Effective method to hide email from spam bots

Question

Hi. On my home page I'm using next method to hide my email from spam bots:

<a href="admin [at] example.com"
   rel="nofollow"
   onclick="this.href='mailto:' + 'admin' + '@' + 'example.com'">Contact me</a>

What do you think about it? Is it effective? What other methods do you know or use?

Answer 1

See Making email addresses safe from bots on a webpage?

I like the way Facebook and others render an image of your email address.

I have also used The Enkoder in the past - thought it was very good to be honest!

Answer 2

The best method hiding email addresses is only good until bot programmer discover this "encoding" and implement a decryption algorithm.

The JavaScript option won't work long, because there are a lot of crawler interpreting JavaScript.

There's no answer, imho.

Answer 3

There are probably bots that recognize the [at] and other disguises as @ symbol. So this is not a really effective method.

Sure you could use some encodings like URL encode or HTML character references (or both):

// PHP example
// encodes every character using URL encoding (%hh)
function foo($str) {
    $retVal = '';
    $length = strlen($str);
    for ($i=0; $i<$length; $i++) $retVal.=sprintf('%%%X', ord($str[$i]));
    return $retVal;
}
// encodes every character into HTML character references (&#xhh;)
function bar($str) {
    $retVal = '';
    $length = strlen($str);
    for ($i=0; $i<$length; $i++) $retVal.=sprintf('&#x%X;', ord($str[$i]));
    return $retVal;
}

$email = '[email protected]';
echo '<a href="'.bar('mailto:?to=' . foo(','.$email.'')).'">mail me</a>';

// output
// <a href="&#x6D;&#x61;&#x69;&#x6C;&#x74;&#x6F;&#x3A;&#x3F;&#x74;&#x6F;&#x3D;&#x25;&#x32;&#x43;&#x25;&#x37;&#x35;&#x25;&#x37;&#x33;&#x25;&#x36;&#x35;&#x25;&#x37;&#x32;&#x25;&#x34;&#x30;&#x25;&#x36;&#x35;&#x25;&#x37;&#x38;&#x25;&#x36;&#x31;&#x25;&#x36;&#x44;&#x25;&#x37;&#x30;&#x25;&#x36;&#x43;&#x25;&#x36;&#x35;&#x25;&#x32;&#x45;&#x25;&#x36;&#x33;&#x25;&#x36;&#x46;&#x25;&#x36;&#x44;">mail me</a>

But as it is legal to use them, every browser/e-mail client should handle these encodings too.

Answer 4

One easy solution is to use HTML entities instead of actual characters. For example, the "[email protected]" will be converted into :

<A HREF="&#109;&#97;&#105;&#108;&#116;&#111;&#58;%6D%65%40%73%74%61%63%6B%6F%76%65%72%66%6C%6F%77%2E%63%6F%6D">email me</A>

Answer 5

Does it work if I right-click on the link and choose "copy URL"? If not, it's very much not an ideal situation (I very seldom click on a mailto link, preferring to copy the email address and paste it into my mail application or wherever else I need it at a specific point in time).

I used to be fairly paranoid protecting my mail address on-line (UseNet, web and the like), but these days I suspect more "possible targets for spam" are actually generated matching local-parts to domains programmatically. I base this on having, on occasion, gone through my mail server logs. There tends to be quite a few delivery attempts to non-existing addresses (including truncated versions of spam-bait I dangled on UseNet back in the late 90s, when address-scraping was very prevalent).

Answer 6

have a look at this way , pretty clever and using css

Hope it helps

Cheers

Answer 7

I have a completely different take on this. I use MailHide from the reCaptcha folks for this.

Answer 8

If you have php support, you can do something like this:

<img src="scriptname.php">

And the scriptname.php:

<?php
header("Content-type: image/png");
// Your email address which will be shown in the image
$email    =    "[email protected]";
$length    =    (strlen($email)*8);
$im = @ImageCreate ($length, 20)
     or die ("Kann keinen neuen GD-Bild-Stream erzeugen");
$background_color = ImageColorAllocate ($im, 255, 255, 255); // White: 255,255,255
$text_color = ImageColorAllocate ($im, 55, 103, 122);
imagestring($im, 3,5,2,$email, $text_color);
imagepng ($im);
?>

Answer 9

I think the only foolproof method you can have is creating a Contact Me page that is a form that submits to a script that sends to your email address. That way, your address is never exposed to the public at all. This may be undesirable for some reason, but I think it's a pretty good solution. It often irks me when I'm forced to copy/paste someone's email address from their site to my mail client and send them a message; I'd rather do it right through a form on their site. Also, this approach allows you to have anonymous comments sent to you, etc. Just be sure to protect your form using some kind of anti-bot scheme, such as a captcha. There are plenty of them discussed here on SO.

Answer 10

You can try to hide characters using html entities in hexa (ex: &#x40 for @). This is convenient solution, as a correct browser will translate it, and you can have a normal link. The drawback is that a bot can translate it theorically, but it's a bit unusual. I use this to protect my e-mail on my blog.

Another solution is to use javascript to assemble part of the address and to decode on-the-fly the address. The drawback is that a javascript-disabled browser won't show your adress.

The most effective solution is to use an image, but it's a pain for the user to have to copy the address by hand.

Your solution is pretty good, as you only add a drawback (writing manually the @) only for user that have javascript disabled. You can also be more secure with :

onclick="this.href='mailto:' + 'admin' + '@' + 'domain.com'"

Answer 11

First I would make sure the email address only shows when you have javascript enabled. This way, there is no plain text that can be read without javascript.

Secondly, A way of implementing a safe feature is by staying away from the <button> tag. This tag needs a text insert between the tags, which makes it computer-readable. Instead try the <input type="button"> with a javascript handler for an onClick. Then use all of the techniques mentioned by otherse to implement a safe email notation.

One other option is to have a button with "Click to see emailaddress". Once clicked this changes into a coded email (the characters in HTML codes). On another click this redirects to the 'mailto:email' function

An uncoded version of the last idea, with selectable and non-selectable email addresses:

<html>
<body>
<script type="text/javascript">
email="[email protected]";
email_link="mailto:"+email;
</script>
<input type="text" onClick="this.onClick=window.open(email_link);" value="Click for mail"/>
<input type="text" onClick="this.value=email;" value="Click for mail-address"/>
<input type="button" onClick="this.onClick=window.open(email_link);" value="Click for mail"/>
<input type="button" onClick="this.value=email;" value="Click for mail-address"/>
</body></html>

See if this is something you would want and combine it with others' ideas. You can never be too sure.

Answer 12

Hello, there is a webpage, www.emailhide.org, that encrypts your email address in a secure manner. All you nedd to do is type in your email address and is returned html code with a link with your encrypted email. I've tried and now i use it everytime. There's also a automatic gen for webmasters. Check it out.

Answer 13

I recommend you to use e-mail protection services like protectmy.info and others (don't remember their names, but they are, I'm sure). It's much easier.

Answer 14

reCaptcha looks promising.

Answer 15

One of my favorite methods is to obfuscate the email address using php, a classic example is to convert the characters to HEX values like so:

function myobfiscate($emailaddress){
 $email= $emailaddress;                
 $length = strlen($email);                         
 for ($i = 0; $i < $length; $i++){                
 $obfuscatedEmail .= "&#" . ord($email[$i]).";";
 }
 echo $obfuscatedEmail;
}

And then in my markup I'll simply call it as follows:

<a href="mailto:<?php echo myobfiscate('[email protected]')" title="Email me!"><?php echo myobfiscate('[email protected]');</a>

Then examine your source, you'll be pleasantly surprised!