You may be able to do something like:

email///[at]///domain///.///com

Remove ///'s and replace [at] with @ for reconstruction of email address.

[healyourchurchwebsite.com...]

Standard disclaimers that if someone can encrypt it, someone can write a bot to decrypt it as well.

what about ascii characters?
I have not used myself but will give it and other techniques a try very shortly due to being completely hammered by spam.

[edited by: tedster at 12:20 am (utc) on June 23, 2004]

Try the thread

[webmasterworld.com...]

which discusses this issue. Probably the best way is to use PHP and have a contact page which is discussed in several discussion threads. There are several JAVASCRIPT ways as well which can be found using google.

neo_brown, that ascii method is really simple to do I wonder how well it works. Maybe someone can comment.

If the ascii hiding method was in wide use, it would quickly loose effectiveness because it is SO easy to crack. To a degree, the same thing is true of js hiding as well.

The thing is that email spamming, and hence address harvesting, is a mass volume business based on keeping overhead way, way down. As long as there is so much low hanging fruit available, then anything that raises your particular branch out of easy reach is effective.

I have never used the ascii method - I began using javascript to hide addresses (plus no catch-all addresses) about 5 years ago and I still enjoy a very quiet inbox with no other spam filtering in place at all.

The advantage of the ascii method is that it shows an address to visitors even if javascsript is turned off. But it does look mighty easy for the harvesters to crack, if they decided to.

Hi again folks - I've removed a few posts here and edited others, because it was turning into a link dropping party for tools. Anyone with a search engine can find tools for this job, and I don't want to be promoting any one over all the others.

So thanks for the thought behind your suggestions, but let's leave the specific links alone and talk about the various approaches instead.

In fact, the opening thread asked if there is a way to hide your address with html - and one answer IS using ascii.

Ron,

I can confirm that hiding with ASCII does not work any longer. I did a test on one site with both formats (ASCII & JavaScript) about a year ago. The ASCII addresses started getting spam within about a week. The JavaScript address got some spam from one site after about 6 months, but I am pretty sure that someone from that site actually visited the page and added the address by hand. I had to take down the ASCII addresses, but the JavaScript ones still seem to be doing the best job.

JavaScript worked marvellously for me, but I've started getting spam to protected addresses over the last couple of weeks. Not large amounts, but some busy bee has put the addresses onto one of the spam lists.

Maybe soon time to find another technique.

I've also found that simple asci techniques and character encoding do not work. I use a combination of character encoding and Javascript. The result looks and acts like a normal mailto link when Javascript is enabled and is human-readable when disabled.

With the method I use, email@example.com becomes:

<script language="Javascript" type="text/javascript">
<!--
document.write('<a href="mai');
document.write('lto');
document.write(':&#101;&#109;&#97;&#105;&#108;');
document.write('@');
document.write('&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#99;&#111;&#109;">');
document.write('&#101;&#109;&#97;&#105;&#108;');
document.write('@');
document.write('&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#99;&#111;&#109;<\/a>');
// -->
</script><noscript>&#101;&#109;&#97;&#105;&#108; at &#101;&#120;&#97;&#109;&#112;&#108;&#101; dot &#99;&#111;&#109;</noscript>

I haven't seen a harvesting program get it yet and use this to protect several client sites.

[edited by: tedster at 9:42 pm (utc) on June 24, 2004]

While we are on this subject, let me throw in one more variable - forms. Do spammers have software that harvest form URL's and then send email through them automatically? I use an ASP form mailer with the email address on the form. You cannot get to the form's URL as the windows server won't let you. But that doesn't stop someone from sending spam through the form. I am not concerned about one individual sending one spam message, I am concerned about them being able to do it automatically on a repeat basis.

Would I be better off getting rid of the form and then using a JS/obfuscator mailto like described in this thread? Or, would making a field mandetory (other than the usual email and name fields) prevent form spam?

While we are on this subject, let me throw in one more variable - forms. Do spammers have software that harvest form URL's and then send email through them automatically? I use an ASP form mailer with the email address on the form. You cannot get to the form's URL as the windows server won't let you. But that doesn't stop someone from sending spam through the form. I am not concerned about one individual sending one spam message, I am concerned about them being able to do it automatically on a repeat basis.

Would I be better off getting rid of the form and then using a JS/obfuscator mailto like described in this thread? Or, would making a field mandetory (other than the usual email and name fields) prevent form spam?

Generally, the type of forms that spammers look for are ones that allow them to exploit a poorly secured form to send their spam to other people.

Ron, a form is most always preferable to the JS obfuscation methods pointed out here. As long as the e-mail recipient isn't visible in the page source then you're safe.

Bill, that's what I thought. But the spammers are getting me anyway and I can't figure out how.

They're getting you through a form? If that's the case then change the address receiving the mail from the form and make sure the form isn't broadcasting the e-mail address in the source of the page containing the form.

Can someone tell me how to hide for example a mailto link so that spammers can't find the email address with a robots or spiders.

You could just not put a mailto link. I know people who put their email address as an image, without a mailto link. Not very accessiblity-aware, I know, but it should beat the harvesters unless they harvest by hand.

However I always seem to find that spam finds it's way to me one way or another, and I haven't really seen a noticable increase in spam after posting a particular address on a website. But maybe other people have different experiences with this.

The email addresss in my form is not actually in the form but in the form mailer. It is an asp mailer and cannot be opened in a browser as the Windows 2003 server it is on won't let people accesss that page. But still I get spam. I am wondering if we are all getting spam by virture of the fact that we merely send email over the interenet. Since the internet is one big network with mail travling here and there, perhaps there just is no way to not get harvested by people who work in the ISP industry. Techs working on graveyard shifts, etc.

I think the spammers might get addresses from people's email.

I recieved a bounced-back piece of spam about a month or so ago. The return-address on the original spam had been spoofed as one of my addresses (ie the spam had been a "Joe-job"). Only thing was, this email address, although valid, appears absolutely nowhere except as a return-address in forum digests. Sending a message to this address gets you an automatic reply telling you how to post on the forum - and that's all it's used for.

The most likely explanantion that I could think of is that one of my subscribers had got a virus which read his/her emails, took addresses from them, and used these addresses for both the recipients and senders in the spam emails it created.

If this sort of thing is happening, then I don't think there's anything that can be done about it, apart from insisting that everyone you email has up-to-date virus protection. And how are you going to do that?

The good news is that this only happened once to me, so the address doesn't seem to have been forwarded to an address list.