PerfectMail™ Antispam/Antivirus is a simple, accurate, and easy to use solution! FOLLOW US :
Toll Free: +1 888-451-3131
+1 905-451-9488

Friday, August 30, 2013, 11:37

How can I protect e-mail addresses published on my website?

Category: General

Solution ID: 00000242


We have some email addresses published on our website. They receive more spam than our other addresses. Is there anything we can do to distract the spammers from publicly published email addresses?


Publicly published e-mail addresses are de facto spam magnets. The best thing you can do to reduce spam targeting these addresses is to use a decent anti-spam product like PerfectMail! Make sure you mark any spam messages that get through the filters to aid with training and the development of new anti-spam strategies.

You can also do things on the website to make these message less readable to electronic devices. However, such techniques also make the addresses less available to your website users. But there are some strategies that can help. One thing you can do is present and image of the e-mail address rather than the text itself. Another thing you can do is to present a messaging page where people can send messages directly via your website;make sure to include a captcha element to discourage e-mail address harvesting engines.

If you have a website developer you can use their coding skills to obfuscate your e-mail addresses using JavaScript. On your website replace the domain portion of your e-mail addresses with a bogus address (or better yet a spam trap!) Then use a JavaScript function to rewrite the web page after it is loaded in the web browser. Spammer e-mail scraping programs are unlikely to execute javascript to rewrite the web page, so this should be an effective method of protecting your e-mail addresses.

In the example below the e-mail address "" is protected by displaying it on the initial web page as "", then rewriting that e-mail address after the web page loads. Make sure you add "" to the list of Spam Traps (or Spam Honey Pots) on the PerfectMail Administrators Interface at "Filters > Spam Traps".

Example Web page:
function dom_replace(src,tgt,node){
if (!node) node=document;

if (node.nodeType==1){
if (node.nodeName=='A') node.href = node.href.replace(src,tgt);
}else if (node.nodeType==3){
node.nodeValue = node.nodeValue.replace(src,tgt);

var len = node.childNodes.length;
var child;
for (var i = 0; i < len; i++) {
child = node.childNodes[i];
<body onload="dom_replace('','');";>
<p>In this example I protect addresses for by replacing them with a bogus address.</p>
<p>This method works with both normal HTML text and hyper linked e-mail addresses as well.</p>
<a href=""></a>
The interesting thing is, when you look at the source code for the web page (by pressing <CTRL>+U) you will still see the original e-mail address.

You can also generalize this by embedding the domain replacement in the function, then placing that function in a separate file that you could simply include in all your web pages, where needed.

Tags: html, website, spam, spammer, harvesting, email, address, protect, hide, obfuscate

See Also:

Link to this article: kb/how_protect_email_address_on_website

Updated: Friday, August 30, 2013, 11:37

-- David Rutherford


No comments yet.


Last modified: 2013-08-30, 11:38

© 1999-2013 PerfectMail