tags:

views:

122

answers:

5
+6  Q: 

Best way to obfuscate an email address

I'm creating an application that requires passing email addresses around in querystrings and linking to these pages in public documents.

I'd like to prevent my site from becoming spambot heaven, so I'm looking for a simple algorithm (preferably in JavaScript) to encrypt/obfuscate the address so it can be used publicly ina URL without making the email address an easy target.

ex

www.mysite.com/[email protected]
 to
www.mysite.com/page.php?e=aed3Gfd469201

Preferably the result would be a short-ish string that could easily be used in a URL. Any suggestions for what algorithm I could use?

A: 

How about simply hashing the email, say with sha256?

Zimm3r  2010-08-10 02:42:05
And how do you get the email back again?
Borealid  2010-08-10 02:51:57
I thought of this, but then I hit Borealid's realization.
MarathonStudios  2010-08-10 03:15:14
+7  A: 

RSA-encrypt the data using the public key corresponding to a private key held only by your site.

Base64 and urlencode the result.

Borealid  2010-08-10 02:42:15
This is the only 'secure' way of doing it. You could do simpler things like ROT13, etc which would be easy and fool most types of spam bots, but you know... easy to overcome if someone writes a custom spam bot.
thomasrutter  2010-08-10 02:56:18
RSA seems a bit heavy duty for my needs. I don't need to completely "secure" the email, I just need to make sure that it's protected from spambots and (preferably) doesn't look like an ugly rot-13'ed email like [email protected].
MarathonStudios  2010-08-10 03:16:49
Then skip the encryption and just base64 the string.
Paul Sasik  2010-08-10 03:20:33
+1  A: 

Some options coming to my mind :)

Nikita Rybak  2010-08-10 02:49:23
+2  A: 

you can make a simple function, which would xor each char value with some integer, and make a hex encoded string. (email addresses do not contain non-ascii characters, so it won't complicate with multibyte chars). e.g.:

obfusc = function(s, c) {
  c = c || 0x7f;
  r = "";
  for (i in s) {
    valh = (s.charCodeAt(i) ^ c).toString(16);
    if (valh.length == 1) valh = "0" + valh;
    r += valh;
  };
  return r;
}

deobfusc = function(s, c) {
  c = c || 0x7f;
  r = "";
  for (var i=0; i<(s.length/2); i++) {
    r += String.fromCharCode(parseInt(s.substr(i*2, 2), 16) ^ c)
  };
  return r;
}

addr = "[email protected]";
x = obfusc(addr);
alert(addr + " -> " + x + " -> " + deobfusc(x))

// [email protected] -> 15101a3f1a071e120f131a511c1012 -> [email protected]
mykhal  2010-08-10 04:06:25
A: 

The simplest method is simply to store the email addresses within a database table, and pass around a key / ID field that you look up at the point where you want to actually send an email.

caf  2010-08-10 05:28:49

related questions

I ALMOST understand how email works, but I'm missing something.
Sending Email in .NET Through Gmail
MS hotfix delayed delivery.
How to send email from a program _without_ using a preexisting account?
Email SMTP validator
Maximum length of a MIME Content-Type header field?
If email is not the answer then what is?
Accessing an Exchange Server without Outlook
Recommendations for a .NET component to access an email inbox
Email queueing in php
How do I open the default mail program with a Subject and Body in a cross-platform way?
How do I send a file as an email attachment using Linux command line?
Read from .msg files
What was your biggest mistake involving programmatically sending email?
Good email service for bulk emailing
parsing raw email in php
Is there any wiki engine that supports page creation by email?
Sending emails without looking like spam
What's in your .procmailrc
Why won't Entourage work with Exchange 2007?
Can I use JavaScript to create a client side email?
E-mail Notifications
Is a "Confirm Email" input good practice when user changes email address?
MAPI and managed code experiences?
How do you make sure email you send programmatically is not automatically marked as spam?