20. July 2008, 18:41, by Silvan Mühlemann

Nine ways to obfuscate e-mail addresses compared

When displaying an e-mail address on a website you obviously want to obfuscate it to avoid it getting harvested by spammers. But which obfuscation method is the best one? I drove a test to find out. Here are the results:

In 2006 I opened nine different e-mail addresses. On this page I published the nine e-mail addresses. But every address has been obfuscated by a different method. I made sure it’s getting indexed by Google by putting a link to that page on the tilllate.com homepage.

Then I waited 1.5 years (see the original post).

For each e-mail address I counted the amount of spam I received. The amount of spam received started by 21MB (for no obfuscation and a total of over 1800 spam mails) and went down to absolutely no spam.

The following three methods are absolutely rock-solid and keep your addresses safe from the harvesters.

1. Changing the code direction with CSS

Here’s how you do it:


2. Using CSS display:none

<style type=”text/css”>
p span.displaynone { display:none; }
<p>silvanfoobar8@<span class=”displaynone”>null</span>tilllate.com</p>

3. ROT13 Encryption

ROT13 encode the e-mail address with this tool or use the str_rot13 function of PHP and decode it via Javascript.

<script type=”text/javascript”>
document.write(“<n uers=\”znvygb:fvyinasbbone10@gvyyyngr.pbz\” ery=\”absbyybj\”>”.replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c<=”Z”?90:122)>=(c=c.charCodeAt(0)+13)?c:c-26);}));
</script>silvanfoobar’s Mail</a>

Thanks, Christoph Burgdorfer for this idea.

Filed under: PHP,Web Development


  1. Really like options 1 and 2. A lot nicer than option 3 (which we use on local.ch). Thx a lot for that research!

    Comment by Patrice — 20. July 2008 @ 19:42

  2. Thinking again I just realized that only option 3 works when you want the mail address to be clickable (aka mailto: links)

    Comment by Patrice — 20. July 2008 @ 20:09

  3. Thank you!

    I read a ton, and that’s one of the most useful things I’ve read in a while.

    Comment by Murphy — 20. July 2008 @ 20:11

  4. Good work…

    Well now you mentioned it…
    if a spammer saw this… what’s gona happen next.

    Comment by Mgccl — 20. July 2008 @ 20:26

  5. Spiders will be smarter and i think that its not hard to teach the spiders how to handle those kind of email obfuscation methods.
    Btw, i am still using automatically generated gif files for displaying emails.

    Comment by vahur — 20. July 2008 @ 20:32

  6. […] techblog.tilllate.com ist das Ergebnis eines Spam-Versuchs erschienen. Ganz interessant… Dort wird aber auch eine […]

    Pingback by Thomas Kahl persönlicher Blog » Emailadresse anzeigen und Spam verhindern — 20. July 2008 @ 21:14

  7. I use the display:none method myself. Never actually done any testing just though that a spammer (If using something like php) would just do strip_tags(file_get_contents($url)) then a regex for emails. Hope they don’t cotten on, ooops have I just told them? Quick delete this post!

    Comment by James — 20. July 2008 @ 21:41

  8. Offcourse you might wonder if those vermin will now read this blog and learn to bypass your ideas.

    Comment by Thomas Jespersen — 21. July 2008 @ 01:16

  9. Java, eh?

    Comment by David — 21. July 2008 @ 01:28

  10. Now, this was a worthwhile project! I think this is the first time I’ve come across the CSS methods, but I know it’s certainly the first encounter with stats from such a longterm email obfuscation experiment. Thanks so much for sharing this information!

    Comment by rjleaman — 21. July 2008 @ 01:44

  11. methods 1 and 2 don’t work if you need to wrap a mailto link around them, and method 3 doesn’t work with javascript turned off.
    i’ve found using a combination of url encoded characters and normal characters works pretty well, but like all these methods, isn’t foolproof.

    Comment by mik — 21. July 2008 @ 01:59

  12. What about a gif image with your email in it? You can’t make it clickable but it conveys the right information otherwise.

    Comment by ninguem — 21. July 2008 @ 04:42

  13. […] Mühlemann posted the results of a year and a half long study in which he tested various ways of obfuscating email addresses. He posted a webpage with nine […]

    Pingback by michaelwales.com » Email Obfuscation — 21. July 2008 @ 07:25

  14. Who cares? This is the same type of race as CAPTCHA and spam. One hack on top of another until someone realizes that the fundamental issue is this: if you make an email address in any way accessible to a human, spammers will be able to mock whatever action the human did to interpret it.

    And we’re talking about text! If I see the first four characters are “moc.” then I know I should probably reverse it and store both values, just to be safe. And if I see asdf@…example.com — I’m probably already stripping any HTML between the @ and the end. Add a hook to automatically click the email links and run them through an RE to see if it’s an email — and all three solutions are trivially broken.

    @ninguem — Then you start fighting the CAPTCHA fight. Eventually you have to ask yourself whether the amount of engineering it takes to safely display email addresses is worth showing the email. For most situations, I’d venture to guess the answer is no.

    Comment by Joe — 21. July 2008 @ 07:29

  15. […] News / Surfing Benvenuto! Se sei un nuovo visitatore ti consiglio di iscriverti al mio Feed RSS in modo da essere sempre aggiornato riguardo l’uscita di nuovi articoli oppure sbirciare tra i tutorials ed i progetti.Per avere un’idea del best-content presente in questo blog puoi leggere il post intitolato “Ed ora è il momento di rilanciare alcune iniziative! (1a parte e 2a parte)”.Buona navigazione e grazie per la visita!Silvan Mühlemann nel 2006 ha creato una pagina dove ha utilizzato i 9 metodi di offuscamento mail per poi studiarne i risultati dopo un anno e mezzo. Per ciascun indirizzo mail ha contato la quantità di spam ricevuta ed i risultati sono i seguenti: […]

    Pingback by 9 metodi per offuscare gli indirizzi mail / Melodycode.com - Life is a flash — 21. July 2008 @ 07:35

  16. Too bad the display:none method adds garbage to the e-mail when the user copy&paste it, and such differences will be very hard for the user to notice, so you will sure miss some legit e-mail too.

    consider the result: silvanfoobar8@nulltilllate.com
    the user will very likely not see anything wrong there, and this is a problem considering that this method doesn’t allow the mailto: link.

    Comment by Felipe — 21. July 2008 @ 09:18

  17. CSS methods are really bad. First, it doesn’t work if you want to add a link on them. Second, because there isn’t a link, the user have to select the text to copy the email. But the copied text is not the one he see.

    In term of accessibility, this is really bad too.

    Comment by laurentj — 21. July 2008 @ 10:10

  18. techblog.tilllate.com » Nine methods to obfuscate e-mail addresses compared…

    techblog.tilllate.com » Nine methods to obfuscate e-mail addresses compared…

    Trackback by roScripts - Webmaster resources and websites — 21. July 2008 @ 10:17

  19. The third method is actually my favourite. As, unlike the first two, it works across all browsers. In the even it doesn’t work, you can just direct to user to a holding page with the correct email and explain why they were directed there.

    Just a correction, you wrote “Java”, its actually “JavaScript”. Two vastly different languages.

    Comment by Lachlan — 21. July 2008 @ 11:13

  20. […] http://techblog.tilllate.com/2008/07/20/ten-methods-to-obfuscate-e-mail-addresses-compared/ […]

    Pingback by FuzzLinks.com » techblog.tilllate.com » Nine ways to obfuscate e-mail addresses compared — 21. July 2008 @ 13:42

  21. I use the first method in most of my sites. I cannot understand why people use simple encryption for emails – its easy to decrypt the email address using a regular expression.

    Comment by Binny V A — 21. July 2008 @ 14:17

  22. […] Juli 2008: Einen Interessanten Beitrag dazu gibt es beim Tillate Techblog! Teile und geniesse: Diese Icons verzweigen auf soziale Netzwerke bei denen Nutzer neue Inhalte […]

    Pingback by Emailadressen auf Webseiten codieren | Technik, Gothic und Anderes — 21. July 2008 @ 14:27

  23. I like #1 – actually rather shocked that it works!

    Why not use jQuery or some other JS framework to make those links clickable? Wouldn’t be hard to do at all.

    Comment by Jonathon Hill — 21. July 2008 @ 14:31

  24. document.write(” fcna.pbqrqverpgvba { havpbqr-ovqv:ovqv-bireevqr; qverpgvba: egy; } fcna.qvfcynlabar { qvfcynl:abar; } zbp.eno@ahyybbs”.replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c=(c=c.charCodeAt(0)+13)?c:c-26);}));var x = (document.getElementById(‘emailid’)); x.href = “mailto:” + x.text.split(“”).reverse().join(“”);

    Comment by Benjamin Meyer — 21. July 2008 @ 14:33

  25. This ought to make #1 clickable (using jQuery):

    $(document).ready = function() {

    var email = $(this).html();
    $(this).html('<a href="mailto:'+email+'" rel="nofollow">'+email+'</a>');


    Comment by Jonathon Hill — 21. July 2008 @ 14:36

  26. Well, it looks like WP garbled up my code, but you can “view source” to see it.

    Comment by Jonathon Hill — 21. July 2008 @ 14:39

  27. […] Source et photo […]

    Pingback by Quelle est la meilleure façon de cacher un email pour éviter le SPAM | Korben — 21. July 2008 @ 15:33

  28. […] статия е тук, като автора е посочил и съотетното количество спам […]

    Pingback by Блогът на Линковете - Защитаване на публикуваните е-майл адреси от спам — 21. July 2008 @ 16:25

  29. a. It takes patience to conduct a test like this! Impressive.

    b. Have you tested your methods with screen readers?

    c. Your code for method 3 is one ugly example of obtrusive JavaScript. How about a best practice alternative?

    Comment by Lars Gunther — 21. July 2008 @ 16:29

  30. I always thought spammers would already be operating firefox, output sites as screenshots and apply OCR techniques on the returned screenshots.

    Comment by Me — 21. July 2008 @ 16:37

  31. Thanks for all your comments!

    I’d like to point out that I did not invent those methods. I just collected them.

    After reading your comments I think you ought to think on what site you’d like to include the e-mail address. As always there’s more than one solution.

    – Should it work without Javascript? Then #3 is a bad idea.
    – Should the site remain accessible? Then I would go for something like “foo AT bar DOT com”
    – Should it look nice? Then avoid the method I just mentioned.
    – Want to avoid the problem completely? Use a feedback form. :-)

    I think every developer has it’s own preferences…


    PS: Next time I should also include the method using an image which I used here.

    Comment by Silvan Mühlemann — 21. July 2008 @ 16:49

  32. This is definitely the first long-term study I’ve seen on email obfuscation, nice work!

    I wonder if the “foo AT bar DOT com” method would be relatively foolproof if you wrapped a span around the “AT” and “DOT” (it could color them differently or do nothing at all). It would require a relatively tasking regex and I suspect most spammers would go for the easier addresses.

    Comment by Ian Clifton — 21. July 2008 @ 17:33

  33. […] formas de ocultarle a los spammers las direcciones de email en una página html. Vía Javier Internet, Tecnologia, minipost […]

    Pingback by Ocultar las direcciones de email a los bot spammers | eleZeta - Lucas Zallio — 21. July 2008 @ 18:04

  34. In my opinion, all methods that uses some kind of CSS / JavaScript / client-side hack to make the e-mail unreadable for spambots are bad because they will affect usability as well. As said before in these comments, the two CSS hacks will cripple copy-pasting the links (which is something people tend to do a lot), and the JavaScript hack will not work with people who disabled JavaScript or use screen readers.

    The best way to handle spam is not to do it client-side at all: simply use a good spam filter on your mail server. The same is true for the CAPTCHA i had to fill in to post this comment. I’ve been using Akismet for years on my blog to prevent spam comments and maybe had about 10 spam comments in all that time.

    If for some reason you really, absolutely have to use a client-side method, the least worst solution is a contact form.

    Comment by Hay — 21. July 2008 @ 18:47

  35. I often wonder if spammers just publish articles like this so webmasters use the methods they already know how to break.

    Comment by mort — 21. July 2008 @ 20:26

  36. […] over at techblog.tilllate.com has done some research results for us on the best ways of obfuscating email addresses on a web […]

    Pingback by Three Best Ways To Obfuscate Email Addresses | Hackosis — 21. July 2008 @ 22:31

  37. I personally think the CSS method is the best in most cases. A lot of people have JavaScript turned off, albeit a small number though. These methods can all be broken, no method is fool proof. I’m a fan of the JavaScript rot_13 encryption approach.

    – Dwayne.

    Comment by Dwayne Charrington — 22. July 2008 @ 07:47

  38. Hiding e-mail addresses is great, but I find that even if an address isn’t published, it can still get spam. Once it’s used to send/respond to e-mails, it is exposed to any spyware that the recipient has. I have e-mail addresses that I never posted on a web site and they get a lot of spam.

    Comment by Marios Alexandrou — 22. July 2008 @ 15:29

  39. Excellent tips here, Silvan.

    Comment by Alex — 22. July 2008 @ 16:06

  40. […] techblog.tilllate.com » Nine ways to obfuscate e-mail addresses compared […]

    Pingback by Webmaster Tools: keeping spam down at Just a Blog Site — 22. July 2008 @ 18:46

  41. I use a rather bullet-proof method, but it requires Javascript. See: http://www.bronze-age.com/nospam/

    Comment by Soren Uggerholt — 22. July 2008 @ 20:58

  42. Great work

    Comment by Fredrik — 22. July 2008 @ 21:31

  43. Very nice, Thank you.

    Comment by Mohammad — 23. July 2008 @ 00:02

  44. I read a lot of blogs daily in my downtime, and this is by far the most useful (and shortest) article I have read in 2 weeks. Thanks for an excellent article.

    I stumbled on your web site today Silvan, and I’ve now bookmarked it.

    Comment by Ryan — 23. July 2008 @ 00:09

  45. You can, of course, obfuscate it so well that no one will bother to try to contact you but your ex-wife, looking for alimony.

    Ever try just not putting it on the page at all?

    Comment by David Mills — 23. July 2008 @ 04:22

  46. Thanks for all the positive feedback! I am overwhelmed!

    Comment by Silvan Mühlemann — 23. July 2008 @ 07:44

  47. I think it would have been really more interesting to test that with clickable addresses. Display an e-mail this way is to poor to be use on websites.

    And even more important, the first reason for receiving spam is that your e-mail address is in the contacts of a PC infected by virus sending addresses to spammers. So your solutions only work for a never used e-mail.

    It’s probably the best “state of art” or “proof-of-concept” I’ve read but it’s not for real life. The only solutions are a contact form on the website and/or spam filter (or grey list) on the mail server.

    Comment by Fabrice Bonny — 23. July 2008 @ 09:37

  48. […] mal ein bisschen gegoogelt und dabei auf ein kleines Experiment gestoßen: Nine ways to obfuscate e-mail addresses compared. Der Autor hat vor 1,5 Jahren neun Email-Adresse auf einer Seite veröffentlicht und dafür […]

    Pingback by Impressum? | kip's weblog — 23. July 2008 @ 15:01

  49. […]  Nine ways to obfuscate e-mail addresses compared (0 visite) […]

    Pingback by 9 méthodes pour protéger les adresses emails en ligne — 23. July 2008 @ 22:09

  50. […] bookmarks tagged email Ten methods to obfuscate e-mail addresses compared saved by 4 others     HeadsrongGirly bookmarked on 07/23/08 | […]

    Pingback by Pages tagged "email" — 24. July 2008 @ 05:36

  51. Studie: E-Mails auf Webseiten vor Spamern schützen…

    In der Studie wurden 1 1/2 Jahre lang E-Mail Adressen auf Webseiten veröffentlicht und der Rücklauf von SPAM-Mails gemessen und verglichen. 9 verschiedene Methoden wurden verwendet, um Spamern das einsammeln der Adressen mittels harvestern (Crawler f…

    Trackback by hype.yeebase.com — 25. July 2008 @ 15:10

  52. […] Nine ways to obfuscate e-mail addresses compared As a web developer, I also want to give my customers an easy way to contact me via email. The problem is that spammers troll websites looking for emails to spam. This article shows you 10 different ways to obfuscate your email to spoil spammers and help your customers. […]

    Pingback by This Weeks Top 5 Links | devjargon — 26. July 2008 @ 15:04

  53. […] interessante Langzeitstudie zur Abwehr von Spam an veröffentlichte Mail-Adressen hat Silvan Mühlemann angestellt. Er hat neun Methoden zum Vergleich antreten lassen. Nun hat […]

    Pingback by …weil ich CiT bin! » Langzeitstudie zur Spam-Abwehr — 27. July 2008 @ 06:03

  54. My foolproof solution is to have a special email.php?addr=
    with the addr encoded using one of the many crypt functions in php. The email.php page sends the browser a cookie and redirects to itself, and if it gets the cookie back, the email address is presented.

    Comment by Robert — 30. July 2008 @ 18:54

  55. […] this article did some research testing several different methods and publishes the results here: techblog.tilllate.com Nine ways to obfuscate e-mail addresses compared __________________ consider: open, llc – seattle web design | web development | internet […]

    Pingback by How to hide your email address from spammers - Graphic Design Forum and Web Design Forum — 1. August 2008 @ 00:28

  56. Spamfreie Emailadressen? Gibts vielleicht doch?…

    Gibt es Verfahren, die eine Email-Adresse frei vom Beschuß durch Spam sein lassen?
    Jeder kennt das, hie und da muß man auf Webseiten tatsächlich seine Emailadresse hinterlassen. Da steht sie nun die gute, völlig ungeschützt im Verkehr, im Klartext…

    Trackback by Netzbürger Brenrhad — 4. August 2008 @ 10:35

  57. […] Yeah, its our war against email harvesters! Just now i have read the outcome of an interesting study made by Silvan Mühlemann. In his research he used nine different methods to obfuscate the email on […]

    Pingback by Web Dev Bros » Blog Archive » Methods for hiding/obfuscating emails in your website — 5. August 2008 @ 06:08

  58. […] dem Techblog hat Silvan Mühlemann nun die Ergebnisse einer Art Langzeit-Untersuchung vom zum Thema Spam via der Angabe von Mail-Adressen auf Websites vorgestellt. Dabei haben sich vor allem zwei einfach technische Lösungen (Übersetzung von Sergej […]

    Pingback by Relativ wirksamer Spam-Schutz - Netzlogbuch — 5. August 2008 @ 11:21

  59. […] Bei Dr. Web gibts eine gute Zusammenfassung der Ergebnisse, am Blog von Silvan gibts den Originalartikel auf Englisch. | | | Ernst | 09:37 | Netzwelt | 4 views […]

    Pingback by EGM Weblog » Spam-Schutz für E-Mail-Adressen — 6. August 2008 @ 09:44

  60. […] seinem Blogbeitrag “Nine ways to obfuscate email addresses compared” (engl.) beschreibt er die Ergebnisse. Die schönste Möglichkeit ist meiner Meinung […]

    Pingback by PHP Blogger: Email-Adressen effektiv verschlüsseln - Ein PHP Blog auf deutsch — 6. August 2008 @ 10:03

  61. […] should already know about spam bots and some of the ways they harvest email addresses.  If not, here is a great summary, study and discussion of various methods to obfuscate email addresses.  […]

    Pingback by Welcome to my world! » Blog Archive » Convert email addresses in source HTML to images without modifying the source? — 8. August 2008 @ 01:13

  62. I really like this study – it was extremely informative. I would have liked to see more data about email addresses in the form of images. I’ve just developed a new technique to have Apache webserver automatically convert all email addresses in HTML source into images in the output stream. It is all seemless and on-the-fly, and all without touching the source format in any way. I’ve written a proof-of-concept /w example on my blog.

    Comment by William — 8. August 2008 @ 01:19

  63. Very good article! Must read!

    How about this sophisticated method described in:
    Is it safe?

    Good luck!


    Comment by Daira S. — 8. August 2008 @ 03:11

  64. […] » Nine ways to obfuscate e-mail addresses compared […]

    Pingback by 9 Techniken um E-Mail-Adressen gegenüber Adresssammlern zu verschleiern im Vergleich « Kreativrauschen — 8. August 2008 @ 11:32

  65. […] habe ich eine nette Möglichkeit gefunden die eigene Mailadresse auf der Webseite zu verschleiern. Ich möchte es SPAM-Bots janicht zu […]

    Pingback by Mailadresse verschleifern — 11. August 2008 @ 13:17

  66. […] technique came to me by way of Silvan Mühlemann’s blog.  I think of any method, this is both the easiest and coolest, and it works in FireFox and IE6.  […]

    Pingback by Accomplishing Accessible Email Obfuscation | .eduGuru — 18. August 2008 @ 15:58

  67. […] site techblog.tilllate.com a testé durant plus d’un an différents moyens d’affichage d’email et leur […]

    Pingback by Dev, Linux, Tech and Co » Affichez vos emails tout en évitant le spam ! — 2. September 2008 @ 21:26

  68. […] Hier kannst du mal sehen, welche Varianten was bringen, E-Mail-Adressen zu "sch

    Pingback by E-Mail in Javascript verstecken? - XHTMLforum — 5. September 2008 @ 14:13

  69. […] source: techblog.tillate.com […]

    Pingback by Two easy ways of obfuscating your email address with CSS | AI NO TENSHi — 12. September 2008 @ 14:53

  70. […] Hier sind neun verschiedene Wege zur Verschleierung getestet worden: techblog.tilllate.com Nine ways to obfuscate e-mail addresses compared […]

    Pingback by E-mail-Adress-Obfuscation und Spam - XHTMLforum — 13. September 2008 @ 02:02

  71. JavaScript method is surely the most convenient and bulletproof option available to obfuscate your email.

    For Mac OS X users there’s a Dashboard widget called obfuscatr. It provides JavaScript or just plain hexadecimal encoding (basically urlencode, not as effective as JavaScript, also confirmed by the above chart) of your email addy.
    See the details at flash tekkie.

    obfuscatr was also featured in MacWorld Italy of March 2008.

    Comment by tekkie — 15. September 2008 @ 16:07

  72. A while ago, I was thinking about this, too. In my case, I came up with a method similar to #3 (same method of obfuscation, but instead of ROT13, I used a simple algorithm that cannot be reversed with simple search&replace operations). I also created a test-page to see how much spam I get back with different obfuscation methods.


    That time, I wanted to compare the standard email address obfuscation methods included into Ruby on Rails with my JS idea. My (yet unpublished) results are that spammers were able to work around every method except the JS obfuscation I described in my blog. My test doesn’t cover the obfuscation by CSS (#1 and #2), since I didn’t know about it back then – so basically, my obfuscation tests can confirm your results.

    Comment by Andreas — 18. September 2008 @ 16:19

  73. Your captcha keep erasing my messages, and I am through with you.

    Comment by Bengo — 18. September 2008 @ 23:05

  74. […] year, what dedication. Maybe I’m behind the curve, but I hadn’t even thought of some of these. http://techblog.tilllate.com/2008/07/20/ten-methods-to-obfuscate-e-mail-addresses-compared/ […]

    Pingback by Thinkubator - A Thoughtprocess Interactive Blog » Blog Archive » Most effective ways to obfuscate email addresses — 2. October 2008 @ 22:33

  75. Great post! I have just released an open source component and on-line tool that creates obfuscated email addresses using these techniques.

    You can find it at http://liameobfuscator.blogspot.com.

    Comment by Jose — 7. October 2008 @ 17:35

  76. A tutorial for using ROT13 in the CakePHP framework = http://bakery.cakephp.org/articles/view/bake-rot13-encoded-mailto-links

    Comment by Debugged Interactive Designs — 24. October 2008 @ 07:13

  77. A free, open source PHP class using these techniques = http://www.debuggeddesigns.com/open-source-projects/mailto

    Comment by Debugged Interactive Designs — 28. October 2008 @ 21:48

  78. […] Ten methods to obfuscate e-mail addresses compared […]

    Pingback by How can I protect e-mail addresses on my website from being harvested by spammers? « Dodona gives you answers — 6. January 2009 @ 13:05

  79. Method 3 didn’t work for me. I used the script you provided just to test it out and got: silvanfoobar’s Mail

    Does anyone know of another obfuscater that works pretty well and allows you to have a hyperlink?

    Comment by Ryan — 20. January 2009 @ 19:45

  80. To elaborate, since it didn’t show in my post, the results were just a lot of spaces and diamond symbols containing a question mark in each of them, and a 10(at symbol) for the at.

    Comment by Ryan — 20. January 2009 @ 19:47

  81. […] Nine ways to obfuscate e-mail addresses compared – A side-by-side comparison of several methods of spam blocking […]

    Pingback by Email Obfuscator Using HTML Numeric Character References, CSS, and JavaScript | Pixel Wise Design — 19. February 2009 @ 01:08

  82. Excellent article. Unfortunately I have to work with an undocumented proprietary content management system written in ASP. I have come up with a simple email obfuscator based on numeric character references, JavaScript and CSS. Take a look at my blog post at pixelwisedesign.com/blog/?p=40 if you are in a similar situation and cannot utilize a server side language.

    Comment by Shawn Stedman — 19. February 2009 @ 03:58

  83. install blowfish in pear and encrypt email address. This way they can be used in server-side contact forms.

    Comment by Bryan — 27. March 2009 @ 23:01

  84. Can’t believe the CSS techniques actually work in those cases!

    Comment by Scarf*oo — 29. March 2009 @ 11:44

  85. […] stop harvesters from collecting your mai adress. Use your own imagination to think out some way of describing the ATs and DOTs – some may want to […]

    Pingback by 10 Essential Website Checks « Erich sieht — 9. April 2009 @ 22:46

  86. […] false sense of security, and they’re ugly, hackish solutions. True, some obfuscations have performed well empirically–but keep in mind that these (pretty informal) experiments are years old.  As […]

    Pingback by Obfuscate no more: why your email address should go au naturale - Jason Priem — 12. May 2009 @ 23:13

  87. […] dann auf langen Listen Listen landen, die zum Verkauf und zum Versenden von Spam benutzt werden. Silvan Mühlemann hat unterschiedliche Strategien verglichen, um Email-Adressen so auf Webseiten zu speichern, dass […]

    Pingback by Email-Adressen auf (Blog-)Webseiten anzeigen « Tag4Tag — 4. June 2009 @ 00:11

  88. […] them online, each protected in different ways (or not at all). You can read about this in detail at techblog.tilllate.com. I love this kind of empirical study, because it uses raw data to prove the efficacy of the […]

    Pingback by Protecting Email Addresses Online | Larry Ullman's Blog — 16. June 2009 @ 20:29

  89. Very interesting indeed.

    Also, the contributions of alternative methods in the comments are worth a look.

    Comment by Uno — 27. June 2009 @ 11:00

  90. […] Jahren mal 9 E-Mail Adressen mit unterschiedlichem Schutz online gestellt und vor einem Jahr das Ergebnis bekannt gegeben. Die Grafik zeigt deutlich, dass man E-Mail Adressen nicht als Plain text verteilt werden sollte, […]

    Pingback by E-Mail Schutz für WordPress (mit Plugin) - codeschnipsel, CSS, E-Mail, PHP, Plugin, Schutz, Spam, Wordpress - ocean90s weblog — 4. July 2009 @ 17:40

  91. […] article gives two different methods for obfuscating email addresses with CSS. One involves using the […]

    Pingback by 50 New CSS Techniques For Your Next Web Design - Programming Blog — 21. July 2009 @ 01:16

  92. One thing missed here is the right way to create an invalid domain that you can pass to the spammer.

    Say your domain is SOFT.com and so you redirect to NULLSOFT.com well the people who own that domain might not be pleased with the extra emails you just sent them!

    The right way to do this is: “SOFT.com.INVALID”

    Better still is to do both (just in case the spammer strips all occurences of .invalid)

    so you have “NULLSOFT.com.INVALID”

    Comment by SImon — 22. July 2009 @ 00:26

  93. […] a test page for spambots to harvest. 1.5 years later the results are out and surprisingly, only the CSS methods resulted in absolutely zero […]

    Pingback by CSS Vault Blog » Blog Archive » 5 Great CSS Techniques To Improve Your Website — 22. July 2009 @ 17:43

  94. […] article gives two different methods for obfuscating email addresses with CSS. One involves using the […]

    Pingback by 50 New CSS Techniques For Your Next Web Design | Desinine — 23. July 2009 @ 10:16

  95. […] salaaminen internetissä viliseviltä spämmi boteilta on yksi web-kehittäjän haasteista. Täältä löytyy 3 kpl toimivaksi todettuja osoitteen “piilotus” tapoja. Enjoy. Share and […]

    Pingback by Sähköpostiosoitteen salaaminen boteilta « it.tassu.org — 28. July 2009 @ 13:37

  96. I’ve being doing #2 for several years already + JS for nicer display. Have a look at spamspan.com

    Comment by SpamSpan — 9. August 2009 @ 04:09

  97. […] Jahren mal 9 E-Mail Adressen mit unterschiedlichem Schutz online gestellt und vor einem Jahr das Ergebnis bekannt gegeben. Die Grafik zeigt deutlich, dass man E-Mail Adressen nicht als Plain text verteilt werden sollte, […]

    Pingback by E-Mail Schutz für WordPress (mit Plugin) » codeschnipsel, CSS, E-Mail, PHP, Plugin, Schutz, Spam, Wordpress » ocean90s weblog — 16. August 2009 @ 18:39

  98. […] article gives two different methods for obfuscating email addresses with CSS. One involves using the […]

    Pingback by 50 New CSS Techniques For Your Next Web Design « Photoshop.vn – Your Design Resource — 24. August 2009 @ 03:18

  99. […] a test page for spambots to harvest. 1.5 years later the results are out and surprisingly, only the CSS methods resulted in absolutely zero […]

    Pingback by 5 Great CSS Techniques To Improve Your Website :: Graficznie — 10. September 2009 @ 23:08

  100. […] wa das verstecken von emails betrifft hab ich einen sehr interessanten artikel gefunden. siehe hier […]

    Pingback by Sicherheit Email-Versand - SSL Zertifikate und PGP - Seite 2 - php.de — 16. September 2009 @ 10:54

  101. […] Jahren mal 9 E-Mail Adressen mit unterschiedlichem Schutz online gestellt und vor einem Jahr das Ergebnis bekannt gegeben. Die Grafik zeigt deutlich, dass man E-Mail Adressen nicht als Plain text verteilt werden sollte, […]

    Pingback by E-Mail Schutz für WordPress (mit Plugin) » Codeschnipsel, E-Mail, Schutz, Shortcode, Spam » ocean90s weblog — 10. October 2009 @ 14:17

  102. […] a test page for spambots to harvest. 1.5 years later the results are out and surprisingly, only the CSS methods resulted in absolutely zero […]

    Pingback by 5 Great CSS Techniques To Improve Your Website | CSS Heaven — 11. October 2009 @ 22:19

  103. Saw this interesting article while pursuing some non-js, non-URL-encoded technique.

    Email Obfuscation Helps Spammers | typewriting
    “Google returns 27 million results for “* at * dot com”. That’s 27 million email addresses waiting to be spammed. Google doesn’t allow you to search for the “@” sign, so that’s 27 million email addresses that wouldn’t be available on Google if they were not obfuscated. Email obfuscation not only doesn’t hurt spammers — it actually helps them. Where it doesn’t make it easier, it acts as a placebo, making people feel more comfortable and complacent living in a world of spam. Like everything else, if you don’t want your email address publicly-available, don’t put it on the public web. But if we want to be able to publish email addresses on the web, we can’t continue this half-hearted war on spam, hiding under our beds of obfuscation and hoping they won’t find us.”

    Comment by Angus S-F — 7. December 2009 @ 20:17

  104. Take a look at this jQuery approach:

    Comment by maxpower9000 — 8. December 2009 @ 13:54

  105. […] postfix und spamassasin installieren lasse und die genannte unicode variante benutzen werde. ein interessanter artikel, kennste viell schon. wenn man der statistik glauben darf immerhin fast 3x weniger spam… […]

    Pingback by email verschlüsseln --> ascii in unicode, frage zum script... - Seite 2 - php.de — 9. December 2009 @ 14:49

  106. […] article gives two different methods for obfuscating email addresses with CSS. One involves using the […]

    Pingback by 50 New CSS Techniques For Your Next Web Design | Theme Center — 13. December 2009 @ 09:48

  107. I’ve developed a tool that does email obfuscation automatically. Not only that, it’s totally transparent to the user as long as s/he has JavaScript enabled. A non-JS version is used if s/he doesn’t. Please check it out at http://www.privatedaddy.com/ – it’s totally free for all purposes

    Comment by Beegee — 23. December 2009 @ 17:21

  108. You’re missing the entity values for > and < to *show* how the code direction is done. Instead, you’re just *doing* it.

    Still, none are buried in a link with a mailto: HREF. I prefer to obfuscate and still provide 1-click access.

    Doesn’t detract from the interest of the article and the thought and planning that went into your study.


    Comment by stk — 28. December 2009 @ 00:39

  109. Another option that wasn’t mentioned here:

    For clickable emails that don’t get caught by robots, I generally write {email} into the html itself, and then use a javascript replace to swap that with the email address i want displayed. Because the JS does the work after the DOM is loaded, robots won’t read the emails at all and they are still clickable by the user. You can even do {email}. JQuery has great search & replace functions.

    The same thing can be done with registration forms, to eliminate the need for captcha.

    Comment by Jeff Silverman — 28. December 2009 @ 00:55

  110. […] o introducir comentarios entre los tags no solucionan el problema aunque lo minimizan. Según las pruebas que Tillate.com realizó hace ya más de 1 año, estas son las 3 formas más seguras de usar emails en nuestras […]

    Pingback by 9 formas de ofuscar emails a prueba : Blogografia — 28. December 2009 @ 15:20

  111. Private Daddy does email obfuscation automatically with a single line of PHP code. take a look @ http://www.privatedaddy.com/ , WP version also available



    Comment by Peter — 28. December 2009 @ 20:55

  112. #3 could work with a fallback or you could use unobtrusive javascript (better method) to swap out email addresses when the page / DOM has loaded. Either of these will work in both JS and no JS environments.

    Comment by Keith Clark — 29. December 2009 @ 01:54

  113. Sorry my last comment should start…

    “#3 could work with a NOSCRIPT fallback…”

    …looks like html tags aren’t allowed in comments.

    Comment by Keith Clark — 29. December 2009 @ 01:56

  114. […] head on over to tilllate.com and check out the […]

    Pingback by Computer 101 on KLAKE 97.7 » And there was much rejoicing….. — 6. January 2010 @ 02:02

  115. I think that a good junk-filter in your e-mail client will do more good than making the e-mail on your site unreadable.

    Always remember: if a stupid robot can not read it, people with disabilities will fail too (so much for images btw.). And what about browsers? Not everyone has javascript enabled.

    If you’re really paranoid, simply implement a PHP contact form and slow down the spam by using a captcha tool like recaptcha (just mentioning it because you use it for the comment form on your site too.)

    Comment by e-sushi — 7. January 2010 @ 23:05

  116. I agree with the above comment. Why hide your contact information in the first place? Hitting some people with wrong e-mails or images can do more harm than good. If you want to be spam-free, simply do not publish your contact information. ;)

    Comment by EdelBabe — 7. January 2010 @ 23:07

  117. Try build email with javascript *and* DOM

    document.write(document.getElementById(“my_script”).parentNode.firstChild.getAttribute(‘my_chars’)+String.fromCharCode(0x74, 0141, 115-1))

    Comment by est — 12. January 2010 @ 23:01

  118. […] o introducir comentarios entre los tags no solucionan el problema aunque lo minimizan. Según las pruebas que Tillate.com realizó hace ya más de 1 año, estas son las 3 formas más seguras de usar emails en nuestras […]

    Pingback by Las 3 formas más seguras de publicar emails en la web | Omeyas Web — 14. January 2010 @ 10:23

  119. […] article gives two different methods for obfuscating email addresses with CSS. One involves using the […]

    Pingback by 50 New CSS Techniques For Your Next Web Design « SUMERA’S Weblog — 26. January 2010 @ 13:33

  120. […] enden. Es gibt diverse CSS Möglichkeiten, welche aber irgendwie nicht wirklich schön sind. Auf dem Tillate Techblog (Jaja da ist mehr als nur ein Partycommunity ) habe ich einen fast schon steinalten Post zum Thema […]

    Pingback by Email obfuscation « Rootix Blog — 2. February 2010 @ 20:29

  121. […] Methoden wie man E-Mail Links schützen kann. Aber die richtig guten Ideen sind dann in einem Kommentar-Link zu […]

    Pingback by E-Mail Links schützen | bo! hu? co. — 18. February 2010 @ 00:49

  122. Best email protection ideas i have found so far … thank you.

    I’ve published it on my blog too:

    Comment by DerFichtl — 18. February 2010 @ 09:56

  123. […] Judging from the statistics on the effectiveness of email obfuscation methods, my method should prevent over 99 percent of spam. My email obfuscation method is also much more […]

    Pingback by Email Obfuscation, the Accessible Way | Zing-Ming — 18. May 2010 @ 18:55

  124. […] wie man sich vor der spamflut schützen kann gibts hier […]

    Pingback by michael pollak » email verschleiern. — 28. May 2010 @ 22:44

  125. […] of spam compared to 21 MB if the address was posted in plain text. Read about Silvan’s test here and here. What are your experiences with obfuscation? Categories: Technology Tags: bots, […]

    Pingback by Simple measures to choke spambots | Fascination Beach — 9. August 2010 @ 05:51

  126. […] con estas funciones asi como el ejemplo de uso para que puedan hacer sus pruebas.Mas InformaciónNine ways to obfuscate e-mail addresses comparedPHP: str_rot13 – ManualJavaScript str_rot13PHP […]

    Pingback by Técnicas para Ofuscar Email | unijimpe — 9. August 2010 @ 09:13

  127. […] driven. Whereas CSS obfuscation seems to be the most effective (see Figure – Credits: Silvan Mühlemann), the latter method has the big disadvantage to not leave the possibility to make the email address […]

    Pingback by Email Obfuscation (with mailto:) to Avoid Spammers — 9. August 2010 @ 14:53

  128. […] einiger Zeit bin ich über drweb.de auf einen interessanten Artikel auf techblog.tilllate.com gestoßen. Darin wird das Ergebnis eines Versuches beschrieben, bei dem 9 verschiedene extra dafür […]

    Pingback by Schutzmethoden für Email-Adressen — 28. August 2010 @ 16:34

  129. […] article gives two different methods for obfuscating email addresses with CSS. One involves using the […]

    Pingback by 50 New CSS Techniques For Your Next Web Design — 3. September 2010 @ 05:25

  130. […] quotes a study that was conducted starting back in 2006.  The study took 9 different methods of posting an email out in the […]

    Pingback by Spammers Beware! We’ve got your number (for now) | Super User — 7. February 2011 @ 01:25

  131. […] quotes a study that was conducted starting back in 2006.  The study took 9 different methods of posting an email out in the […]

    Pingback by Spammers Beware! We’ve got your number (for now) - Super User Blog — 13. March 2011 @ 08:23

  132. […] be hidden from spam bots. Someone had done a 1.5 year study on nine different obfuscation methods, with three that worked. I decided to apply two of them to the job […]

    Pingback by Spam-proofing email addresses — Kiran Jonnalagadda’s Blog — 22. March 2011 @ 10:10

  133. […] demonstration website is based on a concept outlined by tilllate.com in their “nine ways to obfuscate e-mail addresses compared” […]

    Pingback by Over sixteen ways to obfuscate e-mail addresses — 3. April 2011 @ 12:10

  134. […] entendu parler d’une méthode javascript, pas très sexy…et puis je suis tombé sur ce post (le blog technique d’un site spécialisé dans la photographie de nuit…dans les […]

    Pingback by Sakaroz » Eviter le spam et cacher son e-mail avec un peu de CSS — 11. April 2011 @ 14:42

  135. […] }You have this excellent benchmark of "how robots are intelligent" :http://techblog.tilllate.com/200…This answer .Please specify the necessary improvements. Edit Link Text Show answer summary […]

    Pingback by If I say that my email address is [username] AT gmail DOT com, will it prevent bots from spamming me? - Quora — 23. May 2011 @ 13:45

  136. […] Mühlemann did some research between 2006 and 2008. He found three methods that stopped all spam but, to different extents, […]

    Pingback by Does Email Obfuscation Work? « John Plummer . com — 8. December 2011 @ 17:50

  137. […] Mühlemann has written a blog post about nine different methods he tested over 18 […]

    Pingback by How to Stop Spammers Getting Your Email Address | Stephens Creative — 8. January 2012 @ 06:18

  138. […] Nine ways to obfuscate e-mail addresses compare […]

    Pingback by Does e-mail address obfuscation actually work? — 8. February 2012 @ 06:50

  139. […] possible, I obfuscated my email address to hinder email harvesting spambots. In a high traffic site we run I replaced the email contact […]

    Pingback by Jaime GÓMEZ OBREGÓN — 14. February 2012 @ 20:17

  140. […] a friend pointed me to an old Blog-Post that talks about obfuscating […]

    Pingback by andreas.heigl.org » Blog Archiv » Obfuscate Mail-Address and keep Usability — 6. March 2012 @ 16:02

  141. […] Natürlich gibt es andere, offenbar sehr gut funktionierende Methoden, die besser wirken — doch unter uns: Soll ich als Web-Entwickler wirklich mühsam Zeit aufwenden, […]

    Pingback by Wieso man E-Mail-Adressen im Web nicht verschleiern sollte « think eMeidi — 11. April 2012 @ 18:28

  142. […] something that you have to work around then I’d suggest looking into an alternative methods or if all else fails you could resort to using an image to display your email address, but the […]

    Pingback by How to Obfuscate Email Addresses - Guide | — 22. May 2012 @ 14:22

  143. […] Nine ways to obfuscate e-mail addresses compare […]

    Pingback by Does Email Address Obfuscation Actually Prevent Spam? | IT RSS — 30. November 2012 @ 08:34

  144. […] Nine ways to obfuscate e-mail addresses compare […]

    Pingback by Does Email Address Obfuscation Actually Prevent Spam? — 30. November 2012 @ 14:40

  145. […] Nine ways to obfuscate e-mail addresses compare […]

    Pingback by Does Email Address Obfuscation Actually Prevent Spam? - Phone Fair — 1. December 2012 @ 19:41

  146. […] 2008, Silvan Mühlemann (mildly NSFW) completed an experiment on spam-proofing e-mail. He opened nine distinct e-mail […]

    Pingback by Eternal Sunshine of the Spamless Blog « Kynosarges — 27. January 2013 @ 11:01

  147. […] are loads! Silvan Mühlemann wrote a great article on the subject comparing different methods on his blog – which is worth a read […]

    Pingback by Spam-Preventative Ways of showing your E-mail – Designed by a Turtle — 29. April 2013 @ 11:46

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

© 2018 tilllate Schweiz AG - Powered by WordPress