How to spamproof a mailto link ?

Question

I want visitors to be able to click on (or copy) an email address directly on my webpage. However, if I could make it (a little bit) harder for bots and other crawlers to get said email address and register it in a spam list, it would be awesome.

I found different ways of doing this (i.e. encoding mailto HTML links), either with JavaScript or in pure HTML, but what do you guys recommend ? The JavaScript techniques seem more complicated, but this may potentially affect users that have it turned off, and legit crawlers like Google.

On the other hand, the HTML one seems a bit basic, the bot writers should have figured it out by now...

Should I bother at all doing this, or will the spammers get my email anyway ? I know that antispam filters are getting better and better, but if I can do something more to slow spammers down, I will.

Answer 1

JavaScript remains one of the best mailto obfuscator. For users with JavaScript disabled you may want to substitute the mailto link with a link to a contact form.

The following is a popular JavaScript anti spam email obfuscator:

• http://www.jottings.com/obfuscator/

There is also a php version of the above to be able to generate obfuscated emails from the server side.

This is the JavaScript code that the above tool would generate to obfuscate my email address (comments intact):

<script type="text/javascript" language="javascript">
<!--
// Email obfuscator script 2.1 by Tim Williams, University of Arizona
// Random encryption key feature by Andrew Moulden, Site Engineering Ltd
// This code is freeware provided these four comment lines remain intact
// A wizard to generate this code is at http://www.jottings.com/obfuscator/
{ coded = "[email protected]"
  key = "1DtzZ8TGBuhRjJMKWI4gkUF2qidfOyPmSN7X30Vpso6xvErLnwQCbalA95HcYe"
  shift=coded.length
  link=""
  for (i=0; i<coded.length; i++) {
    if (key.indexOf(coded.charAt(i))==-1) {
      ltr = coded.charAt(i)
      link += (ltr)
    }
    else {     
      ltr = (key.indexOf(coded.charAt(i))-shift+key.length) % key.length
      link += (key.charAt(ltr))
    }
  }
  document.write("<a href='mailto:"+link+"'>Email Me</a>")
}
//-->
</script><noscript><a href='contact-form.html'>Email Me</a></noscript>

Answer 2

Bot writers get enough links from links that are not encoded, so they don't really bother with decoding encoded links.

If you really want to be sure, just in case there are those that do decode, use javascript as pretty much no bot supports javascript.

Answer 3

You could use the reCAPTCHA Mailhide functionality. This will render email addresses on the form [email protected] where the ellipsis is a link to view the full address. It is a little cumbersome for the visitor but should give premium protection. Having said that, this technique will not let your visitors copy the address directly from your webpage.

I don't get the part about the "legit crawlers" like Google. At least, I am unable to see why Google should index the email address anyway. (See OPs comment below.)

Answer 4

I simply use:

<script language="javascript" type="text/javascript">
var pre = "hideme";
document.write("<a href='mailto:" + pre + "@domain.com'>" + pre
+ "@domain.com</a>");
</script>
<noscript>Enable javascript to see our email!</noscript>