2 Replies Latest reply: Sep 26, 2011 5:57 AM by kivcre RSS

    What is email obfuscation?

    jl2000 Community Member

      Hi -

       

      I have a way of over thinking things.  This may be one of those situations.

       

      I have a customer requesting that their email addresses be protected from email harvesting robots.  So I've been doing some reading - - - which has led to some confusion.

       

      Is the point of email address obfuscation to hide/distort/whatever email addresses that appear in the source code, or the displayed text, or both?  What are the harvesters looking at?

       

      TIA for some experienced input.

       

      JL

        • 1. Re: What is email obfuscation?
          MurraySummers CommunityMVP

          Here's an example of email obfuscation:

           

          <p>Send mail to me:<script type="text/javascript">

          var me = "goobers@";

          var dom = "example.com";

          document.write('<a href="mailto:' + me + dom + ">" + me + dom + "</" + "a>");

          </script>

           

          When this code is executed, the results on the page are readable and actionable by the human visitor, but the code (as you see above) doesn't appear to contain an email address.  The email address has been obfuscated.

           

          While an attractive sounding alternative, I'd guess it's mostly ineffective.

           

          The way to really kill harvesting is to use a form to collect the visitor's comments and then to send the form with server scripting rather than using a mailto: address which relys on a functional local email client.

          • 2. Re: What is email obfuscation?
            kivcre Community Member

            I'm no expert, but the advice I hear is that it's a bad idea to place an email address out there so any bot can come by to snag it. That's whether you place it in the code or in the displayed text. The email address then gets passed on to spammers, and, boom, your client is getting emails touting the benefits of V!@GRA.

             

            That being said, several of my own email addresses are out there for all the world to see on a number of sites I develop. The amount of spam I get is tolerable. The same is true for many of my clients. They're in the business of wanting people to contact them easily, so they want their addresses visible on the sites I manage for them. LOTS of corporations ignore the "don't-put-your-address-online" rule.

             

            However, there are plenty of other times when we choose not to put the address online.

             

            An approach I've used is to add a reply form to a site. Visitors fill in their name, email address, and message into the form. When they submit, an email is generated in the background and goes to the designated recipient, i.e. your client. No email address is visible to bots or anyone else for that matter.

             

            This feature is available in many content management systems (CMS). For example, in WordPress you can easily add a contact form plug in. "Contact Form 7" is a good option.

             

            If you're managing a static HTML site, I suggest using a PHP script like Formmail (http://www.tectite.com/formmailpage.php). I've used installed and used this script many times. It's very high quality, has a lot of advanced features, and allows you to "mangle" email addresses to make them unrecognizable by bots. The tectile.com site has excellent documentation as well.

             

            Good luck.