I am sure that everyone is aware of Spam, or "Unsolicited Commercial Email" as we are supposed to call it. In fact it doesn't bother me too much unless it starts to get offensive. I can hit the delete key as fast as it arrives and, with plenty of experience, I can recognise most of them from the titles. However it does bother some people and, as a lot of the addresses on this site belong to other people, I make every effort to protect them from it.

What is spam

There are a number of different types of spam which it is worth distinguishing.

The bulk mailers of both the main types (unless they buy the lists) use what is called a “harvesting spider” to collect email addresses from, amongst other places, web pages. This is a program which follows links from one site to the next looking for the addresses on peoples home pages. There are two basic types. There is the raw spider which does all the link following for itself. These are generally employed by those mailers of the second type above who don't care what the addresses are. The other type employs commercial search engines to do the choosing work and are more selective. They can get lists of addresses for people interested in a particular topic by employing the keyword matching facilities of the search engine. Some harvesters employ both techniques.

The use of this technique has recently (March 2003) been confirmed by a research project carried out by the [Off Site] Center for Democracy & Technology. See their [Off Site] online report on the subject.

The objective of this page is to help you to make it as hard as possible for them. This is done by employing every means possible to disguise the fact that a page contains an email address whilst making it usable for the purpose for which it was intended—enabling your friends and customers to contact you.

Techniques to avoid getting it

I have searched around the web and discovered three or four techniques which I will tell you about.

Sorting it out when it arrives

With the best will in the world, you are not going to be able to avoid getting some. This means that you need to filter it out and quarantine it when it arives so that your eyes are not offended and you are not tempted to open it. The best software that I have discovered for sorting your mail into “spam” and “ham” (and any other catagories if you like) is [Off Site] POPFile, an open source freeware product. There are possibly other good products but I think those using Bayes Theorem to do the filtering stand the best long term chance. They take a little while to teach good from bad (rather like children) but do a better job in the long run.

Addresses on web pages

Now for the meat of this page (not spam). What is the best way to obfuscate (nice word that) an address in a web page to combat all but the most sophisticated crawler, for you will not stop them all this way. I have devised a method which combines a number of the techniques described above and is still “clickable”—you can see it in action on my family page. It uses a) disguising the @ sign with the numeric entity b) breaks the email address into unrecognisable chunks combined back together with a JavaScript function c) inserting HTML into the address to break it up further d) displays the visible @ sign as a very small graphical gif which no robot will recognise e) provides a nice little envelope email bullet to tell people what it is. f) Provides an alternative means of contact for those users who do not have JavaScript available. Here is an example:—

(it is not a real address!) Here is the code that does it (three different options, the last one is new and quite slick). There may be some benefit in altering the order of the parameters so the account does not appear before the domain and, maybe, even breaking the domain up. I am sure that given the technique you can adapt it in any way that you want.

function mail(account, domain, realname)
  document.write("<a href='mai" + "lto:" + account + "&#64;" + domain + "'><img \
    border='0' src='mail.gif' \
    alt='[EMail]' width='15' height='12' />" + realname + "</a>");

function xmail(account, domain)
  document.write("<a href='mai" + "lto:" + account + "&#64;" + domain + "'><img \
    border='0' src='mail.gif' \
    alt='[EMail]' width='15' height='12' />" + account + "<img border='0' \
    src='at.gif' alt='@' width='15' height='12' />" + domain + "</a>");

function mailto(account, domain) 
  window.location = 'mai' + 'lto:' + account + '%40' + domain; 

The download contains this code plus the images, instructions and examples.

This software is published Open Source Freeware. You are free to use the programs either in full or part without charge. I wouldn’t mind a credit and a link though <grin>.

No warranty is given or implied by the use of the software which you do at your own risk. No compensation can be considered regarding damage to data, computers or any thing else arising as a result of using these programs. In particular I don't, and cannot, guarantee that you will be free from spam by using it.


I try to keep my system virus free but you do check downloaded files yourself, don’t you? <grin>

8 Jul 2006

mail.exe (72K self extracting) or mail.zip (4K)


of ZIP file.

Version: PGP Desktop 9.0.6 (Build 6060) - not licensed for commercial use: www.pgp.com


My public key can be found here or on the public key servers identified by Rick Parsons & west-penwith.org.uk.