Hide Mailto: link

Question

I have varying mailto: email address on my site which are now being hit with various harvesters and subsequently I'm being spammed.

Can anyone assist me in creating some PHP code for the following:

<a href="mailto:[email protected]">[email protected]</a>

To prevent the address from being harvested and equally can I use this script on various email address displayed on the site?

Thanks

Answer 1

Others have suggested writing the e-mail address using JavaScript's document.write(). I don't like this approach because it's easily defeated by bots that bother actually rendering the page. I have received spam on e-mail addresses "protected" this way (not as much and not as quickly as unprotected addresses, but still it comes).

My preferred approach is to write the link using a dummy e-mail address (which can go to a honeypot e-mail address on your mail server, so you can determine which server IP addresses to blacklist). Then use an onClick handler on the link to substitute in the real e-mail address when the user clicks it. No e-mail harvester is going to send a click event to every link on a page, it just wouldn't work.

<a href="mailto:[email protected]" 
   onClick="this.href=this.href.replace('fake', 'real')">
Send Us E-mail</a>

In this example we start with "[email protected]" and replace "fake" with "real" when the user clicks the link.

Another idea I like is to have the user enter their e-mail address into a form. Then you send them an e-mail using a script. They reply to that e-mail address to initiate contact with you. In other words, they don't get your e-mail address until they give you a valid one of their own, and your address is never on the site.

Answer 2

The best solution that I've found is to use a bit of javascript. You call a function, passing in the address, and it will print out the link for you. Since most bots don't process javascript, this should work for a majority of cases:

<script type='text/javascript'>
    function email(name, domain, withlink) {
        var addr = name + '@' + domain;
        if(withlink) {
            document.write('<a href="mailto:' + addr + '">' + addr + '</a>');
        } else {
            document.write(addr);
        }
    }
</script>

And then, when you want to print an email address on the site:

<script>email('myuser', 'mydomain');</script>

If you want it to make it a clickable link:

<script>email('myuser', 'mydomain', true);</script>

Note: This is untested, but it should work. There are also more advanced techniques, which some of the other answers touch on, but most of them build off of a base like this.