Hackosis

Silvan over at techblog.tilllate.com has done some research results for us on the best ways of obfuscating email addresses on a web page.

The method used involved nine different code snippits and came up with three over a period of one and a half years that received zero spam.

The Three Methods:

1. Changing the code direction with CSS:
   HTML [Show Styled Code]:

   
   
   email@domain.com
   

   HTML [Show Plain Code]:

   1. <style type="text/css"> 
   2. span.codedirection { unicode-bidi:bidi-override; direction: rtl; } 
   3. </style> 
   4. <p><span class="codedirection">email@domain.com</span></p>

 

2. Using CSS display:none:
   HTML [Show Styled Code]:

   
   
   email@nulldomain.com
   

   HTML [Show Plain Code]:

   1. <style type="text/css"> 
   2. p span.displaynone { display:none; } 
   3. </style> 
   4. <p>email@<span class="displaynone">null</span>domain.com</p>

 

3. ROT13 Encryption (using rot13 or str_rot13):
   HTML [Show Styled Code]:

   silvanfoobar's Mail

   HTML [Show Plain Code]:

   1. <script type="text/javascript"> 
   2. document.write("<n uers=\"znvygb:fvyinasbbone10@gvyyyngr.pbz\" ery=\"absbyybj\">".replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c<="Z"?90:122)>=(cc=c.charCodeAt(0)+13)?c:c-26);})); 
   3. </script>silvanfoobar’s Mail</a>

See more about this at techblog.tilllate.com. I noticed he didn’t other methods that I’ve seen such as breaking out the email address in a non-visible table, etc.

Have any other tips to obfuscate email addresses? Let us know in the comments.