Timeline for Does e-mail address obfuscation actually work?
Current License: CC BY-SA 4.0
36 events
when toggle format | what | by | license | comment | |
---|---|---|---|---|---|
Mar 23, 2019 at 3:19 | comment | added | phuclv | you don't need CSS to reverse the direction. You can use Unicode RTL override characters U+202D and U+202E directly like this Java code. For example this email address is not what people think moc.elpmaxe@zyx | |
S Dec 7, 2018 at 9:01 | history | suggested | CommunityBot | CC BY-SA 4.0 |
Replace link with web.archive.org link, the current version appears to be defunct.
|
Dec 7, 2018 at 8:41 | review | Suggested edits | |||
S Dec 7, 2018 at 9:01 | |||||
Oct 7, 2015 at 12:13 | comment | added | micheal65536 | They didn't cover my personal favourite: [email protected] (or [email protected]). | |
Aug 12, 2015 at 8:03 | comment | added | Joost | Thanks for checking :) I realise that your comment was likely just outdated, but I figured it would be beneficial to anyone reading this now to be aware of the changed situation. | |
Aug 12, 2015 at 7:06 | comment | added | jakub.g | @Joost I just checked and while it was the case in Firefox 3.6, it's no longer the case with Firefox (since at least 11+) nor Chrome. Note my comment comes from 2011 :) | |
Aug 11, 2015 at 14:20 | comment | added | Joost |
@jakub.g I cannot quite reproduce that. What browser are you using? When I copy my e-mail address containing spans that were set to display:none; , it leaves them out as expected..
|
|
S May 6, 2015 at 9:29 | history | suggested | Ian Kemp | CC BY-SA 3.0 |
corrected typo
|
May 6, 2015 at 7:29 | review | Suggested edits | |||
S May 6, 2015 at 9:29 | |||||
Aug 11, 2013 at 6:23 | comment | added | abernier |
@Sidnicious: in response to this drawback we can use progressive enhancement with JS: onmouseover="this.innerText=this.innerText.split('').reverse().join(''); this.style.unicodeBidi=''; this.removeAttribute('onmouseover');" which reverse-back the email on mouseover, so the user can copy/paste safely. Demo: bl.ocks.org/abernier/6203636
|
|
Mar 31, 2013 at 0:09 | comment | added | bancer |
method #3 works well with 'mailto:'. Just encrypt mailto:... also. Visit the link in the answer.
|
|
Feb 13, 2012 at 19:28 | comment | added | Josh | This test is now 4 years old, and at the top of a google search. I would guess by now someone the masking methods registering "0" would be defeated by some spam bots. | |
Sep 21, 2011 at 16:58 | comment | added | jakub.g |
@Sidnicious: Unfortunately 'CSS display:none' trick is also not really usable as after you select and copy, you end up with [email protected] . User might not see the difference after copying (unless you put sth like "REMOVETHIS" in place of foo).
|
|
S Mar 30, 2011 at 22:44 | history | suggested | Zano | CC BY-SA 2.5 |
fixed missing @ (non-trivial one character edit)
|
Mar 30, 2011 at 22:40 | review | Suggested edits | |||
S Mar 30, 2011 at 22:44 | |||||
Jan 25, 2011 at 16:14 | comment | added | wildpeaks | @akira You're right, I was just mentionning that it was an original usage of css compared compared to the commonly proposed javascript or hide-some-part-of-the-text css ideas. | |
Jan 25, 2011 at 16:08 | comment | added | akira | @wildpeaks: the only working solutions imho are the ones that incorporate "mailto:" and make it easier for our beloved special users to send an email. otherwise a contact form fullfills the task of hiding the receiver and sending a message just better. | |
Jan 25, 2011 at 15:32 | comment | added | wildpeaks | It's a shame that the rtl idea is not compatible with simple copy/paste, it was a creative solution. | |
Jan 22, 2011 at 11:42 | history | edited | Jeff Atwood | CC BY-SA 2.5 |
decided I don't like the numbered list here, it adds nothing but noise
|
Jan 22, 2011 at 2:41 | history | edited | Jeff Atwood | CC BY-SA 2.5 |
indent 8 spaces for code in a list, please see /editing-help
|
Jan 22, 2011 at 0:31 | comment | added | Free Consulting | @ijw, yeah, w/o proper™ e-mail links this study worth nothing | |
Jan 21, 2011 at 18:14 | comment | added | s4y |
When I copied the rtl example on the linked page (Chrome 8, Mac), moc.etalllit@7raboofnavlis ended up on my clipboard. So, maybe this is not so practical for real-world use.
