Image of the glider from the Game of Life by John Conway
Skip to content

Obsure Email Addresses In HTML

I recently put up a web page with my email address. I'm confident in email provider's ability to filter spam, so I don't worry about it too much, to be honest. However, I started thinking about different ways I could obscure the email address in the source. Of course, this isn't offering any sort of security, and any bot worth its weight in spam, will have functions to detect the obscurity, and get to the address. Regardless, I figured this would be an interesting problem. Here are some ways of obscuring it I thought up quickly:

  • Replace the '@' and '.' characters.
  • Use an image.
  • Use plus-addressing.
  • Add non-sensical HTML in the source. IE: aa<i></i>ron@foo<u></u>.com.
  • Crafty CSS tricks.
  • Crafty JavaScript tricks.
  • Use a contact form and POST.
  • Obfuscate using ASCII values.
  • Some crazy combination of the above.

I'm sure there are other ways, some which may be more effective than others. However, it seemed easy enoguh to obscure the email using ASCII obfuscation. Further, it's trivial to code in Python. Case in point, suppose I'm in the Python REPL:

>>> import sys
>>> for char in '':
...    sys.stdout.write('&{};'.format(ord(char)))

Add the above string to your HTML, and the browser will display the valid ASCII characters, even though the code is using the ASCII values. Again, as already mentioned, I'm not expecting this to provide any sort of security, but I would be willing to bet that most spam bots aren't as sophisticated as you would like to think. This may just do the trick at fooling some of them. It may not. But, I have full faith in my mail provider to properly identify spam, and send it to my spam folder. So whether I put the raw email address in the form, obscure it with ASCII values, or use fancy CSS/JavaScript, it doesn't matter.

{ 1 } Comments