notice the comment. – Cerbrus Jan 24 '13 at 10:29

score 0 · Answer 2 · answered Jan 24 '13 at 09:02

0

You can always convert the text version of your email address to an image and display that instead. Depending on the framework/platform you are using, there might even be a codebase you could easily adopt. See Convert Email Address To Image Using PHP To Avoid Harvesting.

answered Jan 24 '13 at 09:02

Zorayr

23,770
8
136
129

1

I wouldn't be surprised if there's bots that can read text from images, especially if the image is like a screenshot of the text (Clear font). – Cerbrus Jan 24 '13 at 09:03
1

Harvesting already takes so much memory and time - I doubt there are many spammers who pick arbitrary images and try to extract text from it, and then match the extract text to an email address format. At the end of the day, if you are really getting hit by spammers, maybe it's not such a great idea to post your email address in the first place. Just a suggestion. – Zorayr Jan 24 '13 at 09:06
1

The problems with a image as email are: Users have to copy the email by reading / typing it, users can't click it (Or bots'll easily find the email it links to), and bots could easily recognise a image that's `150px` wide and `18px` high as a image that's likely to contain text. So, it's __far from user-friendly__, and it's not preventing __determined spammers__ from accessing the email. – Cerbrus Jan 24 '13 at 09:09
(Also, where's the harm in slowing down spammers? :P) – Cerbrus Jan 24 '13 at 09:15
Well, **determined spammers** will find your email if it's in any way visible to a public user. It is all about adding several layers of protection and adding image emails is just another layer against spammers. I think you should give it a try and see the results before switching to more complex solutions. – Zorayr Jan 24 '13 at 09:16

score 0 · Answer 3 · answered Jan 24 '13 at 09:30

0

In wordpress they have an antispambot function: http://codex.wordpress.org/Function_Reference/antispambot

This converts the email into html entities - still possible to use a mailto just looks like gobblydegook for everything else. Perhaps something to look at.

answered Jan 24 '13 at 09:30

matpol

3,042
1
15
18

Thats an old trick, I would expect some bots to be able to track it down. – yoda Jan 24 '13 at 09:32
1

@yoda: make that "Most bots". HTML entities are fairly easy to recognise. – Cerbrus Jan 24 '13 at 09:43

obfuscate email in html

3 Answers3