3

I read somewhere that hiding email address behind JavaScript code, could reduce spam bots harvesting the email address. 

<script language="javascript" type="text/javascript">
  var a = "Red";
  var t = "no";
  var doc = document;
  var b = "ITpro";
  var ad = a; ad += "@"; ad += b; ad += "."; ad += t;
  var mt = "ma"; mt += "il"; mt += "to";
  var text = "";
  if (text == null || text.length == 0)
    text = ad;
  doc.write("<"+"a hr"+"ef=\""+mt+":"+ad+"\">"+text+"</"+"a>");
</script>

This will not display the actual email-address in the sourcecode of the page, but it will display and work like a normal link for human users.

Is it any point of doing this? Will it reduce spam bots, or is it just nonsense that might slow down performance of the page because of the JavaScript?

Martin-Al
  • 133
  • 1
  • 5

1 Answers1

11

Someone did research to find out what ways would help best to prevent spammers from spidering your emailaddress, and here's the results:

http://techblog.tilllate.com/2008/07/20/ten-methods-to-obfuscate-e-mail-addresses-compared/

Their top 3 ways, according to the results:

1. Changing the code direction with CSS

<span style="unicode-bidi: bidi-override; direction: rtl;">
  moc.liame@sserdda
</span>

(shows up as address@email.com to regular visitors)

2. Using CSS display:none

<style type=”text/css”>
  p span.displaynone { display:none; }
</style>

<p>silvanfoobar8@<span class=”displaynone”>null</span>tilllate.com</p>

3. ROT13 Encryption

ROT13 encode the e-mail address with this tool or use the str_rot13 function of PHP and decode it via Javascript.

<script type=”text/javascript”>
document.write(“
    <n uers=\”znvygb:fvyinasbbone10@gvyyyngr.pbz\” ery=\”absbyybj\”>”.replace(/[a-zA-Z]/g, 
    function(c){
        return String.fromCharCode((c<=”Z”?90:122)>=(c=c.charCodeAt(0)+13)?c:c-26);
    }));
</script>Email Me</a>

Where you have to replace fvyinasbbone10@gvyyyngr.pbz with a rot13-encoded version of your mail.

So yes, it will help but you might as well just go for one of the two CSS solutions, they're much easier to implement.

Stephan Muller
  • 1,519
  • 13
  • 21
  • Good find Litso. The important thing here is that the address isn't plainly displayed in the page source. Replacing the ampersand with an alternate repsentation often works, but simply using foo[at]bar.com might not cut it these days, yet the more elaborately you decorate the address, the more likely it is to confuse users as well. Using CSS/JS obfuscates the address while still allowing users to read it or copy and paste it. – Lèse majesté Mar 12 '11 at 12:28
  • There's no point in obfuscating the code itself. That's only used if you want to hide the intention of the code from humans. But the spammer could just open the page in a browser or take 5 seconds to parse the code. Obfuscating the code also won't do anything to hinder a bot that parses JavaScript or CSS (e.g. a screen scraper). – Lèse majesté Mar 12 '11 at 12:30
  • Thank you for a good answer! I did now change from my previous JavaScript code to use the CSS code direction-thingy! :) – Martin-Al Mar 12 '11 at 12:54