The Effectiveness of Email Obfuscation

Speaking of email address obfuscation (I mentioned I never do it and it causes me zero problems), I was pointed to some interesting research by Silvan Mühlemann. It’s only up on Web Archive here, as apparently the original site is gone. 

In 2006, Silvan put up a page on the internet, linked to it, and put nine different email addresses on it, all obfuscated in different ways. 

Here’s the code for posterity:

<p><a href="https://web.archive.org/web/20180422184621/mailto:silvan1@tilllate.com">silvan1@tilllate.com</a></p>

<p><a href="https://web.archive.org/web/20180422184621/mailto:silvan2ATtilllateDOTcom">silvan2 AT tilllate DOT com</a></p>

<p><a href="https://web.archive.org/web/20180422184621/mailto:silvan3@tilllate.com">silvan3</a></p>

<p><a href="https://web.archive.org/web/20180422184621/mailto:%73%69%6c%76%61%6e%34%40%74%69%6c%6c%6c%61%74%65%2e%63%6f%6d">silvan4</a></p>

silvan5<!-- -->@<!--- @ -->till<!-- -->late.<!--- . -->com</p>

<p>
<script language="JavaScript" type="text/javascript">
<!--
	var string1 = "silvan6";
	var string2 = "@";
	var string3 = "tilllate.com";
	var string4 = string1 + string2 + string3;
	document.write("<a href=" + "mail" + "to:" + string1 +
		string2 + string3 + ">" + string4 + "</a>");
//-->
</script>
</p>

<style type="text/css">
p.email:after { content: "silvan6\40tilllate.com"; }
</style>
<p class="email">email me: </p>

<style type="text/css">
span.codedirection { unicode-bidi:bidi-override; direction: rtl; }
</style>

<p><span class="codedirection">moc.etalllit@7navlis</span></p>

<style type="text/css">
p span.displaynone { display:none; }
</style>

<p>silvan8@<span class="displaynone">null</span>tilllate.com</p>

Only three of which actually worked. 

And all three of those seem pretty awful:

  1. Mailto link won’t work and quite awkward for accessibility
  2. Mailto link won’t work
  3. document.write is bad for performance. Relying upon JavaScript base content isn’t a great idea. Hard to maintain.

I absolutely love the actual research. It confirms to me it’s just not a game I wanna play. 

Leave a Reply