|
|
Jan 21, 2011 at 17:16 | comment | added | ijw | @akira: I agree. But for a testing methodology it'll do, to compare 'with mailto' versus 'without mailto'. I'm sure some sort of hybrid approach could be used, too, where someone with JS disabled (typically power users, nowadays - sorry, blind people, I haven't a good answer for you) would get a human readable obfuscated version, but with JS running the address would be cleaned up automatically. | |
Jan 21, 2011 at 17:08 | comment | added | akira | @ijw: with mailto: i only see jscript methods "working", the failure rate for real "users" to interprete that is just too high, think your mum or your grandma ... if they click mailto: they want their outlook ready to fire. | |
Jan 21, 2011 at 17:00 | comment | added | ijw | I'd like to see this study redone with methods that produce mailto: links rather than simple text email addresses. A spambot might react differently if it sees a mailto: with an obfuscated address in, whether the de-obfuscation is done by JS or human intervention - it's a strong hint there's a mail address there - but mailto: links are a lot more useful to readers. | |
Jan 21, 2011 at 16:28 | comment | added | ufotds |
@akira: a bot might have to execute some code to parse/process input, however that needn't be javascript, especially as methods like the above will probably not be customized by most users. The strength of my email address is: gmail <- willy comes from the fact that you invent something new every time. Admittedly there might be a bar for beginning computer users to understand them, just like with captchas. Further obviously there is no absolute way to keep a spammer from finding an existing email address as a mailer-deamon replies for a non existing one and not for an existing one...
|
|
Jan 21, 2011 at 16:03 | comment | added | Free Consulting | @Gareth, it more likely what this number is quite high. The further address presentation go away from mailto: scheme, the greater the number of users who chosen to not bother sending hello. | |
Jan 21, 2011 at 15:53 | vote | accept | Kyle Cronin | ||
Jan 21, 2011 at 15:19 | comment | added | akira | @ufotds: if the bot is a mini-webbrowser with jscript and DOM .. yes. i personally find it hard for a bot resolve <span class="foo">siht</span>@<span>foo</span><span class="bar">moc</span>. add to that fancy css stuff like :before ... or using jscript to fetch the email from a different source ... and note, the tests showed what worked and what not. as a side note: what makes patterns like (a->) harder to detect, seriously? | |
Jan 21, 2011 at 15:08 | comment | added | ufotds |
note that all of the above methods are relatively easily detected by a bot if wanted. What is not included in the test is the more individually made up variations to ON and AT that you can make up like: willy (a->) gmail for example
|
|
Jan 21, 2011 at 15:00 | comment | added | chrisaycock |
I use JS to build my address from an encrypted source, which displays as a visible source to anyone with a JS-enabled browser. But I have a blind friend, so I'm mindful of lynx (text-only) users. So I have a noscript portion that has my DOT/AT obfuscated address.
|
|
Jan 21, 2011 at 14:11 | history | edited | akira | CC BY-SA 2.5 |
changed markup a bit to no hit the rendering-"bug" of SU
|
Jan 21, 2011 at 13:53 | comment | added | akira | @Gareth: the real-email-addresss is plainly visible with methods 1, 2, 6, 7 and 8, with 2 and 5 they are (re)built by jscript and are again clearly visible and even work with "mailto:" (coz the jscript modifies the dom so it all looks good). you will notice that the most effective methods are the ones that result in "the user has to do nothing to read / interpret" the mailaddress. "visible" means "you can just copy N paste the email off your browser. | |
Jan 21, 2011 at 13:52 | history | edited | akira | CC BY-SA 2.5 |
transfered the data from the grafic into this post, also provided relevant obsfucation techniques
|
Jan 21, 2011 at 12:02 | comment | added | Gareth | Unfortunately, what this doesn't show is the number of real users who avoided sending email because the address was hard to retrieve in the various formats. I'm sure that number would be small, but it's unlikely to be zero | |
Jan 21, 2011 at 7:11 | history | answered | akira | CC BY-SA 2.5 |