The Creative Design Blog

Do you want to hide the email address you use for your website to stop spammers from harvesting it?

You need to have a “mailto:” link on your site so that people can contact you when they have a comment or question. This requires putting your email address on the page.

But this causes a big problem: spammers want your email address. So they send out a robot with the mission of finding and capturing all the addresses it can. This is done by examining the HTML code used by browsers to render each webpage. All the bot has to do is save the email address it finds in your “mailto” link.

The two most common methods of “hiding” the email address:

* Munging. This technique doesn’t use a link at all. The email address is disguised by using words for the symbols. Example: janedoe AT yahoo DOT com

* Encoding. This is most often done by using standard ASCII code. The advantage of this code is that browsers will print the letters or symbols that they are given the ASCII code for, so the webpage shows a readable ( to humans ) email address. Consequently, the “mailto:” link can still be used. Here’s and example to show what a very simple email address a @ b.com would be coded as:

& #97; & #64; & #98; & #46; & #99; & #111; & #109; ( spaces added to prevent your browser from printing the actual letters )

The “mailto:” link can still be used, because the browser will recognize the code and print out the real email address on the page.

But these techniques are no longer good enough.

These methods may have worked when they were first introduced, but one should never underestimate the intelligence of the hackers who program the spambots. There are new bots that can decode both of these email encryption techniques.

These two methods by no means exhaust the possibilities. A Google search on “hide email address” turns up over two million results. Even discounting duplicate methods, there are undoubtedly quite a few ingenious techniques available.

So what is the next step for me?

Without going through all of the Google entries, I can predict beyond a reasonable doubt that the method I use myself does a better job of protecting your email address than any other. How can I be so sure? Because I doubt that any hacker would have the time or skill to write a bot that would allow him to grab my email address — it’s that well hidden!

The method I devised hides the email address off the webpage itself. Not only that, the javascript file containing the address is even in a completely different folder that’s not accessible to anyone – just to the website itself. But even though it cannot be seen anywhere in the HTML code of the page, it DOES magically appear on the page itself, where anyone can see it – except a robot!

I hear you saying, “But that’s impossible!” Well, it’s not. Just visit the website in the paragraph below, and you can find out how it’s done.

Visit the author’s website, Professor’s Coding Corner for some useful code snippets and tutorials on interesting aspects of web programming. In particular, the article, Stop Spambots will demonstrate the proper way to protect your website.