Scramble email

I have a form for a guestbook, where visitors of the website can leave a message, including their emailaddress.
All input is written to a txt file which is displayed on the page where the form is.
Is there a way to display the emailadress funtional but not readable for spambots?
This is the code that read the txt file:

          for ($i=$start;$i<$start+$amount && $i<sizeof($gastenboek);$i++) {
            echo '<TR><TD><B>'.($email!=""?'<A href="mailto:'.$email.'">'.$name.'</A>':$name).'</B></TD><TD align="right"><B>'.$date.'</B></TD></TR>'."\
            echo ($url!=""?'<TR><TD colspan="2"><A href="'.$url.'" target="_blank">'.$url.'</A></TD></TR>':'')."\
            echo '<TR><TD colspan="2"><SPAN>'.str_replace("\
            echo '<TR><TD colspan="2"><HR></TD></TR>'."\

Appreciate any help with this… I’m not a coder, I can read and adjust here and there but not write the code from scratch…

yes I agree using a form is better, but if you need to display an email address on a web page for whatever reason then using javascript to display the email address without including the actual address in the html code makes it nerar enough to impossible for a harvester to find the email adress in the js code as I described earlier.

For those that have javascript enabled you could use an image of the email address instead.

Using js or an image means that someone or something must actually read the email address off the screen to get it.

ok, so now you are watering down your original statement :slight_smile:

Obviously that only applies if local laws require you to do that. Otherwise it is optional.

But in any case, you are essentially agreeing with me when I said back in post no. 6 that the OP might be better off using a html form.

So where are you going with this?

Or should you be starting a new thread if you want to discuss further because this thread was about scrambling email addresses, which in some cases unless bound by law not to do so, is quite legitimate to do.

All of the stats on what percentage of people have JavaScript turned off always fall within that range. (For example w3schools which is about JavaScript and where you’d expect there is little point in those without it visiting has quoted figures between 5 and 20% as the fraction of their visitors without it - see )

Unless you have a very distorted visitor base the percentage can never go below about 6% as that percentage of people using the web are not able to use a browser that supports JavaScript at all and so couldn’t turn it on if they wanted to. That’s why all web sites MUST provide an alternative way to use the web site without JavaScript. You are likely to end up being sued if you don’t (there have been multi-million dollar settlements in the past where sites haven’t been usable without JavaScript and a disabled person has taken legal action under their country’s anti-discrimination laws). So having ONE visitor without JavaScript is sufficient to REQUIRE that you have a non-JavaScript alternative (of a few hundred million dollars that you want to get rid of extra quick).

I’m not sure where you plucked that figure from regarding the number of my visitors who have javascript turned off.

I have reason to believe much less than 6% of my visitors have javascript turned off?

I’m not sure what point you are trying to make here because I thought we already established we are in agreement on this point.

I already said back in post no. 6 that I thought using a form was a better option. Using javascript or an image are just other options.

I would use something else other than ‘at’ to replace the @.

I think most email address harvesters are smart enough to detect that attempt to hide the email address.

Otherwise consider using javascript to hide the email address since I am 99.99% sure email harvesters don’t go looking through js for email addresses.

<original reply>
well duh :stuck_out_tongue:

did you check his code

Nowaways, that’s much less of an issue than it used to be. (:

May I ask why you want to show people’s email address? Wouldn’t it be easier not to show those at all?

But if they did decide to make that effort then they can obtain the email address and after all they only need to get it once because once they have it then it doesn’t matter what you have in the page they can still send spam to it.

If you add the email address after a form is submitted then there is nothing they can do to get the email address. The only way they can send spam to the address is using the form and you can then change the form validation to block their spam.

Well, this seems the easiest way, but how does this fit the code I posted?

Thought this was my post…:confused::lol::smashy::lman:

The only way to hide the email address is to not place it in the web page at all. Use a contact form and add the email address after the form is submitted if you don’t want the email address harvested. Any other method where the email address isn’t harvested today, it will be by next month.

I’m not sure that is entirely correct.

You could go to extremes and brake the email address up into individual character strings in javascript and place them in one or functions. You could then use javascript to concatenate these individual character strings in various functions to display on the screen and I doubt anyone building email harvesters would spend the time and resources to build a harvester to try firstly work out if the character strings belong to an email address and if they do how to concatenate them in the correct order - it’s near enough to absolute impossibility.

I suppose the only way to get these types of emails is to either automate taking screen dumps and looking for email addresses or have people physically reading email addresses from the screen.

Nice examples, but how should I intergrate this into my php code?
I really have no idea… :blush:

Easy: You have the ALT attribute set as: Anthony Sterling - PHP Developer.
So us seing folks see your e-mail address, blind folks see: Anthony Sterling - PHP Developer. Not 100% sure if a screen reader can figure the JS out

How do you figure? Please elaborate. :cool:

Could you not just substitute the @ symbol with [at] ? This will confuddle a fair share of the bots, adding a JS requirement sucks a little. IMO.

If you check my page

You can see what I did, rightly or wrongly, I’ve not had any spam yet. :smiley:

I display the email address as an image, (you can use GD for that), if the user has JS I create a clickable link for them and replace the image.

Doing that also makes it impossible for a significant fraction of your visitors to access the email address as well. The 6-10% of your visitors with JavaScript off can’t access the email address when it is generated from JavaScript. Also those using a library or internet cafe computer may also be unable to use the email address even if they can see it since they have no access to an email client to use the link.

Blind people will need a plain text email address or a form in order to be able to send an email at all.

With the various disabilities that your visitors may have any attempt to make to conceal the address from spammers will have a greater impact on blocking real visitors using the address than it will have on spammers. You need to take that into account if you are going to try to block the address in the web page.

What you will find is that the major sites display the email address in the web page in plain text so as to make it accessible for everyone to use. They then use decent anti-spam processing to strip out all the spam before it reaches the email account in the first place.

Oke, after thinking it over again, with all the ‘no show’ advices, I’m going to not show the emailfield at all.
It has little meaning of having the address in the message posted, and gives more trouble then ease.
Thanks for all the replies…
Cheers :wave: :drink: