GAGBOX is your one source to humor and fun

27 June, 2008

Hiding Email Address from Spammers

Ever wondered how all those spam reached your inbox despite you not submitting your id to any webform ever? Chances are that you have a web page of your own in which you have openly disclosed your email address and was preyed on by all those spam bots. So how to avoid it? Simple answer would be not to have a web page at all. Since that is not feasible (ok.. sorry!) the next best thing would be not to have your email id on your site. But that would mean nobody would be able to effectively contact you. So here are some techniques that would allows your email to be human readable, but not spammable.

I suppose you know how to embed Javascript in HTML. If not then just enclose any code given below between whereever you want the text to be displayed.
Method 0 : Plain English

This one's not really a method, it is more common sense. Instead of the symbols '@' and '.' expand them in english. That is instead of '' use 'foo at yafoo dot com'. The problem is that you cannot make your email address clickable and it is really simple for the spam bots to track it down anyway. But this could be the only solution if you want to post your id in a forum or somewhere that does not allow you to use the script tags. (Like this article page for example Surprised Atleast something is better than nothing.
Method 1 : The String Splitter

The easiest method would be to split your email into substrings. i.e if your email is, have it split into 'foo', '@', 'yafoo','.com'. and then join them together. eg:
x1 = 'foo';
x2 = '@';
x3 = 'yafoo';
x4 = '.com';
document.write ('mailto:' + x1 + x2 + x3 + x4);

Good! But the problem with this is that it is too commonly used nowadays and the spam bots MIGHT be smart enough to parse a bit of basic JavaScript.
Method 2 : ASCII - 47

Method two involves writing ASCII codes. Each letter can be written using its ASCII value in the format &#charcode; For example 'A' can be rendered by using the entity A You'll have to find out the ASCII code for each letter of your email address. The values for A-Z are 65 to 91, for a-z are 97 to 122. '@' has the value of 64 and '.' has the value of 46. Therefore the email '' can be written as...
x1 = 'foo';
x2 = '@';
x3 = 'yafoo';
x4 = '.com';';
document.write ('mailto:' + x1 + x2 + x3 + x4);

For your aid, here's a simple script to find all ASCII codes:
for (i=32;i<=255;i++) { document.write (i + ' : ' + '&#' + i + ';
' ); }

This method is a bit more trickier than the first. But again the problem is that it is common and can be parsed though it needs some effort.
Method 3 : XOR Encryptor

So the next stop is encryption. Why not encrypt your email id using the humble powers of Javascript? Here I will explain the simplest of them all... XORing. The principle is that when you XOR a string with a key you get an encrypted string, and when you XOR the encrypted string with the same key, you get back the orginal string. Now you might wonder what XOR is. It is a logical operation done on bits and stands for eXclusive OR. Try Google to find out what the hell that means, if you care.

Now the plan is to first get your string encrpyted, then post the encrypted string on to your website and decrypt it there using Javascript. First of all to the encryption. Run this code on your browser, the purpose is to get the encrypted string. The key I have used here is the number '5'. The '^' is the XOR operator in JavaScript.
y = "";

You'll have the encrypted string displayed on the browser. Copy this string and replace 'y = ""' by 'y = "the encrypted string"; '. In the above example the encrypted string was "9d%mw`c8hdliqj?cjjE|dcjj+fjh;cjjE|dcjj+fjh9*d;". So the code has to be modified to
y = "9d%mw`c8hdliqj?cjjE|dcjj+fjh;cjjE|dcjj+fjh9*d;";

Now the reverse process takes place and the encrypted string is reXORed to the orginal string and the hyper link will be visible without ever mentioning the orginal string anywhere in the HTML. If you get unprintable charachters then change the key to something different, till you get a good encryption.

This one is a pretty neat method and it is not easy to decrypt all that crap and I don't think the spammers would go to that extent. I don't say that this method is the ultimate and is non-crackable but nothing is perfect. This one is quite useful and takes up only a few extra bytes. I have seen better (but longer) methods of hiding. One example is at Vishnu's site (

One nice follow up to this tutorial would be on how to implement real encryption in Javascript. Try if you can implement some cool methods like BlowFish in JavaScript. Have fun!

Share Your Thoughts!


Post a Comment

Copyright © 2013 GagBox™ is a registered trademark.

Designed by GagBox Inc. Desiged By Blogger Hosting by Blogger.