When programming I always go for elegance and this method of e-mail obfuscation suggested by Roel Van Gils is probably one of the more elegant solutions that I have come across. It involves a bit of work, but, done properly, can instantly provide site-wide e-mail obfuscation.

The basic idea is to utilize PHP’s output buffering feature to parse the HTML file and replace all e-mail links with innocent-looking hyperlinks to a secondary validation page or a contact page thus stopping bots from harvesting your e-mail.

For regular users that have JavaScript turned on, the e-mail address is de-obfuscated and replaced with a regular clickable email link, though I am not sure why anyone would want to do that when form mail is so much better (I hate how mailto links will launch an external e-mail program).

The article does not cover it, but this type of security comes at the expense of CPU and memory, since every page gets parsed though it may be eased up a bit by Apache and PHP’s caching / buffering technology but my knowledge is very limited in this area so I am not too sure if it does benefit from either.

Another downside to this solution is that it is reliant on PHP and Apache, though I can think of ways to do something similar in ASP.Net and IIS.

One very practical application of this solution is for large-scale websites such as a social networking site or the international site of a huge firm. Another practical application would be for web hosting providers — maybe a module/plugin for CPanel, Plesk, or H-Sphere can be created to automatically provide spam protection for hosted websites.

Just like all software, I am sure any persistent spammer can find a way to reverse and de-obfuscate the e-mail addresses, so an evolution of this system could be encrypting the links using MD5 for example.

There are a lot of exciting possibilities with this ingenious idea, though in the end it is a never ending game of catch-up with spammers.

Share This