The Effectiveness of Email Obfuscation

Speaking of email address obfuscation (I mentioned I never do it and it causes me zero problems), I was pointed to some interesting research by Silvan Mühlemann. It’s only up on Web Archive here, as apparently the original site is gone. 

In 2006, Silvan put up a page on the internet, linked to it, and put nine different email addresses on it, all obfuscated in different ways. 

Here’s the code for posterity:

<p><a href=""></a></p>

<p><a href="">silvan2 AT tilllate DOT com</a></p>

<p><a href="">silvan3</a></p>

<p><a href="">silvan4</a></p>

silvan5<!-- -->@<!--- @ -->till<!-- -->late.<!--- . -->com</p>

<script language="JavaScript" type="text/javascript">
	var string1 = "silvan6";
	var string2 = "@";
	var string3 = "";
	var string4 = string1 + string2 + string3;
	document.write("<a href=" + "mail" + "to:" + string1 +
		string2 + string3 + ">" + string4 + "</a>");

<style type="text/css"> { content: ""; }
<p class="email">email me: </p>

<style type="text/css">
span.codedirection { unicode-bidi:bidi-override; direction: rtl; }

<p><span class="codedirection">moc.etalllit@7navlis</span></p>

<style type="text/css">
p span.displaynone { display:none; }

<p>silvan8@<span class="displaynone">null</span></p>

Only three of which actually worked. 

And all three of those seem pretty awful:

  1. Mailto link won’t work and quite awkward for accessibility
  2. Mailto link won’t work
  3. document.write is bad for performance. Relying upon JavaScript base content isn’t a great idea. Hard to maintain.

I absolutely love the actual research. It confirms to me it’s just not a game I wanna play. 

Leave a Reply

%d bloggers like this: