Encrypt your email address on your website


This Lifehacker post about encrypting text on your website using Javascript reminded me of some little known OS X-only software that I use on my websites.

Email Encoder from Closenit Sofware is a free and brilliant little app that weighs in at all of 68k. The basic idea is that you input your email address and the link text into Email Encoder and it spits out some seemingly random characters that you paste into your webpage/blog/whatever you post online that you don’t want spambots harvesting your email from. To a bot, you get something like this:


But when you click on the address, your email client pops up and the address is there just like a normal email link.

Now that is useful javascripted text encryption, only on your mac.



Πάτησε στο δεσμό ιστοσελίδας που βρήκα στο δικτυακό τόπο του VisitBritain – τον επίσημο δικτυακό τόπο για τον τουρισμό στη Βρετανία:Ο VisitBritain παρέχει επίσημους οδηγούς προορισμών, ταξιδιωτικές κρατήσεις και καταλύματα, μεταξύ των οποίων ξενοδοχεία εγγυημένης ποιότητας, εργαλεία για το σχεδιασμό των διακοπών, πληροφορίες πτήσεων προς και σε όλη τη Βρετανία, καθώς και πληθώρα ταξιδιωτικών συμβουλών. Εάν η σελίδα δεν ανοίγει, εκκινήστε το φυλλομετρητή ιστού (Ï€.χ. Internet explorer), αντιγράψτε και επικολλήστε το δεσμό στο πεδίο διευθύνσεων.



What you show there is no email encrypting!!!
It only is a transformation from normal ASCII characters to a unicode based character-set.

This is a good first step and better than nothing (for mail forms, guestbooks a.s.o.). But this is not really enough (not for your own website, where you can script what you want / need.

It would be better to really program a little Script which transform your unicode characters with a little not really difficult encrypting algorithm into a confused set of characters.
Maybe by using something like an initial vector, multiply (or whatever) it with the ASCII Char-Value for the next character and calculate it mod a prim number.

So you always get values between [1, n-1] when n is the chosen prim number.

The text, shown on the website, must although be something the “world” can read. So you can maybe put a image there with your adress or put instead of the @ a image which show the at or … whatever you want.
When a user click the adress, a little javascript function will be called, getting the encoded characters as parameter and decrypt the characters back into your unicode characters, which a normal browser (or email program) can handle.

This is not a tooo difficult to implement (maybe the popular Typo3 CMS use something like that).
But all users disabled javascript can´t click your email adress. So what?
Tough luck! They can write it down themselves.

Don´t be tooo friendly about all, when thinking about a more save world and something like email encrypting.

A little suggestion.
Whom of you use PGP? Use it! It´s a first step to a better and more save world of internet communications. I never got a signed email and if I will get one, I can say that I mistrust the key. That´s it … and it´s easy. And noone (really noone, if you are not publicate your private key) can read your private mails and others can be sure, it´s you writing there! :)


Hm, actually, the parser for the blog software automatically parsed the entities above, :-) so the code one-liners appear wrong. Anyway…


Hmm, but what about the poor devils who browse withouot javascript eh? Screen-readers and such.

Contact forms would seem to be the better answer to the spam issue.

BJ Clark

TheBobs:They could. They could also incorporate “[at]” or “_at_” or “at” or whatever into their own algorithms. There’s not really a fool proof way to do it, I guess you could write some sort of pgp/blowfish/md5/etc. based, unbreakable, javascripted thing, but these seem to do the trick. The ones linked to also work great. I’ve used Enkoder and SpamStopper also, both work great. but NOTHING is fool proof.


Why can’t spambots just incorporate this into their own algorithms?

BJ Clark

Rick: This is only for when a spam-bot tries to “scrape” your email address from a webpage. The bot will only get the random characters but a human gets the real address.


You’ve confused me. I always thought that the problem was having a clickable link for an email address, not what it looks like (?).


maury mccown at RailHeadDesign has a neat simple tool for this too, SpamStopper. Check it at

Comments are closed.