Client Services

Client-Side E-Mail Obscurer Version 2.0

Description

This javascript tool facilitates obscuring e-mail tags within a web page. The tool is provided as an aid to web developers of hosted sites who do not have access to server-side programming facilities.

The method combines standard web obscuring methods with a small script to reveal the true address.

The following two standard techniques are used to obscure the e-mail address.

1) Change the address by including obvious antispan visual clues. i.e. me@nospam-mymail.org
2) Mask the address by using character translation. i.e %6d%65%40%6e etc. This will be displayed correctly by the browser, but throw off most crawlers.

In addition a client-side script removes the "nospam" fudge for genuine browsers.
In this latest version browser detection has been removed, this simplifies the script making it more efficient.
Unfortunately any visitor with scripting disabled will not receive the unobscured address, however the obvious visual "clue" should be sufficient for most people to remove manually.

We are currently unaware of any spiders utilizing scripting technologies that would overcome direct obfucation. However, please be advised that offline analysis could also be employed by spammers to obtain the correct address, although current analysis leads us to believe that few, if any, employ the additional effort.

How To Install

Installation is in 1 or 2 steps. Step 1 by itself will hobble most crawlers. Step 2 is only required for the scripted version.

Step 1 - Character Translation

Use character translation to obscure your e-mail address.

Fill in the address data then click the "Obscure" button. Cut and paste the result into your favourite page editor. NOTE: the data is not validated.

If you intend to install the script include a "nospam--" (note the double "-" signs) message immediately after the "@" sign.
The "nospam--" message can be anything you want, as long as it is immediately after the "@" and ends with "--" (double minus signs).

E-Mail Address (eg j.smith@nospam-company.com)

E-Mail Text (eg John Smith)

Result (cut and paste)

The routine "MailObscure" removes the "nospam-" text when the page is loaded.

Step 2 - Scripting Version

If you selected the "Use Scripted Version" then you must include the following script definition at the head of your page.

Cut and paste the following into the HEAD section of your web page (between the <HEAD> and </HEAD> tags).

NOTE: This code is specific to Zenica Web Clients hosted on Zenica Web Servers.

If you are not hosted on a Zenica server you will need to download the E-mail Obscurer source code and locate it on your own server, but please remember to change the path to suit.

This program and technique is offered "as is" without any warranty, guarantee or support. Use at your own risk.

How and Why

Many organizations employ automated web crawlers (robots or bots) to scan the Internet. As authors we appreciate the like of gogglebot to ensure major search engines list our sites.

We also like to present our e-mails on our pages, similar to "Contact the Webmaster at master@company.com".

Unfortunately, the same bots that get us noticed, also get us noticed - by Spammers. And that leads to spam.

One way to overcome this problem is to use one of the free e-mail systems. e.g. HotMail, and change it regularly. Which kind of defeats the objective.

A better way is to disguise your e-mail address.

This can be done simply by adding human understandable "clues" such as "nospam" to the published url. e.g. web@nospam-myco.com. Most people know to remove it when replying. Most bots don't.

Another way is to use browser codes to disguise the url. e.g. the code - &#104;&#105; - is displayed as hi. Again, most bots chose not to handle it.

Our analysis has shown (at the time of writing) that 99% of all e-mail bots don't handle these simple disguises.

The other 1% can be handled by being creative with your "clue". i.e. try "no spam please -", instead of just plain "nospam-".

However, humans aren't perfect, and we keep getting complaints by some who say they can't get through on our "nospam" address.

For these "friends" we have included a script that automatically removes the "nospam" clue when they open the page - we are currently unaware of any bots that execute scripts.

Unfortunately if scripting is disabled the visitor must remove the "clue" manually.

Version 2.0 - Browser detection has been removed to improve efficiency. Due to the extensive proliferation of mobile devices, and the fact that (at time of writing) many do not have scripting, and due to the large number of bots emulating browsers, browser detection became superfluous.