mailto obfuscator

Obfuscate an email address to avoid harvesting by spambots; according to Project Honeypot, a substantial fraction of email addresses targetted for spam are harvested from Web pages.

Email address:

See also Tim Williams's obfuscator, which generates more complex JavaScript code (possibly requiring a real JavaScript interpreter to decode)

See also CMU's CAPTCHA project to make OCR-resistant text images.


mailto obfuscation is ipso facto impossible, since the web client has all the information it needs to decode the mail address. But you can make it difficult, pretty much requiring a user to be running a regular web browser manually. For instance, the script might require cookies enabled, or may only work within a short time of the page being loaded, or may only work in the same user agent as was used to download the page, or may have a throttle and not respond to multiple requests from the same ip address. These precautions are probably not necessary for a small site; trivial obfuscation is likely good enough.

If all that is needed is a way to send comments, then a Web form which sends mail to a fixed address may be sufficient. (Note: scripts which send mail to an address coded in the HTML are dangerous - they have been exploited to send spam).