views:

594

answers:

6

I'm trying to come up with a JavaScript email obfuscator to reduce the chance for spam in emails listed on a web site. Right now I've got a JavaScript based obfuscator that uses a combination of HTML encoding & JavaScript to convert an obfuscated email into a normal email transparently.

What I do is this:

Format the "mailto:" part of the href in links to be HTML encoded like:

mailto:

I also encode the email, replacing the @ sign with (a), so that the email reads something like:

stackoverflow(a)example.com

I then use some JavaScript to decipher all mailto links which have this (a) sign in the email and convert them to @ on page load.

This works fairly well. For people using browsers with JavaScript enabled, they see everything working normally. For people without JavaScript enabled, every mail client I know would consider the email address as invalid, however the user should be able to infer what is needed to correct the symbol.

I was wondering if there was any better (less intrusive (or at best, not very intrusive) but more spammer resistant) way of obfuscating emails on a web page.

As with any type of obfuscation, if a human or computer can easily de-obfuscate it, then a spammer could easily do the same. Because of this, I'm not expecting a foolproof obfuscation, however I was curious to see what other suggestions were out there. Searching Google didn't reveal any solutions that I consider better than my current solution. I was wondering if there were any other good alternatives.

+1  A: 

One way to obfuscate the email for a computer would be to write the email as an image and not as text. This way it is still easy for a human ti read the email adress and quite hard for a computer.

Burkhard
A: 

every time i manually obfuscate my email address when entering it to some form i wonder - what does it take an email harvester program to look for (a) or (at) or [at] etc...

images looks like only good alternative

miceuz
Unless you play CAPTCHA style tricks, OCRing images is quite trivial -- and they are not accessible to text-only browsers or screen-readers, which puts you on the wrong side of plenty of disability discrimination legislation.
Steve Gilham
+3  A: 

I've used HiveLogic Enkoder in the past with pretty good success. If anything you might want to take a look at how Dan's encoding works as it might give you some ideas to make an even more robust obfuscator.

Scott McMillin
A: 

Have a look at this jQuery approach: http://gelb3.de/blog/?p=44

maxpower9000
A: 

I have used this generator http://www.wbwip.com/wbw/emailencoder.html service for awhile and it works great. I usually use parts of the encoded address and part that are not.

For example ...

[email protected] == user@po.com

I might change to...

[email protected] == user@po.com

meme
A: 

If you really want to protect email adresses there will be no other way then generating images for non-JavaScript users.
I used to use something like this:

<script type="text/javascript">
//<![CDATA[
     scrambler('c.arb@oof||mo');
//]]>
</script>
<noscript>
    <img src="scrambler.php?t=c.arb@oof||mo" alt="Emailadresse" />
</noscript>

scramble is a very simple JavaScript function, I think you easily could figure out what it does. (It will result in: <a href="mailto:[email protected]">[email protected]</a>) scrambler.php is the same, except in php and a gd backend to generate images.

Figure something out that is not about some encodingtricks or replacing something by something else.

EDIT: Here is my algo:

function scrambler (text) {
  parts = text.split("||");
  var reverse = function (s) {
    var ret ='';
    for (var i=s.length-1;i>=0;i--)
      ret+=s.charAt(i);
    return ret;
  }
  text = reverse(parts[0])+reverse(parts[1]);
  document.write(text);
}
Hippo