"Hide email addresses in plain sight and keep those spam harvesters off your back."
Back to Internet Security

Protecting your email addresses in HTML pages.

No VictimEver wonder how spammers get your email adress? There are actually several ways, the easiest and most common is called 'email address harvesting' it is easy to make and simple to undertake. It works on the same principle as web robots, just like google. A bad spider or bot will visit your website and follow all you page links to examine all your pages. It will look for a single word/sentence combination that contains a '@' symbol and a "." fullstop. If found, it has a potential email address and stores it to the spammers database of addresses. It is just that simple!

Hiding email addresses in plain sight

Standard HTML email address encoding

Standard HTML email address encoding

Adapted HTML email address encoding

Standard HTML email address encoding

How does it work?

No More SPAMAs simple as it is to detect email addresses in HTML pages, it's just as simple to hide them. What we do is use a bit of javascript to construct the correct HTML email address encoding on demand. It is a known fact that robots do not 1. load and 2. read or execute javascript. And we use the human viewers browser to construct the email address when they load an view the page.

You can download the 'format.js javascript file and include it in the page. The format of the command is: 'format('nnn', 'dddddd' , '#','')' where nnn = Name, dddddd = domain name and # = the number of the domain extention as listed below.

  • 0 = .com
  • 1 = .org
  • 2 = .net
  • 3 = .ws
  • 4 = .info
  • 10 = .co.uk
  • 11 = .org.uk
  • 12 = .gov.uk
  • 13 = .ac.uk
  • 14 = .nl
  • 15 = .fr
  • 17 = .eu

For my email adress it would be format('jeroen', 'steeman', 1, '') and creates an active email address of the users browser.

An effective way to halt email harvesters from leeching email addresses from your websites for spam activity. I recommend you use it everywhere where you display email addresses on web pages, like your contact page.

Note: Google, as a scraper bot can read javascript! This is a signal that it is only a matter of time before email harvesting spam bots will be able to do the same. To date however, where routines like this are used, a drop in spam rate more than 95% in a few months can be achieved.

Format.js code

var(tld_ = New Array())

tld_[0] = "com";

tld_[1] = "org";

tld_[2] = "net";

tld_[3] = "ws";

tld_[4] = "info";

tld_[10] = "co.uk";

tld_[11] = "org.uk";

tld_[12] = "gov.uk";

tld_[13] = "ac.uk";

tld_[14] = "nl";

tld_[15] = "fr";

tld_[16] = "nl";

tld_[17] = "eu";

var topDom_ = 17;

var m_ = "mailto:";

var a_ = "@";

var d_ = ".";


function formater(name, dom, tl, params)


 var s = e(name,dom,tl);

 document.write('<a href="'+m_+s+params+'">'+s+'</a>');


function mail2(name, dom, tl, params, display)


 document.write('<a href="'+m_+e(name,dom,tl)+params+'">'+display+'</a>');


function e(name, dom, tl)


 var s = name+a_;

        If (tl! = -2) Then


  s+= dom;

            If (tl >= 0) Then

   s+= d_+tld_[tl];



  s+= swapper(dom);

 return s;


function swapper(d)


 var s = "";

 for (var i=0; i<d.length; i+=2)

  if (i+1==d.length)

                s += d.charAt(i)


   s+= d.charAt(i+1)+d.charAt(i);

 return s.replace(/\?/g,'.');


Back to Internet Security