Comments on: How to Safely Share Your Email Address on a Website

By: Roel Van Gils

Roel Van Gils — Tue, 29 Nov 2022 22:50:11 +0000

Flashback to 15 (!) years ago: Graceful E-Mail Obfuscation (A List Apart). By yours truly :)

By: andre

andre — Mon, 28 Nov 2022 12:55:48 +0000

no javascript - maybe i am wrong - but i normaly use this: in HTML: <a href="#" class="cryptedmail" data-davor="stuttgart43" data-wohin="juweliere-kraemer" data-ende="de" ></a> in css

.cryptedmail:after {
    content: attr(data-davor) "@" attr(data-wohin) "." attr(data-ende);
}

By: David

David — Fri, 25 Nov 2022 15:51:44 +0000

I came here trying to see if there’s a modern solution, but I’m surprised it’s still the same as 20 years ago (I’m getting old ).

There’s no doubt that bots can parse JavaScript and HTML encoded characters now… maybe not all of them, but probably a lot more now, especially with the importance of JavaScript crawlers and client-side code being almost fully parsed by Google’s own bots.

So what would be the best solution? Would an initial ajax call, only triggered once user interaction is detected (keyboard event, click event, scroll event, focus events, visibilitychange event) with crsf code / nonce to validate the request does come from the intended website… is it overkill?

By: Mfon

Mfon — Sat, 22 Oct 2022 22:04:38 +0000

The level of spam emails is getting way too much! They even manage to beat Gmail spam filters and land inbox!

I just feel spammers will always find a way to spam no matter how careful you are.

By: Marcus J

Marcus J — Fri, 21 Oct 2022 16:17:18 +0000

For the Javascript version, it seems like it would be helpful to offer a button/link to “Copy Email Address” for people (like me) who never bothered to set up a default mail client. It would be an easy add using navigator.clipboard.writeText()

By: Graeme

Graeme — Thu, 20 Oct 2022 14:27:00 +0000

Display an address that is correctly formed but miss-spelt so the scraper gets a ‘good’ address and does not look any further. Then at onclick call a short script to correct the spelling error.
This works fine for my site.

By: tomyo

tomyo — Thu, 20 Oct 2022 12:54:39 +0000

In reply to John Crim. Nice idea! Do you know if it actually works against bots?

By: Markus

Markus — Thu, 20 Oct 2022 10:38:51 +0000

In reply to Ian. Pssst - don't tell. Spambot could be updated to recognise Entities! Up to now (for simplicity) they only scan for the @-sign.

By: hdrz

hdrz — Thu, 20 Oct 2022 08:53:09 +0000

I used to have the email address encoded with rot13, and 1 line of javascript to decode on mouse hover/click. very simple and effective. Can’t find it now, but a simple google search will.

By: DJ Doena

DJ Doena — Wed, 19 Oct 2022 15:27:10 +0000

In reply to DJ Doena. Since it decodes the string in the comment, for display I use the UTF-8 code 64 for the @ and the code 46 for the dot and put blanks in between so that the email looks like above but a regex parser would fail to recognize it.

By: DJ Doena

DJ Doena — Wed, 19 Oct 2022 15:19:48 +0000

I also solved it with a bit of javascript as well as a bit of UTF-8 encoding for display:

  function OpenMail()
  {
     var name = "email";
     var at = "@";
     var domain = "address";
     var dot = ".";
     var tld = "com";
     var address = name + at + domain + dot + tld;
     location.href = "mailto:" + address;
  }

email @ address . com

By: Kęstutis

Kęstutis — Wed, 19 Oct 2022 09:18:51 +0000

Thanks for the article Lorenzo

By: Jan Coenen

Jan Coenen — Mon, 17 Oct 2022 16:05:40 +0000

In reply to Limbikh. ok, I did this:

<script defer>
        document.querySelectorAll('.e-mail').forEach(e => { 
            e.addEventListener("click", event => {
                // prevent href=#
                event.preventDefault();
                // get the (reversed) email address of the calling anchor
                z=event.currentTarget;
                y=getComputedStyle(z,'::after');
                x=y.getPropertyValue('content');
                // reverse string rtl
                v=x.split("").reverse().join("");
                // remove all ""
                v=v.replace(/['"]+/g, '');
                // start default e-mail client (also test on mobile!)
                window.location.href="mailto://"+v;
            })
        });
    </script>

By: jamacoe

jamacoe — Mon, 17 Oct 2022 05:20:40 +0000

In reply to Limbikh. How can I make that clickable to start default mail client, ideally w/o javascript? <a class=e-mail data-user="resu" data-website="moc.niamod" href="mailto://"></a>

By: John Crim

John Crim — Sat, 15 Oct 2022 03:32:49 +0000

In reply to John Crim. The shadow DOM code:

    if (this.innerHTML.trim().length === 0) {
      let mailDisplayElt: Element | ShadowRoot = this;
      if (!!this.attachShadow) {
        mailDisplayElt = this.attachShadow({ mode: 'closed' });
      }
      mailDisplayElt.innerHTML = getMailDisplay(base64EmailAddress);
    }

Thank you for the article! The article and the comments have a bunch of good ideas.