Does Email Obfuscation Work? Results

Four years ago I started a test to see how well different email obfuscation techniques worked to thwart spammers.

My requirements in order of preference were:

  1. A clickable link.
  2. Gracefull degrade for users without javascript.
  3. Users should be able to copy the email address to the clipboard.
  4. It should be easy for me to insert an email address on a page.
  5. It should reduce spam.

Well, it’s been 4 years and here are the results:

Method (see original post for explanations) Emails in inbox percentage of plain text
Using plain text 247 100%
Using AT DOT 48 19%
Using AT DOT and javascript to de-obfuscate 45 18%
Using code direction 0 0%
Using style=”display:none” 1 0%
Using ROT13 0 0%

These addresses all pointed at Gmail inboxes and Gmail deletes spam after 30 days so the spam folder counts can be ignored.

When I started the experiment I hoped the AT DOT and javascript to de-obfuscate as that seemed to fill most of my requirments but the spammer’s crawlers have obviously cracked that trick (not hard I know). The best solution would seem to be an <a> link using ROT13 and the text of the link either a span using code direction or applying the style to the <a> link itself.

Something like:


<p>
email:
<script type="text/javascript">
// <![CDATA[
document.write(
"<n uers="znvygb:anzr@qbznva.pbz">".replace(/[a-zA-Z]/g, function(c){return String.fromCharCode((c<="Z"?90:122)>=(c=c.charCodeAt(0)+13)?c:c26);}));
// ]]>
</script>
<span style="unicode-bidi:bidi-override; direction: rtl">moc.niamod@eman</span>
</a>
</p>

view raw

email.html

hosted with ❤ by GitHub

Messy (and unchecked / written by hand) but I guess an email address will not change much so, once the correct code is worked out, it could be added to a snippet or clipboard manager.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.