The Web Hosting Directory of South Africa  -> Goto Web Design Directory  |  Online Invoicing and Billing System by SnapBill

Obfuscating your Email Addresses using JavaScript

Putting your email address on your website is the easiest way to get in contact with your visitors, but before the next time you do it - stop and think who else has access to that page. There are many internet 'robots' (similar to the ones search engines use - except these 'SpamBots' don't follow the rules such as the 'robots.txt' file, and 'nofollow' attributes, allowing them to access pages you might not have shared with search engines. They simply search the web for anything that looks like an email address, and store it to sell to spam companies (or use it themselves).

Once you're listed on one of these databases, its basically game over. You can improve your spam filters, build up to protect yourself - but its always easier just to never let the spammers know your email address in the first place (although normally impossible - I've managed to keep most of my email addresses safe). As a web developer (and especially if you plan on placing users email addresses on your site), its important not to post them in a format that spam bots can read. The trick most often used is posting them in the josh at mysite dot co dot za format, although - its not that hard for a slightly clever spam bot to pick that up.

I use a combination of JavaScript (that will write out the email address in a "mailto" link) which is best for users, however not everyone has JavaScript enabled... if its disabled, it falls back to a slightly more advanced josh (at) mysite <dot> net, with a CSS code that will will confuse simple spiders. We use the code for all Lusion's email addresses, and havn't had a problem yet (basically every major browser has CSS installed), we have a PHP script to convert the email addresses to our 'safe', 'protected' format which you can feel free to copy and paste on your site (its used as <?php echo js_protect_mailto('[email protected]'); ?>)

function js_protect($string)
$str = '<script language="javascript" type="text/javascript"><!-- ';
for ($k = 0; $k < strlen($string)-3; $k+=3) $e =substr($string,$k,3).$e;
$str .= 'var e=\''.addslashes($e).'\';var l='.strlen($e).';';
$str .= 'var s=\'\';for(var k=0;k<=l/3;k++)s+=e.substring(l-k*3,l-k*3+3);';
if ($k < strlen($string)) $str .= 's+=\''.addslashes(substr($string,$k)).'\';';
$str .= 'document.write(s);';
$str .= '--></script>';
return $str;
function js_protect_mailto($address)
$parts = explode('@',$address);
$str = js_protect('<a href="mailto:'.$address.'">'.$address.'</a>');
$str .= '<noscript><span>'.$parts[0]." [at]</span>"; // “xxx [at]"
$str .= '<span style="display:none;">rud</span>"; // this isnt displayed
$str .= ' '.str_replace(".'," <dot> ',$parts[1])."</noscript>"; // " a <dot> b"
return $str;

The first function js_protect can be used for anything, while the second js_protect_mailto, adds the CSS trick if javascript is not enabled

This article was written by Josh Yudaken from Lusion Technologies Web Hosting