Fog Creek Software
Discussion Board

Knowledge Base
Terry's Tips
Darren's Tips

How to Protect email addresses on a page

I've been running this code successfully on a few sites to hide email addresses from spam harvesters. It isn't foolproof (if someone wants to manually collect addresses then they can), but if you don't want to or can't use a contact form - this is how I've been using a couple of CityDesk variables to let me eaily insert an email address without thinking too hard about spam.

Create a variable (call it emailscript) and insert the following code. Change the 5th line that starts eatmy = to the second half of your email addess (everything that comes after the AT)

<script language="JavaScript">
function homer(shorts,eatmy,usetext) {
    var nospam = "&#064";
    if (eatmy == "") {
        eatmy = "";
    if (usetext == "") {
        document.writeln("<A href='mailto:"+shorts+nospam+eatmy+"'>"+shorts+nospam+eatmy+"</A>");
    } else {
        document.writeln("<A href='mailto:"+shorts+nospam+eatmy+"'>"+usetext+"</A>");    
// -->

Create a 2nd variable (call it emailme) and insert the following code.
Change myname in the code to be the first part of your email address (everything that comes before the AT in the address)

<script language="JavaScript">
// -->
<noscript>myname "the at sign" bitaftertheat dot com(no spaces)</noscript>

To use:
insert the emailscript variable into your article (preferably within the head tags of the page), and then insert the emailme variable where ever you want to show your email address.

If JavaScript is disabled, the text between no script is displayed instead.

The 2nd variable (emailme) has some changeable options about it.
If you want the text of the link to say something else rather than display the email address, e.g. "email me", then change the homer line to read

    homer("myname","","email me");

So you could set up 2 or 3 variables, e.g. emailme, emailhelpdesk and emailsales and insert the relevant one in the article where required.

To place someone else's email address on the page: insert the emailscript variable, and then switch to HTML view(!) and paste in the code for the 2nd variable. Change the homer line to read

and domainname will be substituted for the default value set in eatmy in your emailscript variable.

There are lots of different ways you can implement this. My logic (like many others) is to use a code to display the AT character, and then break up the parts of the address so that if an automated spambot thingamebob detects an email address, it has to be intelligent enough to read JavaScript to get the address.

Friday, February 20, 2004

Address Scrambler does a similar job, though I found that my email address was harvested anyway.

Now I have a form, so nobody can decipher it. One day they'll figure a way to automate submitting to forms, but I'll just change where the form is and how it submits if that ever happens.
Friday, February 20, 2004

What stops the spam harvester from just processing the javascript?

Friday, February 20, 2004

Dan, nicely done.

I found EmailCloaker the other day:

It's a free nifty little tool by Chad Jones, and now part of my toolbox.

"EmailCloaker is a simple little tool which converts any email address in to a cloaked (hidden) link ready for pasting into your web pages. EmailCloaker uses a three-level cloaking approach so that no spider will ever be able to harvest your email! This program needs no installation, just run it from anywhere.

BTW, the same page also has 3 other free utilities. His KeywordToy was a real eye opener to me and is part of my toolbox now too: "KeywordToy will allow you to type in one or more keyword phrases and see the entire universe of related search phrases - sorted in order of actual popularity. Don't ever optimize for a keyword phrase unless you've verified that people are actually searching for that phrase."

Paul iliano
Friday, February 20, 2004

One of the best ways I have seen to protect an email address on a web site is to display it as a image file. If some one wants to contact you, they have to read it and type it in.

Friday, February 20, 2004

I used a server side script and a web form, this way no page accessible from the outside contains you email address.... really spammer proof, you can read more at

the disadvantage is of course that the initial contact is not made through the readers email program ....


Wolfgang Manousek
Wednesday, March 10, 2004

*  Recent Topics

*  Fog Creek Home