Preventing SPAM. Obfuscating email addresses in HTML code


Everyone has encountered SPAM and knows how annoying is deleting 30-40 unsolicited email messages every day. On the other hand it appears that mass mailing is one of most successful advertising tricks. That's why there are plenty of organizations that employ this.

Email addresses can be discovered using a few techniques. One of them is searching through the HTML code in searching for valid address. This is done by specially designed bots. That's why it is important to avoid direct address usage. This article covers a few ideas for this purpose.

Using domains that do not exsist

You can use this technique when you give an example for an email address. Typically, this may be default value of an form input field. Use example.com, example.net, domain.com, as all of these are forbidden for registration and do not point any IP.

HTML obfuscating

The main idea here is to replace each symbol with its HTML entity. Here's a realization in PHP:

<?php

function obfuscate_email_html($email)
{
    $return='';
    for($i=0; $i<strlen($email); $i++)
    {
        $return.='&#'.ord($email{$i}).';';
    }
    return $return;
}
?>

<a href="mailto:<?= obfuscate_email_html('mymail@example.com')?>"><?= obfuscate_email_html('mymail@example.com')?></a>

This method of obfuscating isn't quite reliable, as decoding entities is relatively easy process. However this is compatible with all browsers.

Javascript obfuscating

This method requires Javascript support enabled in the browser to output the address. Bots are text-processing programs, and thy cannot execute javascript code and collect the address.

Here's a realization that separates account name, domain name and '@' sign in different variables and lets Javascript later concatenate them.

<?php

function obfuscate_email_js($email)
{
    $return='<script type="text/javascript" language="Javascript">';
    $return.='document.write(\'<a href="mailto:\'); ';
    $email_arr=explode('@', $email);
    $return.='a=\'@\'; b=\''.$email_arr[1].'\'; c=\''.$email_arr[0].'\'; ';
    $return.='document.write(c + a + b); ';
    $return.='document.write(\'">\'); ';
    $return.='document.write(c + a + b); ';
    $return.='document.write(\'</a>\'); ';
    $return.='</script>';
    return $return;
}

?>

<?= obfuscate_email_js('mymail@example.com')?>


Another method is to convert each letter to its ASCII code and later bring it back using Javascript. This technique is much more reliable and can be applied to random text:

<?php

function obfuscate_string_js($string)
{
    $char_arr=array();
    for($i=0; $i<strlen($string); $i++)
    {
        $char_arr[]=ord($string{$i});
    }
    $return='<script type="text/javascript" language="Javascript">';
    $return.='document.write(String.fromCharCode('.implode(', ', $char_arr).')); ';
    $return.='</script>';
    return $return;

}
?>

<?= obfuscate_string_js('<a href="mailto:mymail.example.com">mymail.example.com</a>')?>

 

No comments yet

Back to articles list

This page was last modified on 2017-12-13 17:15:17