How to Hide your Email Address on Web Pages

28 点作者 Ashuu超过 11 年前

16 条评论

I use my own function to character encode all the letters except the @ sign and split it into multiple writelns via JavaScript. It has a NOSCRIPT fallback as well (email AT address DOT com) which is also character encoded. The combination has worked well on client sites with clean email addresses. My own personal email address was in the clear for years and still is on other sites, so that one is a bit hopeless.My Obfuscate Mailto function is available for direct use on my site as well as a PHP and ASP function for plugging in to other sites: <a href="http://johnhaller.com/useful-stuff/obfuscate-mailto" rel="nofollow">http://johnhaller.com/useful-stuff/obfuscate-mailto</a>You can view the result by plugging an email in to that form or by viewing the source on my contact page: <a href="http://johnhaller.com/contact" rel="nofollow">http://johnhaller.com/contact</a>

jrockway超过 11 年前

Is spam from address-scraping bots still a problem? I get why people did it before there was spam filtering, but these days, who cares?

评论 #7012843 未加载

评论 #7012137 未加载

评论 #7012325 未加载

评论 #7012200 未加载

kilian超过 11 年前

The reality is, spambots will get through it eventually no matter what, and you will only end up increasingly inconveniencing your visitors. (How pissed would you be if you copied an email address somewhere and it appeared in reverse?) With email being what it is today, it's up to the receiving end to have good anti-spam software running.

arkitaip超过 11 年前

Make sure to read "Nine ways to obfuscate e-mail addresses compared" as it tells which technique is most effective<a href="http://techblog.tilllate.com/2008/07/20/ten-methods-to-obfuscate-e-mail-addresses-compared/" rel="nofollow">http://techblog.tilllate.com/2008/07/20/ten-methods-to-obfus...</a>Ultimately, obfuscating your email address might be futile<a href="http://www.theguardian.com/technology/2010/dec/21/keeping-email-address-secret-spambots" rel="nofollow">http://www.theguardian.com/technology/2010/dec/21/keeping-em...</a>

评论 #7012449 未加载

kylec超过 11 年前

To me, email address obfuscation seems like one of those things that everyone does because everyone else is doing it. However, I've had my email address public and unobfuscated for years and I get very minimal amounts of spam, largely thanks to Gmail's wonderful spam filter.

评论 #7013640 未加载

sdfjkl超过 11 年前

Unicode may help a bit too: ﹫＠ != @The one that spammers haven't figured out yet is: "My name is Bob and you can email me at this domain." (anywhere in a page under bob.com).

评论 #7012771 未加载

评论 #7012430 未加载

neilk超过 11 年前

I have had my email address available on a web page, with only minor obfuscation (escaping characters, sometimes in different encoding schemes) for over a decade. I don't get a lot of spam on that address.I doubt there's any economic incentive for an email-harvester to solve the problem of even trivial obfuscation. These days you can buy tens of thousands of email addresses for a small amount of money. These are harvested from e-commerce and social media, and are much more likely to be real and current, and the targets more unsophisticated about clicking on ads.EDIT: Actually there is an incentive; when the algorithm is applied on behalf of many naive users. So maybe the built-in algorithm in WordPress is actually more targetable than something you make up yourself. This isn't crypto; it's just obfuscation, so being original may help.

krapp超过 11 年前

I typically have a form on the site do the emailing directly. Here is a plugin I wrote for Wordpress to do this, which is basically just a mailer with a CSRF token: <a href="http://wordpress.org/plugins/plainmail/" rel="nofollow">http://wordpress.org/plugins/plainmail/</a>The best solution to me is to simply never have an email address visible on your site anywhere.... and yes, before someone points it out, having a form on your site is just as much of an issue potentially.

评论 #7013131 未加载

al2o3cr超过 11 年前

All of these are interesting, but ultimately fall down on the same point: spam "bots" harvesting emails aren't always programs anymore. One could write a pretty straightforward program that grabs all the bits of webpages that look email-like (techniques like these would make them EASIER to ID) and then gets them read by people with a Mechanical Turk-style process.

__david__超过 11 年前

My technique was to use a "+spam" suffix on my email user with the idea that when the spambots got it, I'd just ban that address and change the web site to use "+spam1". That was over 10 years ago and I've never once gotten spam to that address. Turns out spambots aren't a problem any more after all.

elliottlan超过 11 年前

I've always been a fan of codeigniter's 'safe_mailto' function.See here: <a href="https://github.com/EllisLab/CodeIgniter/blob/develop/system/helpers/url_helper.php#L260" rel="nofollow">https://github.com/EllisLab/CodeIgniter/blob/develop/system/...</a>

sogen超过 11 年前

I remember reading an article that tried several methods on publicly email addresses and tallied how each one got spam. Turns out ROT13 was the best. I use this tool: <a href="http://rot13.florianbersier.com/" rel="nofollow">http://rot13.florianbersier.com/</a> So far so great.

vezzy-fnord超过 11 年前

You can also simply display the address as an image. I don't know how many spambots actively crawl and apply OCR to general images, rather than just specifically programmed CAPTCHA procedures.

评论 #7013143 未加载

yogo超过 11 年前

Clever trick. However, the bots will eventually catch on.

bound008超过 11 年前

You can also use <a href="http://boun.cr" rel="nofollow">http://boun.cr</a> it's like bit.ly for email addresses.

foolproof超过 11 年前

or just use scr.im [¹], originally developed by Ozh [²].[1] <a href="http://scr.im" rel="nofollow">http://scr.im</a>[2] <a href="http://ozh.org" rel="nofollow">http://ozh.org</a>