Website email

June 9, 2008 at 9:23 pm | Posted in Internet, Security, Web Design | 4 Comments

@One of the least sensible places to put your email address is on the web. Just as search engines constantly browse the web for new and changed information, other “bots” browse for email addresses they can send spam to. I’m not referring to secure web forms, I’m talking about posted on web pages themselves. Like if I wrote my email address here. You may note, for example, that my “About” page Contact links to a form rather than simply having an email link. That’s why. (I use a separate service due to the limitations of a free blog)

You may find it advisable to have a second email address for use on the wild web – any places where you may be at some risk for having your address lifted, or marketed. Some discussion group and social networking technology plays freely with your email address too. These days, the best alternate email address seems to be gmail, a free webmail service. They have excellent spam catching plus you can just set it up to forward to your regular account. This way, you keep your regular account freer of spam and still get all your email in one place. You can check your email on the road and it will handle attachments up to 20MB.

If you have a web site, the best way to handle sharing your email address is to encode the email address and place the code in a separate file. This makes it much harder for the spam bots to lift it. Your users must have JavaScript enabled for it to work, but this is a minor barrier in most cases.

An old favorite tool was Hivelogic’s Enkoder but its been down for a few months now. They also pulled the formerly available downloadable versions.

Some sites like to use forms rather than links, but these days you need one with Captcha or similar to avoid form spam, a growing issue. And a form requires more work for the end user. But it is more reliable than some email clients.

Recently, I ran into AddressMunger, a web tool for “munging” or encoding email addresses. Its not as encrypted as Enkoder but quite sufficient, especially if saved in an external file. The Mungers options are quite a bit larger and it works fine in all current Windows and Mac browsers I tested it on. You can add subject, body, CC, multiple recipients and more.

To use it as an external file, save the code to an external .js file (without the opening and closing JavaScript lines), link to it with a typical head tag js path, then place the second part they offer in the body where you want the address to appear. You can then call the script for any web page on your site. It has no problem with different addresses on the same page, like you may find with anything that uses body onload code.

The Munger site also has some other tools available, like a form builder, although it requires PHP – something you may need your web hosts approval to use. They also have a handy tool for converting code to displayable text if you are trying to explain web tech.

Of course, there are quite a range of ways of handling email encoding on a site. And many opinions about this or that technique. About the most comprehensive list I’ve seen is Sarven’s blog on the subject. But I do recommend putting the actual email address into a reusable external file. Add in a little Hex or Unicode to the separate file and only the most aggressive crooks would ever bother.

If your email address has been exposed for awhile, newly hiding it will not reduce spam for awhile. But eventually, the spam clouds will begin to clear.


NOTE: See comments for follow-up on Enkoder, now back.


RSS feed for comments on this post. TrackBack URI

  1. the enkoder will return this week, with a few surprises.


  2. Good to hear, Dan. Missed it. It was hard to find an alternative that worked reliably. Was actually holding off posting this for its return, but it had not yet shown.


  3. Just checked – Enkoder is back, at the link above. Thanks Dan!


  4. To put Enkoder in an external JS file (thus reusable across the site), paste the code into an external .js file, removing the opening and closing JavaScript tags and comments.

    Then, place something like the following to call the code on your web page. Just edit the path to the .js file you created above.

    <script language=JavaScript src="code/123.js" type="text/javascript"></script>

    I recommend using the subject option so YOU know where the email originated.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at
Entries and comments feeds.