Email Obfuscation, Learned the Hard Way
Tagged as: JavaScript
You just don’t know what you got ’til
it’s gonesome Nigerian ex oil minister offers it to you for assisting him in his escape from an oppressive regime.
Wow, sometimes I can be a real moron. What was I thinking, putting my email on a website? How could I be so naïve as to want to provide a way for my readers to communicate with me?
Needless to say, the spam has begun arriving at my virtual doorstep. I quickly took down the links, but for all I know, it’s already too late. Regardless, I did some quick reading on how to limit one’s exposure to email harvesters. While there are plenty of links out there, I think Nadeau Software Consulting did it best with their article on Effective Methods to Protect Email Addresses From Spammers. They even include a handy table that shows each method’s effectiveness (as of 2007, anyway), usability, browser support and accessibility.
I decided to go with the Javascript method, as simply replacing letters with character codes is something most email bots can get around, it seems. My script is dead simple:
function writeEmail() {
var n = "jack";
var d = "spaceforaname";
var e = "com";
document.getElementById('email').innerHTML = '<a href="mai'+''+'lto:'+
n+'@'+d+'.'+e+'">Send me an email</a>';
}
I broke up the email address into three separate variables and even split ‘mailto’ into two parts separated by an empty string, just to play it safe. I also took an idea from this article by Tauros Marketing and made sure to accomdate folks without javascript. To do so, the default html of my ‘email’ element is my email address written out in plain text, with the ‘@’ and ‘.’ replaced by images. The alt and title attributes have also been set to accomdate those without the ability to display images. The HTML looks like:
<span id="email"> jack <img src="img/shift-2.gif" alt="-at-" title="-at-" /> spaceforaname <img src="img/dot.gif" alt="-dot-" title="-dot-" /> com <script type="text/javascript">writeEmail()</script> </span>
So, as long as email harvesters haven’t been upgraded to execute javascript code or decipher image alt tags, I should be safe. Well, safer. I kinda feel like it’s only a matter of time before even these methods become useless. All we can hope for is that the people (if they really are human, that is) who write email harvesters are lazy and won’t bother upgrading their code as long as the easily attainable email addresses keep flowing in.
spaceforaname
com
aaron forever at powergerbil dot whatever extension is cheapest