Defeat the Email Scrapers and Spammers

It’s very convenient to show your sales or customer support email addresses on your website…especially if you make them clickable. But, guess what…the evil slimebag scrapers and spammers out there will eventually crawl your site, looking for href="mailto:somebody@somewhere.com" or even just the somebody@somewhere.com kind of pattern. And they’ll scrape that email address off, stick it on a CD with 66 million other victims, and voila…now you’re the proud recipient of 100 emails a day for Kohl’s coupons, ED pills, etc.

If you’re on WordPress, there’s this awesome little plugin that will encrypt your email addresses for you, and decrypt them for real human users so they’re still clickable. But safe from spammers. I use it on my WordPress sites, and highly recommend it.

If you’re not on WordPress, though, I’ve written an encrypt/decrypt mechanism that’s pretty easy to use.

IIS Users – Classic ASP

First, you put this function in an #include file and include it in each page that needs to show email addresses:


'----------------------------------------------------------------------------
'Obfuscates an email address to foil spammer-scrapers
'----------------------------------------------------------------------------
Function ObfuscateEmail (sOriginal)
Dim sTmp, iLength, iTmp, sTmp2

iLength = Len (sOriginal)
iTmp = CLng(1)
sTmp = ""

Do while (iTmp <= iLength)
If (iTmp Mod 7 = 0) Then
sTmp = sTmp & Mid (sOriginal, iTmp, 1)
Else
sTmp = sTmp & "&#" & Asc (Mid (sOriginal, iTmp, 1)) & ";"
End If

iTmp = iTmp + 1
Loop

sTmp = "" & sTmp & ""
iLength = Len (sTmp)
iTmp = CLng(1)
sTmp2 = ""

Do while (iTmp <= iLength)
sTmp2 = Mid (sTmp, iTmp, 1) & sTmp2
iTmp = iTmp + 1
Loop

ObfuscateEmail = ""
End Function

Then, in your page, where you want to put the email address, you call that function like this:


Nice people (not spammers!) can email us at <%=ObfuscateEmail("support@visualitineraries.com")%>.

In this example, it’ll show up as support@visualitineraries.com and be clickable, i.e. will launch their email program with that address in the To: field. In the raw HTML source, however, that email address and the mailto: bit will be character-by-character reversed in order, and each letter converted to a numeric ASCII encoding of the letter. It’ll look something like this:

Obfuscating to stop scrapers and spammers

 

Last thing to do: include a Javascript file with the client-side code that unscrambles the email address. Here’s the code that goes in that Javascript file:


function reObfuscate (sTmp)
{
document.write(reObfuscateCore (sTmp));
}

function reObfuscateCore (sTmp)
{
var i = 0;
var sOutput = "";

while (i < sTmp.length) {
sOutput = sTmp.charAt(i) + sOutput;
i = i + 1;
}

return sOutput;
}

function unEncodeEmailChars (sTmp)
{
var i = 0;
var iNum = 0;
var sNum = "";
var sOutput = "";
var chChar = "x";

while (i < sTmp.length) {
if (sTmp.charAt (i) == "&")
{
sNum = "";
i = i + 2; /// skip &#

if (sTmp.charAt (i) != ";")
{
sNum = sNum + sTmp.charAt(i);
i = i + 1;
}

if (sTmp.charAt (i) != ";")
{
sNum = sNum + sTmp.charAt(i);
i = i + 1;
}

if (sTmp.charAt (i) != ";")
{
sNum = sNum + sTmp.charAt(i);
i = i + 1;
}

if (sTmp.charAt (i) == ";")
{
i = i + 1;
}

iNum = parseInt(sNum);
chChar = String.fromCharCode(iNum);
sOutput = sOutput + chChar;
}
else
{
sOutput = sOutput + sTmp.charAt(i);
i = i + 1;
}
}

return sOutput;
}

What happens is this: when the page loads, the browser calls the inline client-side Javascript function reObfuscate(), which is embedded in the HTML right where the email is to be displayed, and that takes the scrambled email address and unscrambles it on-the-fly.

Apache Users – PHP

Here’s your PHP function implementation:


<?php
//----------------------------------------------------------------------------
//Obfuscates an email address to foil spammer-scrapers
//----------------------------------------------------------------------------
function ObfuscateEmail ($sOriginal)
{
$iLength = strlen ($sOriginal);
$sTmp = "";

for ($iTmp = 0; $iTmp < $iLength; $iTmp++) {
if (($iTmp + 1) % 7 == 0)
$sTmp = $sTmp . substr ($sOriginal, $iTmp, 1);
else
$sTmp = $sTmp . "&#" . ord (substr ($sOriginal, $iTmp, 1)) . ";";
}

$sTmp = "<a href=\"mailto:" . $sTmp . "\">" . $sTmp . "</a>";
$iLength = strlen ($sTmp);
$sTmp2 = "";

for ($iTmp = 0; $iTmp < $iLength; $iTmp++) {
$sTmp2 = substr ($sTmp, $iTmp, 1) . $sTmp2;
}

echo "<SCRIPT language='JavaScript' type='text/javascript'>reObfuscate('" . $sTmp2 . "');</script>";
}
?>

Then, you call it this way on the page:


Nice people (not spammers!) can email us at <?php ObfuscateEmail("support@visualitineraries.com") ?>.

Leave a Reply

Your email address will not be published. Required fields are marked *

Independent search engine optimization (SEO) consultant Michael Cottam. Independent SEO Consultant Michael Cottam http://www.michaelcottam.com/wp-content/uploads/2014/03/independent-seo-consultant-michael-cottam.jpg
56859 Gina Lane, Bend, OR US 97707 (503) 283-0177
PO Box 4279, Sunriver, OR US 97707 (503) 283-0177
43.865158 -121.480477