Public Emails

April 9, 2008 at 1:12 pm | Posted in Internet, Web Design | Leave a comment

If you spend any time on the web, you quickly discover the usefulness of a “public” email address. An address you use in public places and for suppliers you don’t know. is the best fix here. An account is free, it has good anti-spam protection that you can monitor, and you can forward the cleaned mail to another account or download it to your computer with an email program.

If you ‘put up your booth’ in a blog or web site, you want to invite feedback, but a web page “mailto” link is a flag that says “Spam me”. Just as the search engines are constantly ‘crawling’ the web looking for new content, so too the spammers will ‘spider’ for mail links. Now its true that your domain is public, so spammers will automatically try and so forth. But the idea here is not to hand it to them on a silver platter.

There is a variety of solutions to this issue. One is to use a service like I have on this blog on the About page. The contact link takes you to a free Contactify form that ensures a human is sending me contact info. Like those various forms you see now with the jumbled letter ‘password’. Thats a bit of a barrier to a more customer oriented site though. I use it as a free blog has limited custom scripting capability and most people just want to comment.

Some people do the “mail me at site dot com” text thing but thats a pain for customers – especially if you don’t link it. Same with an image of an email address. You’re making customers do the work. You could camouflage the address code using unicode characters, like these, but thats easy for the better bots to translate. Hex values for letters can also be used, as in %66%6f%6f%40, but again can be translated.

Having the email in parts and assembled by a JavaScript is much less likely to be hacked. It does require the user have scripts enabled and reduces accessibility to things like screen readers. Here is some examples of simple and more complex scripts. However, all reveal that they are mail scripts. If you place the script in an external .js file, that would much improve its effectiveness. Just add the path to the in-page JS tag.

This page has a form using JavaScript but also encodes it all in hex values, so even the word “mailto” is not readable. Just be sure to select JavaScript on the simple form. The HTML option gives you the Unicode version I mentioned in the last paragraph but is improved by obscuring all of it and putting it in a URL container rather than “mailto”.

Finally, the email code can be encrypted, then decrypted via JavaScript, thus completely hiding its function. My favorite tool for this, Enkoder, disappeared but I discovered its now here. Again, moving the script to an external .js file makes it available to all pages and makes it even harder to steal.

A small Flash file with a linked getURL mailto is another option, but requires Flash. Someone else suggests a mailto link in TinyURL works – that places your email off the page. Spam bots are unlikely to follow a page URL.

More advanced techniques require server side scripts, beyond the point of this article.

The solution to improve accessibility is to add some plain text like “Contact us”. You could highlight it to readers by making it something like an H6 tag, styled to be appropriate. The reader may not be able to decode a script, but the reader at least knows the script is present there. If you also add a noscript tag and put text like “mail sales at this domain” there, you give screen readers and script blockers an option, if manual.

I also saw an interesting script in the comments of the Sarven link below (search ‘onload’) that uses an external .js with Hex hidden elements but an href link in the page. If the user has JS turned off, they get a contact form.

In any case, none of the solutions is flawless and a mega-bot may still break your code. But by balancing protection with user-friendliness, you can find a solution that moderates the issue with a spam-reduced email account.

Thanks to Sarven for a great summary.


Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a free website or blog at
Entries and comments feeds.