If you are like many internet users, you receive spam in your email. Publicly available email addresses that are posted on a web site are particularly prone to receiving spam. The best way to combat unsolicited email addresses is to prevent spammers from retrieving these email addresses.

Spammers use a easily available and simple mechanism to retrieve email addresses from your web site. Like a search engine, they simply walk through all of the pages on your site using the available links, download the pages, and search for things that look like email addresses. (The "@" sign is usually is a good tip-off.) This is called scraping your site for emails.

There are some tricks to attempting to hide email addresses from spammers, such as encoding your email as escape sequences, or similar methods, however, spammers have already found ways of retrieving these types of encodings as they are easily programmed.

Realize that the world of spam and counter-spam is like an arms race; As spam filters (e.g. counter-spam) come up with new ways of identifying spam, spammers come up with new methods to bypass spam filters. Likewise, as new methods of hiding email addresses on web pages are developed (counter-spam), spammers develop new methods of retrieving and scraping emails.

That said, no method is 100% secure. A spammer can manually visit your site and retrieve email addresses. In most cases, this is labor intensive and would be impossible for any high volume spammer to do. This is the basis for our email encryption tool.

The best method known so far for hiding an email address from a spammer who may be scraping your site for emails is to encrypt the email address using JavaScript.

How does it work? We take the entire link, which may consist of:

<a href="mailto:contact@example.com">Contact us</a>

And perform a simple Caesar encryption on it and generate the JavaScript code automatically to decrypt it:

<script language="JavaScript">
var e = unescape("%3Db%21isfg%3E%23nbjmup%3BdpoubduAfybnqmf/dpn%23%3FDpoubdu%21vt%3D0b%3F");
var i,p='';for(i=0;i<e.length;i++){p+=String.fromCharCode(((e.charCodeAt(i)-32-1)%240)+32);}
<noscript>contact -at- example.com</noscript>

Spammers who are scraping web sites can not easily parse or decrypt this email address, while any web browser which has JavaScript will show the correct link.

It is not currently known if spammers have implemented a JavaScript-aware scraping tool which would make the above email address visible, however, this method is very reliable for most web sites' purposes.