Comments on: Obfuscate email addresses using PHP

By: SC

SC — Thu, 15 Dec 2011 19:58:25 +0000

I use a php script which was originally conceived and written by Tim Williams of The University of Arizona. The code randomly generate a different encryption key each time it is used and it barely repeating the same. Here is the instruction what and how it does (at) http://www.celticproductions.net/articles/10/email/php+email+obfuscator.html

By: Ingrid

Ingrid — Fri, 18 Mar 2011 19:23:02 +0000

Thank you, this is just what I was looking for. I have a prototype site that a client needed up “urgently” (don’t they all) and I haven’t implemented the CMS yet so this is great for a quick ‘n dirty solution for e-mail obfuscation.

A couple of people commented above that the address could still be harvested but the best approach I’ve found is to use disposable addresses that you publish on the site and get them to forward to another address that a user actually checks – this way when one becomes over-spammed then you can just delete the address (as it is being used for junk) and move onto the next. Personally, my preference is to forgo e-mail links on sites and use contact forms instead but sometimes clients insist.

By: Kyle

Kyle — Fri, 19 Nov 2010 04:11:02 +0000

Hello Roy, I like your post, and I also agree with your post-analysis. It’s not very hard to crack. I wrote a simple function of my own at http://www.php-ease.com/functions/email_link.html that offers a unique solution to the problem which you and your readers might find interesting. Thanks!

By: ND

ND — Wed, 23 Dec 2009 15:24:48 +0000

For a free (beer + libre) script that does it automagically, you may want to look at a script I’ve developed called PrivateDaddy. It obfuscates email addresses automatically, then de-obfuscates them using javascript. User agents without JS work as well. Why don’t you check it out for yourself at http://www.privatedaddy.com.
Thanks,
ND

By: Roy

Roy — Thu, 13 Aug 2009 12:44:18 +0000

@Charles: If you own the site that gets linked to you could probably check for referrers, but if not I have no clue how that would work…

By: Charles

Charles — Wed, 12 Aug 2009 02:32:56 +0000

I’m looking for a method to randomly generate and obfuscate download hyperlinks that expire, such that if a user is given a link for a download and posts the link elsewhere it won’t work again. Can’t seem to turn up anything good on Google.

By: Simon

Simon — Tue, 28 Jul 2009 03:39:45 +0000

Thanks guys, this might help me hide the email addresses on my site from email harvesting robots.

By: Web Development by Christy » Blog Archive » Obfuscate Email Address Using PHP in WP

Sat, 16 May 2009 17:27:14 +0000

[...] across this little tidbit of code and then a nice function left in the comments too. This is great to keep spammers at bay when you [...]

By: Roy

Roy — Wed, 18 Mar 2009 10:35:47 +0000

You’re probably right. Spammers are getting smarter every day, and this kind of encoding isn’t really very hard to crack. Better than nothing, but definitely not watertight. Nor are images btw, considering how even captchas have been unable to stop spammers in a number of cases.

This post was more about code than it was about security.

By: Sherri

Sherri — Tue, 17 Mar 2009 20:25:33 +0000

Hi,

I just wanted to warn that email addresses obfuscated in this way (any kind of encoding or using javascript to encode or create the mail-to link) are still picked up by spammers. I’ve tested this myself and the addresses were ‘found’ by spam bots. Recently this has expanded to addresses written like so: name[at]example[dot]com. At this point I have been forced to switch to images of email addresses and avoid the mailto links altogether. That or I create a contact web form instead. *sigh*