Spam-Proof Email Addresses
Outwit the Spam Harvester Robots

Automated programs scour the web looking for email addresses to “harvest” for email lists that eventually will be used to send the unsolicited emails we all know as spam. It’s simple for one of these programs to recognize an email address – if it has the “@” character it’s almost certainly an email address.

Some web sites post the email addresses with a minor adjustment that humans can notice: “yourname at yourdomain.com” and a human who reads it knows to change the “at” to the “@” character. But a harvester program can also know this, and it can be taught to recognize this kind of basic protection. It’s always a battle to outwit the programmers, and it’s not a winnable battle.

There are numerous applications that use javascript or other programming to create email addresses that can be seen perfectly by humans, but are invisible to the harvester programs. Oddly, some of these apps go way overboard – they create code for the hidden email address that end up hundreds or even thousands of characters in length! The email is hidden, but this is what a hidden email address looks like in the web page code:

yourname@yourdomain.com =
function hiveware_enkoder(){var i,j,x,y,x=
"x=\"3i0~xf;;\\\\=\\\"0x\\\"';'i=;\\\\j==\\\\\\\"+47\\\\e\\\\\\\\'5\\\\\\\\" +
"vba37\\\\\\\\fl0(6S4S=xy.;xic(c)h15\\\\\\\\da(rd\\\\\\\"(yA6t2r{=)(30b\\\\" +
"\\\\2\\\\)r)t\\\"66;;sxbdy6==ux3t's'.9s269f7ucb560f=sst.6+2;rx(=7f7o1x)d3r" +
"b(;2y2uis;=2'e.465';;)466if)o02=70r((36;eii6=62deh05;3xtegi;.)2n4.xj.(7x5." +
"lre1+l'en6gf%661t6h2967e;tisfe7n+b=ueg6t1s076h1;)8{2'l(.yc+3ex56=.xy629i.=" +
"sy7+0=u}bdp760s6t0d765r2(1f.6ii;,)d;6)54),5{4f;i}6aocrffo6s0e7r3(66f56i(=r" +
"69d(5t;s7j3=ib.crMoax3.2f=}il6ee;(6rnugsf76tt.hx1h6.;=i2)m4i+e=2,ai31802(f" +
"eo)+{y6f4ny{+)6(\\\\\\\\=8x5x\\\\\\\\..6s9rlt;u6b1s'b6s=t+u4\\\\\\\\ri(;7\\"+
"\\\\\"eih,6\\\\\\\\n\\\\54)7\\\\g\\\\\\\\;9}4t\\\\\\\\hyt=g6c2'yn.es=.yslu" +
"6xt=,b2sn+i7+tur=57=0(.jxxAEr).;\\\"ya{h;j=e)c8)val(=;D-x.ch7-fjarAt6.9x(0" +
"))+(il;x=x;ah>.subt=Uistr(&;\\\\\\\\1);y)\\\\\\\\v='';\\\\\\\\e\\\\for(\\\\"+
"=\\\\\\\\i=0;j\\\\\\\\;i.x.g{nylenge+l=th;i.x\\\\\\\\+=2)\\\\\\\\\\\\\\\\{" +
"y+=\\\\\\\\`\\\\x.su\\\\6\\\\\\\"bstr\\\\\\\\y\\\\(i,1\\\\}\\\\\\\\);}f;\\" +
"\\\\\".or(ixc.h=1;iia;r.x.l0)=7engtxe;3h;i+629A=2){=ti(y+=x(jr).subo)62str" +
"(1,\\\\\\\\i,1)i\\\\\\\\2;}y=\\\\\\\\;\\\\y.su\\\"}\\\\\\\\bstr}\\\\\\\\y(" +
"j);\";j=eval(x.charAt(0));x=x.substr(1);y='';for(i=0;i.x.length;i+=8){y+=x" +
".substr(i,4);}for(i=4;i.x.length;i+=8){y+=x.substr(i,4);}y=y.substr(j);";
while(x=eval(x));}hiveware_enkoder();

The programming works, but having several of these hidden email addresses on a web page creates very unwieldy and hard to manage pages of code.

The algorithm (programming process) to create hidden email addresses can be much simpler than something like the above example. Imagine a simple code that changes each letter to a number: a =1, b=2, c=3, and so on:

yourname@yourdomain.com =
('25,15,21,18,14,1,13,5,@,25,15,21,18,4,15,13,1,9,14,.,3,15,13');

This would be the first part of a way to hide email addresses, except an automated program could easily figure this out to learn how it works.

The second step is where the creative programming comes in. Instead of “A” always equaling “1”, “B” always being “2”, etc., the programmer added an “offset” based on the length of the email address. It simply shifts the code so that “A” might equal “138”, “B” would be “139”, and so on. If the harvester doesn’t know the “offset” it can’t decode the email address. And since the “offset” is always different based on the email address itself, the secret of the code method stays protected. Here is the fully protected email address and it’s just one line of code:

yourname@yourdomain.com =
('144|134|140|137|133|120|132|124|87|144|134|140|137|123|134|132|120|128|133|69|122|134|132');

The code to create the hidden email address is free to use by anyone, and even folks with limited web code experience can put this to work in your own web site.

Here’s the link to the page where the code can be generated – the instructions are all there for you:

http://www.kenric.com/AntiSpambotMailto.html

If you’ve got a web page and you can see your email address clearly in the html code, then spambots can see it too. Use this AntiSpambotMailto() application to hide every email address in your web pages and you’ll be taking a major step to cut down on the spam email you receive.

Enjoy! (And always hide your email addresses!)

–Marc
December 24, 2007 @ 10:00 AM