Ashley Sheridan​.co.uk

Anti-Spam Email Script

Posted on

Often in forums and blogs, I see people asking how to cut back on spammers getting to their email addresses on a page. The most frequent solution to this problem is to disguise the email, in the hope that the spam bots (scripts purposely built for scouring the webs' pages for email addresses) will be unable to recognise the non-standard format. Below are just some of the ways of email obfuscation:

emails = Array("gppAcas/dpn"); function emailLink(emailNum) { emailString = ''; for(i=0; i<emails[emailNum].length; i++) { ascii = emails[emailNum].charCodeAt(i); ascii --; character = String.fromCharCode(ascii); emailString += character; } output = '<a href="' + 'ma' + 'ilto: ' + emailString + '">'; output += emailString; output += '</a>'; document.write(output); return true; }

The script above uses several key techniques to disguise the email, and I'm fairly confident that it will be some time before spam bots are sophisticated enough to extract an email from the script.

Line 1 is where the email addresses are kept. Each array element represents a different address. Each character is replaced by the one which follows it in the alphabet, and special characters such as '@' and '.' are replaced by a 'A' and '/' respectively (as these are the next characters to occur in the ASCII table.)

The function begins on line 3, accepting as a parameter, the index of the email address in the above array to use. This will be 0 for the first one, 1 for the second, etc.

Line 6 sets up a loop to iterate through all the characters in the encrypted email address, as a character-by-character conversion needs to take place.

Lines 8-11 obtain the ASCII code from the character, subtracts 1 from this value and creates a new character from the new value, adding it to a string which will contain the whole correct address once the loop has completed.

Lines 13-15 create the HTML to output, making sure that the word "mailto" is not in one piece, as this could be a potential give-away to spam bots that an email address actually exists.

The function is best stored in an external script file, as it allows for easier updating for larger sites. You would then call the script with this code to include it in your web page:

<script language="javascript" type="text/javascript" src="email.js"></script>

And finally use it with this code:

<script language="javascript" type="text/javascript">emailLink(0);</script> <noscript>Message to display if script is disabled/not available</noscript>