0

I'm creating a new website, so I am thinking about how to protect my email address and phone number against crawlers, I actually mean email harvesters (most of which I suppose don't have JavaScript enabled, but I don't have any proof of it). What I do now is definitely security by obscurity or obfuscation (I might be confusing the two terms), as I want the email address to be normally visible and clickable by the user.

My question for Security SE as I will be posting the code to Code Review SE shortly:

Is security by obscurity / obfuscation a valid option, or do the crawlers = email harvesters have JavaScript enabled?

JavaScript

var item1 = '@';
var item2 = '.';
var m_clear_text = 'test' + item1 + 'example' + item2 + 'com';
var m_html_item = document.getElementById('m_link');
m_html_item.innerHTML = '<a href="mai' + 'lto:' + m_clear_text + '">' + m_clear_text + '</a>';

HTML

<span id="m_link">test [a.t] example [d.o.t] com</span>

My goal was to make even the JS code obfuscated / obscured little bit, I believe this approach might help, but it again depends on whether the email harvesters have JavaScript enabled.

Improve this question
5
  • Not sure if this will help you but did you try obfuscator.io ?
    – camp0
    Commented Jun 10, 2019 at 7:07
  • @camp0 Never tried it, will do now.
    – Vlastimil Burián
    Commented Jun 10, 2019 at 7:14
  • 1
    Have you heard of PhantomJS? Crawlers often use that.
    – forest
    Commented Jun 10, 2019 at 7:40
  • @forest Nope, never heard of it. Thank you.
    – Vlastimil Burián
    Commented Jun 10, 2019 at 7:42
  • What are you trying to protect yourself against? If you put your email address on the internet, you will get spam. That's just background noise. Employing an effective spam filter is much better than trying to hide your email address.
    – user163495
    Commented Jun 11, 2019 at 12:26

1 Answer 1

Reset to default
2

Yes some email harvesters will render the page and scrape the results therefore no matter how obfuscated your JavaScript is, if the JavaScript simply outputs a plain text email it's possible it will be harvested.

On the other hand your html example above likely would not get harvested because they probably don't have that format built into many scrapers.

Another option is to just put an image of your email on your site that is readable to humans but a scraper would never scrape since most harvests don't implement OCR.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .