Greg Hewgill (ghewgill) wrote,
Greg Hewgill
ghewgill

email address obfuscation

At the bottom of each of my web pages, I have a footer that looks something like this:

Greg Hewgill greg@hewgill.com

Having my email address so easily accessible for so many years (hewgill.com celebrates its 10th anniversary next year) has undoubtedly helped contribute to the incredible volume of spam I get. However, I don't want to reduce the usability and accessibility of my site, and if people would like to click on my email address to email me, they should be able to. Therefore I have refused to obfuscate my email address as it is published on my own web site.

It occurred to me that the risk of an automated email harvester robot picking up my email address could be reduced significantly by using a bit of javascript. If I avoid mentioning the actual email address as literal text in the HTML source, then the email harvester robots will probably miss it. Here's the code I used:

function email_address(a) {
    for (i = 0; i < a.length; i++) {
        document.write(a[i]);
        if (i == 0) {
            document.write('@');
        } else if (i+1 < a.length) {
            document.write('.');
        }
    }
}
function email_link(a) {
    document.write("<a href=\"mailto:");
    email_address(a);
    document.write("\">");
    email_address(a);
    document.write("</a>");
}

Then, in the HTML source where you want to use a clickable email address, do something like the following:

Greg Hewgill <script type="text/javascript">email_link(['greg', 'hewgill', 'com'])</script>

In this way, users whose browsers understand Javascript will be able to see a clickable link just as the example at the top of this post. However, automated email harvester robots won't see anything resembling an email address, so they won't pick it up. It seems unlikely to me that an email harvester would go to the trouble of actually executing embedded javascript code (if they do, I can think of a lot more fun things to do to them).

One risk with this method is it makes the email address unusable for somebody whose browser does not understand Javascript. However, with so many sites using "Ajax" and other Javascript-based technologies to offer routine functionality, I think this is a small risk today.

Having said all that, I still haven't deployed this method on my own web site. But it's live on Amy's web site if you want to see it in action.

Tags: web
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 11 comments