Note: This site might seem inactive… That’s because it is. Don’t worry though, I’m still coding webpages and stuff! If you’re interested, I suggest you get a translator and head over to Qiwi; or you could just check the latest site we’ve been working on: Apotheek Goethals – Debrabandere. Enjoy!
Obfuscating email addresses
John linked Stu Nicholls’s email address hiding method through CSS a couple of days ago, and I was amazed. Amazed by the few bytes of code wherewith you can prevent your email address from being spotted by some silly spam bot.
Alliterations aside, I had already written a PHP function that obfuscates your email address in the old-fashioned way — by “encrypting” it through the use of funky HTML entities. It does exactly the same as most online obfuscator tools, but I decided to functionize it for my own pleasure.
The PHP
After watching Stu’s CSS method, I thought the function could use some enhancements. After throwing in some extra arguments, this is what I came up with:
<?php
function obfuscate_email($addy, $reverse = 0, $before = '<span class="email">', $after = '</span>') {
if ($reverse) {
$addy = strrev($addy); // I put my thang down, flip it and reverse it
$encr = $before;
}
for ($i=0; $i<(strlen($addy)); $i++)
$encr .= '&#' . ord($addy[$i]) . ';';
if ($reverse)
$encr .= $after;
return $encr;
}
?>That demands a bit of explaining.
- $addy
- Contains the email address in all its unprotectedness.
- $reverse
- If this parameter is set to
TRUE, the email address will be reversed before the encryption process starts off. Enable if you want to use the ultra-cool CSS method. - $before
- Contains a string which will be returned before the obfuscated email address. Defaults to
<span class="email">. - $after
- Contains a string which will be returned after the obfuscated email address. Defaults to
</span>.
The CSS
In case you want to use the CSS reversion thing as well, you’ll have to add some extra CSS code to your stylesheet:
.email {
unicode-bidi: bidi-override;
direction: rtl;
}Note: The reason why I’m not using <span class="backwards"> (like Stu does, is because I’m afraid spam bots might end up with a built-in reverser for text with a CSS class of backwards applied to it. Of course, the same goes for <span class="email">, but then again this is just an example. Be warned — use the funkiest of class names.
The examples
View this page’s source to see the raw HTML output.
obfuscate_email("alias@domain.ext");would returnalias@domain.ext.obfuscate_email("alias@domain.ext", 1, '<span class="email">', '</span>');would return<span class="email">txe.niamod@saila</span>.
I’m convinced using this function in all its aspects (i.e. the encryption/reversion combination) is your best bet to fight spambots. Enjoy!
Update: By, erm… “request” of Indranil, I created another one of those email obfuscator tools. It should be bug-free, but if you’ve got any suggestions (regarding form layout or whatever), they’re more than welcome.
Comments (19)
Listed below are the responses for this entry.
Trackbacks & Pingbacks (1)
Listed below are resources on the web that mention this article.
-
- Ian’s Blog: Obfuscating Email Addresses by Math Jazz:
Obfuscating Email Addresses by Math Jazz
[…] Obfuscating Email Addresses […]- Pingback made on May 28th, 2005 @ 10:14 pm
My problem with Stu’s method is that if someone has an old browser or a screenreader, and thus isn’t using CSS then they’ll just get a garbled pile of shit and find a different web designer. (Or worse, they’d be naive enough to think it’s a real email address and try to mail you with it).
I also have an opinion on your note about class names. People who go to the length of obfuscating their email addresses are generally savvy enough to have spam filters installed too, and even if they don’t, they are NOT going to respond to any of the spam you send them. Therefore, I don’t think it would be in any way profitable for spammers to spend their time detecting and decoding obfuscations, so I don’t think it’s a worry.
Good point, Jon, I was just thinking about the very same thing over dinner. On every page Stu’s CSS method is used, it should thus say
<span class="hide"><strong>In order to prevent spambots from picking up my email address, it has been reversed. Sorry for the inconvenience.</strong></span>. (All of this with.hide { display: none; }, of course.)Nice thinking. I hope you’re right :)
Now that you have been so nice to comment on my site I thought I’d return the favour.
