Email Obfuscation

Although it's customary to allow readers of your web pages to send messages to you, there is a danger to posting your email address on the web, for bots to extract and add your email address to a spammer's list. The safest thing is probably to never put your email out in the first place. But if you still want to give readers the opportunity to contact you, one option could therefore be a web-form, which sends the contents back to the server, which then runs a script that sends you an email. The address is, in theory, never "visible" to people filling in the form, or automatic bots.

I'm not that well versed in server-side scripting, and I'm not even sure I am allowed to have scripts running on the server where my pages are hosted. So, I recently discovered what looks to me like an ingenious alternative: using JavaScript to de-obfuscate an "encoded" email address in a mailto: link.

I found the following script on The WaSP website (in the code).

/* SETMAJER_DEOBFUSCATE 1.0
de-obfuscates an email address in a MAILTO: link;
PARAMETERS
--
MARKUP NEEDED
- anchor (A) tag with a MAILTO: URL as the value of the HREF attribute
- the @ in the email addy should be replaced with the string '-REPLACE_WITH_AT_SYMBOL-'
- the body of the email should be set to 'replace%20-REPLACE_WITH_AT_SYMBOL-%20in%20the%20to:%20address%20with%20@'
using the query string method (i.e. ?body= or &body= depending on whether the subject has been defined
STYLES NEEDED
--
*/
function setmajer_deobfuscate() {
var anchors,numAnchors,currAnchor,i
//    get an array of the anchors in the document
    anchors = document.getElementsByTagName('A');
    numAnchors = anchors.length;
//    iterate through the anchors
    for (i = 0; i < anchors.length; i++) {
        currAnchor = anchors [i];
//        if the anchor is a MAILTO:, replace the obfuscation slug with the '@' symbol
        if (currAnchor.href.match(/mailto:/i)) {
            currAnchor.href = currAnchor.href.replace(/-REPLACE_WITH_AT_SYMBOL-/,'@')
            currAnchor.href = currAnchor.href.replace(/([?&]|\&)body=replace%20-REPLACE_WITH_AT_SYMBOL-%20in%20the%20to:%20address%20with%20@/,'')
        }
    }
}
    

Neat. I modified it slightly for myself to also replace a '-[dot]-' with a period, just for some extra obfuscation. I've seen other methods out there, some of which can be found via a simple search for "Email obfuscation" or somesuch. I also admit that I don't really understand the need for the second replacement (of the email body specified in the href. I can't wait to try this out.