Master Obfuscation with 5 Minutes

Spam e-mails jam our e-mail boxes. Sorting and deleting of those unwanted messages may become real hassle, if there is massive amount of junk coming in every day. Implementing good spam filters may bring some relieve, but it doesn't eliminate the real cause, but rather treats the symptoms.

At first, it is important to understand, how spammers got your e-mail. Then you would be able to guard your contacts more effectively to avoid getting harvested.

How They Got My E-mail?

Spammers use automatic robot scripts, which ramble from one site to another and look for e-mails. Once they notice something what may look like valid address, they harvest and store them to database for latter use. Since crawling between sites and looking for something useful looks very much like hunting, those robots are nicknamed as "Spiders".

Is there Any Cure?

You can't most likely to prevent spiders to enter your website, but you may use some obfuscation techniques for hiding your e-mail addresses from robots, so they cant' see, read and store any addresses.

Most Effective Solutions

We have been in web development since 1997, and gained some insights what have been working over time and what solutions ceased to be effective (see next paragraph for them). Today, there are three most effective solutions for e-mail obfuscation, which work and do the job:

1. Describing what your e-mail is, in longer sentence
2. Presenting e-mail in handwritten picture format
3. Using contact forms instead of e-mails
4. Obfuscation e-mails with advanced scripting

We describe each method in greater details after looking, what tricks certainly doesn't work any more in our days.

What Doesn't Work

Historically, many elegant, yet simple solutions have been used. Unfortunately they can't be used any more effectively, because spammers learned to detect most of them. Some examples of these simple obfuscation techniques were substituting @-mark with (at) or [at] or /at/. Spiders weren't historically very intelligent, but they still learned to recognize such simple substitutions over time.

Another misconception has been, that if visible part of link has written something different, like "send here" or "my e-mail", then it is somehow safer. It's not, link address "a href=" part reveals still full address and even if there are @ marks changed with something else, it is not effective any more nowadays. 

1. Intelligent Way

One very simple solution, which still works well, is describing for human visitors, that if they would like to send you e-mail, they should use address in format . It works best, if everyone have idea, what your first and last name is. Technically, there is no exact address, to harvest on website and spammers may not get your e-mail therefore.

The problems may occur, if human visitors can't find your name or don't understand the concept of constructing full address. On minus side is also, that if more people start using this technique, spammers may start using more constructing e-mails with names they see on websites and the effectiveness of this method will fall over time. 

2. Handwritten Picture

This is probably most foolproof way, which is easy to understand by every human visitor and will be surely effective for coming years. Very important thing on this method is to use handwriting and some perspective and design elements on picture, because very clear characters may be recognized with image detection software.

Minus side of this method is, that it is somewhat unconvinient for visitors to write your address to their mail program address lines. If picture is very skewed and you use very highly perspectived image, readability may not be very good also for humans. Last, but not least, this method may work well for obfuscation of 1-2 addresses on small website, but if you are webmaster of multinational huge corporation and you have couple of hundreds e-mails, which need to be edited over every second week, then editing of them is quite a hassle.

3. Use Contact Form

This is somewhat "out of box" solution, for offering visitors chance to contact with you. Since there is no e-mail on website, spammers can't harvest and send messages directly to your address.

On minus side, there are many robots, which have learned to post to contact forms and this creates need to build professional filters for contact forms. We wrote article "Honeypot Methods for Contact Form", which offers insights to fighting spam on contact forms.

Contact forms may not be as convinient for visitors, who would prefer sending e-mail from their computer, because of need to have copy for future needs or in any other reason.

4. Obfuscation of E-mails with Advanced Scripting

Over long period of web development, we have seen various obfuscation techniques and tested also effectiveness of them. There are literally hundreds of ways to implement obfuscation with Javascript, jQuery and CSS, developed by many web developers. We use chunking of address, converting with various html coders (for example hexadecimal and ASCII) as well as presenting those coded characters in Javascript, which is not readable by most spam robots.

Main advantage of this kind of obfuscation script is, that website editor needs to write e-mail just in plain text format and all address recognition, scrambling of characters, deconstruction for Javascript and presentation on the website is done automatically.

Conclusion

Spammers are on constant move to look for e-mails for spamming. There have been different methods for hiding addresses in websites over time, some of them work still well, while other have lost their edge.

It is extremely naive to hope, that substituting @-mark with (at) will give you any security today. However, showing e-mail as an image or using contact forms instead, are good ways to prevent spam.

We prefer to use mostly automatic scripts, which have some great advantages compared to other options. Easier editing of pages and output, which has good usability by all traditional web standards, are just two of them.