Skip to main content.

Graceful E-Mail Obfuscation

December 31st, 2007

Any email address posted on a web site as plain text or a mailto link will be harvested by spambots and added to lists of email addresses sold to spammers. This includes not only addresses on web pages, but also those in comments and forum discussions. The best way to prevent this is to set up a script on the server to obscure all email addresses site wide in a way that they are hidden from spam bots but still accessible to human users.

A simple solution is to encode the email address with html entities as explained on this encoder page. The danger with this simple solution is that it would not be difficult for spammers to create spambots that will look for and convert these encoded email address.

Roel Van Gils proposes a much more robust solution in Graceful E-Mail Obfuscation. He uses javascript to display email addresses to the human user since up to this point spambots don’t support javascript. For the small percentage of users who have javascript disabled in their browsers, his method displays a page asking the user to answer a simple question before revealing the email address.

Now we just need someone to write a WordPress plugin implementing his solution. Urban Giraffe has a plugin that can be configured to use html entities or javascript, but it doesn’t look like the second method provides a graceful solution for users who have javascript disabled.

Posted by Ken in General

3 Responses to “Graceful E-Mail Obfuscation”

  1. ND says:

    Hmm private daddy does this automagically, without re-writing all the mailto links you already have on your blog! Check it out at

  2. Ken says:

    Thanks for the suggestion. It looks like this rewrites mailto: links as address links that send an encrypted string to, which then returns the clear text email address. So of course they could save the emails and sell them to spammers if they want. For that reason I wanted to know a little more about who is behind this and see some reviews, but a web search turned up very little. I will wait until some people who are knowledgeable about this area check it out and write some reviews.

  3. Nicholas says:

    I wrote a plugin for this. Private Daddy has an image CAPTCHA at the end so is not accessible to the blind.

    Plugin at