Email spam

Hi all,

<a href="">E-mail Me!</a> 


 <a href="">
<img src="rabbit.jpg" alt="bunny" />

Are these easy to read for spam robots / just the same as…

 email me at


Simple solution has worked for me so far:

<script type="text/javascript">
emailE=('myemail@' + 'mydomain');
document.write('<a href="mailto:' + emailE + '">' + emailE + '</a>');
Email address protected with javascript.  Please enable javascript to view.

To get even fancier, you could put the email address coded into an image between the noscript tags instead of the error.

By the way I am surprised by how often I see a naked email address…


3 (Web designer)
4 (Web designer)

The same it basically reads the word: mailto: so the image is irrelevant if you still have a ‘mailto’ underneath.

I use this one - combines javascript with character codes

This seems to work pretty well. (h/t RalphMason)

I’d love to know the answer, myself (:

I haven’t actually tried this solution on enough different sites for long enough to know for sure from experience.

Anybody else have an opinion?

Stevie, that’s such an easy fix, I can’t believe it works that well. Not doubting you, just marveling at the simplicity of it. :slight_smile:

Jason, I’ve been given to understand that javascript that basic is fairly easily cracked by the spambots. What do you think?

I mean that it doesn’t snare a lot of spam. It will work in just the same way as using a regular @ in the mailto:, but the question is how effective it is at sneaking past spambots without being recognised - and in my experience, it is pretty good at that.

This is nice and easy - what do you mean by ‘pretty effective’?


If you want to go all out you could also take a look at this:

Although I wouldn’t use the output buffer they suggest, but encrypt e-mail addresses manually as you encounter them.

What I’ve been doing for years, and seems to be pretty effective, is to replace the @ with & #064; (without the space after the &) - it gives the same result, but spam bots don’t seem to recognise it.

Sorry but I really don’t like that style of example. It both breaks the informations accessibility (so you’re discriminating against the disabled) and it’s obtrusive.

My solution is very simple… Use a form, Redirect to a PHP file which pushes the URL and then redirects back… or don’t do anything and get a better spam filter. :stuck_out_tongue:

You’re right, this method doesn’t accomodate the vision-impaired, and that’s a weakness. However, my sites almost always feature a PHP contact form in addition to a mailto: email address, so everybody with any disability is covered one way or another.

The drawback of your form-based method, as I see it (apart from the fact that it isn’t as trivial to implement) is that some users don’t have a mailto: action correctly configured for their browsers. Using javascript obfuscation, these users can still right-click and copy the email address, then paste it into their email client of choice.

Oh, I should have clarified, with the form I didn’t mean use the mailto pseudo-protocol, I mean’t have a proper script (like with PHP) to send the email - issue free.

It’s much easier to eliminate the bad spammers if you don’t have the email address mentioned whatsoever in the page or source code. :slight_smile:

True, but if you can present an email address directly in the course of a paragraph, that reduces the number of clicks most users will have to make in order to contact you. Which would make Steve Krug proud I’m sure. :slight_smile:

But mailto is probably a sign of poor usability in itself. You’re assuming the end user will either have an application that can handle mail or that the one they have they will be used to using. Usability wise, it’s more preferential to allow people to mail you within the active browser window (without being shoved elsewhere to send you an email from some strange application). I’ve no problem with embedding the email (with no link) in the page, but for usability, it’s much better (and safer) to use a well produced form without forcing them to their own devices! To quote Steve Krug: Consistency is Key, <<< forms provide a consist experience. :slight_smile:

Consistency is important, but accommodating people’s preferences is also important. Some may want to use the form, some may like mailto, some may want to copy and paste. :slight_smile:

I can see it both ways.

At any rate, an email address presented in the text must obviously be disguised whether linked or not.

Unless you just show it and have a decent spam filter at the other end to sweep away the unwanted fluff! :wink:

Hate to bring up an old thread, but I remembered this discussion tonight when I ran across this article. It may be somewhat outdated but is pretty thorough. The author states that a javascript-cracking spambot is unlikely anytime soon as it would run the risk of bogging down in bad/non-terminating code. The rest of the article, which deals with the whole issue of email obfuscation, is well worth reading.