There are a number of problems associated with email addresses that look correct in browsers. The first is of course the problem mentioned above, where I might add Safari doesn’t fare very well either (and I got the screenshot to prove it). However, the main problem, which I also talked about in response to Joen’s (Almost) unspammable email addresses, is that any hiding or other obfuscation which relies on technology currently available in web browsers will be broken if enough people use it. There are already spam robots that can read HTML entities and have built-in javascript interpreters, it may not be long before they have CSS handlers too if Stu’s approach catches on. From my comment at Joen’s sidenote:
And this is also the case for CSS, a CSS handler would be able to style the CSS and resolve the email address.
Just my 2¢.
The bad thing is that spammers seem to always find a way… I am sure that now bots just collect text, then they are washed out by an engine that does something to rectify e-mail addresses. The problem has to be solved by just stopping spammers, not by hiding our e-mail addresses.
“Reversion”? Is that a new word? O_O
This is indeed a problem, Jonas. However, please note that I’m not claiming this double protection to be fully bulletproof — it’s just a combination of two of the best email obfuscating methods currently available. However, following Jon’s logic, I do have the idea spam bots won’t evolve like this. At least, I hope so.
Good point, John. But then again, there is no way to stop spammers. Generally, I don’t like it when people try to avoid spam by letting stuff on their site interfere with the activities of their users. And indeed, basically this email obfuscation method is an example of this.
Maybe so, Aankhen — I make up a lot of words whilst trying to write in English — though Google knows what I’m talking about: turning in the opposite direction.
I saw the Google definition too; was the first thing I checked. Didn’t seem quite right to me though.
Oh well, you live and learn. :-)
Correct me if I’m wrong, but if you’re going along the path of your email looking normal, except for the people using old browsers, and it being un-copy-and-pasteable, you may as well just draw a picture or Flash animation of your email address and get it over with. :)
Indeed, but an image or a Flash animation usually sucks up more bandwidth than some XHTML. Thus, I am convinced this is the best of those three methods (picture vs. Flash animation vs. CSS + XHTML obfuscation).
I think the best protection against spam is a good spam filter, as was already stated we can not stop the spammers. I use bayesian filtering for my mail filtering and do not worry about protecting my email address. I have never once got a false positive and have only gotten, at last count, 132 false negatives in the year that I have been using this filtering method. The more spam they send me, the better I get at avoiding it.
Unfortunately this solution is not one easily implemented and therefore not ideal for most users. But then this method isn’t easily implemented for those not so computer savvy users either. Looks like we are back to survival of the fittest, Darwin was right! heh
I’d still use the encoder at automaticlabs. It’s very easy to use.
Well Indranil, especially for you, I uploaded my email obfuscator tool thing. Suggestions are more than welcome.
Nice, really nice. Automated obfuscating method. Nicely done.
This is interesting too…
Indeed it is. That’s in fact one of the things the
obfuscate_email()function does — converting the unencoded address to HTML entities. Try it out for yourself. (Oh, and in the future, try to at least read the post. :P)*grin* ;) I just remembered you had a blog post about it with some PHP in it ;)
So I thought, let’s post this link ;)
I’m in the process of writing something a bit more sneaky. I’m totally paranoid of some smart spam bots figuring out this easy stuff. What I want is a function that’ll return stuff like this from someguy5@domain.com:
This should keep my email addresses safe until real AI is invented. While some of those may be confusing, it’s a feature that it will also filter morons out.
To eliminate the need to insert the CSS into a stylesheet, I’ve made the simple change from
<span class="email">to<span style="unicode-bidi: bidi-override; direction: rtl;">.If you’re extremely paranoid, visit my link that creates the illusion of an image of your email address by generating a random-text logo and using CSS to shrink it down so each character is the size of one pixel.
The generator is written in Javascript, so I’m not sure how easy it would be to convert to PHP.