How can I use PHP to obfuscate email addresses so they are not easily harvested by spammers?

Question

I'm programming in PHP and would like to create web pages which have email addresses that are easily read by humans but not easily harvested by spammers. The email addresses are coming from user input, and I think I can identify an address by using a regular expression, but I'm not clear exactly how I should replace the email addresses or with what, in order to keep most automated spam bots from harvesting them.

Here's one idea: (pseudo code)

(email)@(domain.com) $1<span class="remove">DELETE</span>$2

.remove {
   display: none;
}

Hopefully the bot will trip up on the span tag.

Finally, I'm looking for a solution that will not disturb email addresses that are inside of mailto: tags.

Duplicate of How can I prevent prevent bots from collecting e-mail addresses? which is duplicate of What are some ways to protect emails on websites from spambots? and maybe some others...

Answer 1

one option: javascript email obfuscation, and images when javascript was disabled

Answer 2

Use GD and create image of your Email ID

You can use the PHP GD library to easily create an image of any given text.

A sample code will look like,

<?php
  header("Content-type: image/png");
  $im = @imagecreate(110, 20)or die("Cannot Initialize new GD image stream");
  $background_color = imagecolorallocate($im, 0, 0, 0);
  $text_color = imagecolorallocate($im, 255, 255, 255);
  imagestring($im, 1, 5, 5,  "[email protected]", $text_color);
  imagepng($im);
  imagedestroy($im);
?>

Advantages:

• Spammers can't just capture it, unless they use an OCR :p
• Very low overhead, using PNG/GIF format
• Can be created on the fly for any text

Disadvantages:

• Cannot click on the mail, as a link
• Won't work with TTS engines, a -ve for the visually challenged.

Answer 3

You can obfuscate it using CSS as well...

<span class="email-encrypt">moc.liamelgoog@avynnib<span class="email-decrypt-message">(Reverse this text to get my Email address)</span></span>

/*Decrypt Email */
.email-encrypt {
    unicode-bidi:bidi-override;
    direction: rtl;
}
.email-encrypt .email-decrypt-message {
    display:none;
}

Edit: Here, the email address in the source is in reverse - what the CSS statements does is that it reverts the email address to its original form. I hope that makes sense.

But I am not sure how effective this is - there are many bots who simulate a browser environment. I think I am better of saying something like - my email is binnyva, googlemail.

Answer 4

The above trick (using CSS) would almost certainly not work. I don't know whether bots bother looking at CSS at all, in fact I'm not completely sure that they read HTML, they probably just match the whole page on some regex's.

On the other hand, this makes poisioning their lists with spamtraps quite easy. If you want a particular address to receive spam (and spam only) to train your filters, you can put email addresses in the page which normal users won't be able to see or click on, only spam bots.

In fact, do an experiment - write a number of different email addresses with different types of link, and see how many spams they get.

I tried it a few months ago with a normal link on my web site, it took about three weeks before the trap started receiving spam.