Suscribe to Ecommerce Blog via RSS
Obfuscate email, but make your self email-able
May 15th, 2008 in: General, Usability
Using a simple obfuscating script on your website’s published email addresses can reduce the amount of email spam by 90% or more. Email spam primarily comes from email harvesting bots, similar to search engine bots, that scour the internet looking for email addresses to spam. There are several ways to obfuscate email addresses.
Common methods to obfuscate email addresses:
- Encoding
- Javascript
- Flash
- Using an Image instead of text
Javascript and Flash obfuscation basically create a text version of your email that cannot be read by all but the most complex email harvesting robots. These methods work well at stopping email harvesting (Flash is far better than Javascript), but your visitors must have flash installed or javascript enabled for these to work or they too cannot see your email address.
Example of what a Javascript email would look like to a computer. (From: seowebsitepromotion.com)
<script type="text/javascript">
//<![CDATA[
var email = "questions"
var domain = "ecommerce-blog.org"
document.write("" + email + "@" + domain + "")
//]]>
</script>
These can also be called externally or through an action script which is even more effective.
Images of an email address can be used in place of text. While this is probably as effective at stopping spam as flash and Javascript, it completely prevents copying the text. This makes it very annoying to try and email the site owner as contact addresses are often long and can be complex. Users are very prone to mis-entering email characters and this generally leads to frustration and annoyance by everyone. I recommend not using this method.
Encoding is by far my preferred method of email obfuscation. While it is not as effective as the other methods, it stops the majority of spambots. It does not create browser compatibility or usability issues. It is as easy to use as copying and pasting some html onto a web-page when it is being created.
Encoding can be done with a hex, decimal, and others. HTML interprets these encoded characters as the ones we see and read. This way your visitors sees an A while a computer sees an A.
Some good encoding tools:
http://www.ianr.unl.edu/email/encode/ – This is a simple and very effective encoding generator.
http://www.seowebsitepromotion.com/obfuscate_email.asp This script offers a variety of encoding and javascript obfuscation techniques.
Email Obfuscation Comparison:
| Method | Usability | Effectiveness | Difficulty |
| Flash | Bad | Extremely Good | Hard |
| Javascript | Ok | Very Good | Medium |
| Image | Bad | Very Good | Medium |
| HTML Encoding | Great | Good | Easy |
(Add your own)Comments
LOL, I had to laugh when you suggested using Flash to obfuscate e-mail. I think images are fine. Having a long, complex, and/or annoying e-mail address is a usability issue in general that typing out makes apparent. Just use a simpler prefix or be considerate of domain names usability before registering.
Flash is certainly a ridiculous method to obfuscate anything, but I included since I have seen it a few times. Javascript is probably safe nowadays since the vast majority of users have javascript enabled.
This is actually a good idea. I might use this in my personal site aswell.
@jestep: No need to worry about users not having javascript installed. Remember that you can use < noscript > tags to provide content for users that have disabled javascript. Then, you can provide an image (less usable, but very secure) or something like that. Check it out in action my site if you like:
http://featurific.com/node/23
I see a lot of people write their email in this way :
senghooi429[at]yahoo[dot]com.
I notice myspace and facebook will auto convert your email into this format.
So…its to preventing spam ?
Javascript and images can also be combined. For example you can place an image and then use JS to replace that image with a clickable mailto link that also allows the address to be selected and copied.
The only users who miss out then are those that have BOTH images and JS disabled.
This article is now obsolete regarding Flash. “Effectiveness” is no longer “Extremely Good” but ineffective. Google is now capable of indexing all flash text, and the email address in my Flash site is now visible in Google search results. Therefore, spam bots are not far behind, and there are scrape methods to gather email address from Google search results.
Leafgreen
Get your Gadgets at http://GadgetNation.net/store
Well, what is the empirical evidence that “obfuscating script on your website’s published email addresses can reduce the amount of email spam by 90% or more”?
@Vladimir: This site offers some empirical data (although not addressing your specific quote), as does this one. Both are a bit out of date (especially the second), which is significant in the constantly evolving Spy vs. Spy of spam.
And while these two rather informal studies to give some encouragement to obfuscation, I still say it’s a bad idea. Entity encoding, as this post suggests, is the easiest thing in the world to “break.” I made an <a href=”http://jasonpriem.com/obfuscation-decoder”.obfuscation decoder scriptthat breaks this technique, as well as a variety of “foo[at] bar [dot] com” approaches; it took me a few hours.
As for javascript, the post correctly points out that it’s a bit of an accessibility/usability fail. Plus, there are plenty of ways to run JS on a server; it’s only a matter of time before spammers catch on (here’s a good example). More importantly, though, it’s just bad form to spend time making information on your site harder to understand. The web is about making information public.
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed