Max Euston

How to protect your email address on web pages

Here is a simple javascript technique to help "hide" an email address on a web page.

Since "spam spiders" (automated programs that gather email addresses from web pages) will likely see your page (including this one), we need some method to not let them know what our email address is.

Let's say your email address is: honeypot@euston.net

The "normal" web page

You would normally use code like this on your web page:

  <A HREF="mailto:honeypot@euston.net">Email me</A>

The "false sense of security" web page

While you could replace some (or all) characters with their equivalent HTML code numbers (like replace the '@' with '@'), this will only work with "very dumb spam spiders".

  <A HREF="mailto:honeypot&#64;euston.net">Email me</A>

The "safer" web page

Instead, let's "hide" our email address and use inline javascript to "reveal" it.

First, we need a function that "does something". This one simply reverses a string (change 'elppa' to 'apple'):

<!-- Hide script from "older" browsers
<SCRIPT TYPE="text/javascript">
function
nospam(n)
{
  e = ""
  for (i=n.length;i>=0;i--) {
    e += n.charAt(i)
  }
  return e
}
</SCRIPT>
-->

Now, we can use a variation of the "normal" HTML code above:

  <A HREF="mailto:honeypot(at)euston.net"
             onmouseover="this.href=nospam(&quot;ten.notsue@topyenoh:otliam&quot;)">Email me</A>

When a user with a javascript-enabled browser moves their mouse over the "hidden" link, javascript will quickly change it to the "revealed" one.

Here's what is looks like in your browser: Email me

Since "spam spiders" don't run javascript (this may be changing), this means only "real humans" will see your email address.

*** REMEMBER ***

When trying to avoid spam, don't forget about non-javascript browsers and visually impaired (or blind) users! The unmodified HREF should have simple instructions that can be read by a screen reader and understood by a human (but not a "spam spider").

For a "real world" example, take a look at the source of my home page, or disable javascript in your browser and click on the "email me" link (on my home page).