How to Obfuscate Email Addresses on Web Pages

Web crawling is one of the primary sources of email address for spammers.  Any web page you expose to the public internet will quickly be slurped up by web crawlers and parsed for email addresses.  This happens with amazing alacrity. For example, I put up this email link at about 10am on a Monday morning, and received the first spam the following day at 1:13pm.

The solution to the problem is to obfuscate email addresses. I have chosen to do this with a simple JavaScript function named mailto.


How To Do It

Step 1.
In your HTML header, between the <head> and </head> tags, add the mailto function, including the <script></script> tags:


function mailto(Name, Domain, UnderlinedText, Subject)
document.write('<a href="mailto:' + Name + '@' + Domain);
if (arguments.length == 4)
document.write('?subject=' + Subject);
document.write('\">' + UnderlinedText + '</a>');


Right click on this page and select View Source to see an example.

Step 2.
Anywhere on the HTML page where you wish to create an email link, you simply call the mailto function like this:

<script>mailto("MailboxName", "DomainName", "UnderLinedText", "EmailSubject");</script>

That's all there is to it.


How to Use It

Right click on this page and select View Source to see exactly how each of the links below was created.

Click to send email to Bob Smith.

Click to send email to Bob Smith with the subject "Hello World".



Putting the entire function in the HTML header on every page is tedious, so here's how to make it easier.

Step 1
Store the mailto function in a text file, and name it JSlib.js (This  file must not contain <script> </script> tags.) Place this file in any directory you choose; the example below uses a directory named /Scripts.

Step 2
Instead of typing in the entire mailto function in the HTML header, put this single line instead:

<script src="/Scripts/JSlib.js" language="JavaScript"></script>

Now, when the browser loads the page, it inserts the entire JSlib.js file automatically.


How Does It Work?

This JavaScript code is executed by the web browser as  the HTML page loads.  So when someone looks at the page with a browser, the mailto function simply assembles a properly formed email address from the constituent parts, and spits it onto the page intact. Web crawlers, however, simply grab the raw HTML page parses it for email addresses. Since no canonical email addresses exist in your HTML, none can be extracted.