Blog

Unobtrusive spambot-proof email links using JavaScript with MooTools

8 Aug 2007 |

0 trackbacks |

6 comments
Tags

Tags: unobtrusive, spambot, email, javascript, mootools

Well it's about time I blogged again, so I thought I'd share a nice bit of code I wrote a while ago to get JavaScript to dynamically convert all my email addresses within a page to linked (or unlinked) proper address with the @ sign and everything.

The reason for not putting them as real email addresses in the first place is that spambots can scan through the page and retrieve emails automatically.

This is where the JavaScript comes in. Using JavaScript, we can set up an event to scan through the page once it's loaded and convert the email addresses to real, clickable email addresses. And since it's been done client-side with JavaScript, spambots won't be seeing them.

So with your emails in HTML like this:

<span class="email">mail [at] joelg [dot] co [dot] uk</span><br/>
<span class="email nolink">jgascoigne [at] hotmail [dot] com</span>

We can use this bit of JavaScript, using some MooTools features, to change them to real emails which are clickable by default and with the additional 'nolink' class become plain emails with no link.

The JavaScript looks like this:

/* convert all elements with class name 'email' to valid 
clickable email links, protected from email harvesters */

window.addEvent('domready', function() { // run the script once the page has loaded

	emailProtect();

});

function emailProtect() {
	var emailElements = $('content').getElements('.email'); // get all elements with class name 'email'
	for(i = 0; i < emailElements.length; i++) { // for each email element
		if(emailElements[i].hasClass('nolink')) {
			link=false;
		}
		else link=true;
		current = emailElements[i].innerHTML; // retrieve the innerHTML
		current = current.replace(/\[at\]/g, "@"); // convert occurences of [at] to the HTML entity for @
		current = current.replace(/\[dot\]/g, "."); // convert occurences of [dot] to the HTML entity for .
		current = current.replace(/ /g, ""); // remove spaces
		if(link) {
			emailElements[i].innerHTML = "<a href=\"mailto:" + current + "\">" + current + "</a>"; // set the innerHTML to a clickable email link
		}
		else {
			emailElements[i].innerHTML = current; // set the innerHTML to email
		}
	}
}

The end result:

mail [at] joelg [dot] co [dot] uk
jgascoigne [at] hotmail [dot] com

To use this code, simply include the above JavaScript, saved as emailprotect.js, and MooTools in the head of your page:

<script src="/js/mootools.v1.11.js" type="text/javascript"></script>
<script src="/js/emailprotect.js" type="text/javascript"></script>

If someone doesn't have JavaScript, they'll see the email in the long form. So it's completely unobtrusive, and it works well for me.

Feel free to use the code, alter it, do whatever you want. Grab the JavaScript here. Let me know if it's been useful, I'd love to hear from people.

0 Trackbacks

No trackbacks yet.

6 Comments

1 Daniel Bull

Heya Joel. It looks like a cool idea, but in some sense there are still problems. Firstly, if someone doesn’t have or enable java scripting in their browser it won’t work. (an obvious one) and secondly, modern bots will still notice that its a disguised email. A method I would choose to use would be to have the email address automatically converted and displayed as an image file on the server side. PHP can do this with its image creation function although you’ll need GD2 installed on your server which is likely. http://www.webmonkey.com/99/25/index3a.html for ideas.

In other news, I’m getting to a tricky part on website in my placement… I could do with a hand designing the actual login and members area… all the other code is now in place it’s just securing the area which is left to do.

Posted on 12th Aug 2007 at 12:08 | Permanent Link

2 Joel Gascoigne

Hi Dan,

Good to hear from you!

I’ve made a comment in the blog post with regards graceful degredation for users without JavaScript. If they do not have JavaScript installed, they will instead see the email spelled out, for examplel: mail [at] joelg [dot] co [dot] uk. I feel this is more than sufficient and users will be able to work out the email.

As for your second point, that modern bots will recognise that it is a disguised email: The bots will only see the email as something like ‘mail’ + ‘@’ + ‘joelg’ + ‘.’ + ‘co’ + ‘.’ + ‘uk’. I think this will be very hard to decode, since they won’t know if the email has a subdomain, for example. The code can easily be altered to use html entity codes for any of the symbols and even other characters, for extra security.

Your solution is one which I have previously given some thought to, and there is one serious issue with it. The problem is, I want to display clickable email links, and even if the email can be converted to an image, for the email to be clickable the email will be in the source, which the bots will scan through. So therefore some sort of JavaScript function would be required to hide it anyway, and therefore the email may aswell be text. I also feel my solution is more elegant than having images around the page.

I’ll email you about the php for a members area.

Posted on 15th Aug 2007 at 18:27 | Permanent Link

3 bti

Very good site. Thank you:-)
telecharger gratuitement microsoft pictures it
é»æ³¢æ°èç¤¾
str de 485
iroc

bti
acrylics
novelty
felted
verbage

colored greeting card envelopes
lee clow quotes
top greeting

baize
bridal registry cards

luncheon
the knot
sihl
magic the gathering sleeves
payments
pokemon card album

Posted on 12th May 2008 at 14:50 | Permanent Link

4 bti

Very good site. Thank you:-)
telecharger gratuitement microsoft pictures it
é»æ³¢æ°èç¤¾
str de 485
iroc

bti
acrylics
novelty
felted
verbage