Securing an E-mail Address on a Web Page


      The typical way to place a link to an E-mail address on a web page is with a mailto command. The example here shows an E-mail to Zelda, who is zjones@xgh.com.

      On a web page, one sees:
E-mail Zelda
      The web page code for that is
E-mail <A Href=mailto:zjones@xgh.com>Zelda</A>

      This is the method seen in textbooks. It is also totally insecure. Spammers search web pages looking for a mailto: so they can tell folks about seemingly naive wealthy Nigerians, et al.
      Thus, one needs a secure equivalent, so that the Spammers will not learn your E-mail address from your web page.

      A good way to begin is with a simple encoding that is mostly intuitive but still useful. While one could easily write s/w to decode this approach, it is not used often enough to motivate spammers to decode it.
      There are of course 256 byte values. On a web page they can be expressed as "&#X;" where X ranges from 0 to 255. An example is that "a" = "&#97;". View a list of conversions. Returning to Zelda, zjones@xgh.com converts to:
      &#122;&#106;&#111;&#110;&#101;&#115;&#64; &#120;&#103;
&#104;&#46;&#99;&#111;&#109;
      Thus, an encoded mailto becomes _one_ long line containing the conversion above within a normal mailto command:

      E-mail <A Href=mailto:&#122;&#106;&#111;&#110;&#101;
&#115;&#64;&#120;&#103;&#104;&#46;&#99;&#111;&#109;>Zelda</A>

      The mailto above operates the same way as the mailto near the top of this page. Thus, a page visitor will not notice a difference. The only difference is that a spammer is not likely to absorb the encoded mailto into a spam address list.
      This approach is straightforward, replacing each character of an E-mail address with its byte value.
      Here are two examples of this approach. Use "View Source" and scroll to the end of each web file.
Example #1
Example #2

      Next, a method using encryption will be introduced. This is dramatically more effective that the substitution covered above. One visits a web site, provides an E-mail address, etc, then does a copy-paste.
      One web site offering a free encrypted mailto equivalent is hivelogic.com. It has the "Enkoder".
      The Mailto equivalent from hivelogic is quite large, about 19 lines high and 77 columns wide. View the end of this page as an example via "View Source." The result is a safe but clumsy mailto.
      If one has several E-mails to show on a web page, creating a separate "contact" page with just E-mail addresses would yield easier to maintain HTML.

      Finally, another highly effective approach is with cgi. Skills required involve perl, cgi, Unix/Linux and C programming. While that sounds daunting, only moderate skills in each realm are needed. Be aware that this approach doesn't work on all web site accounts.

Send comments or suggestions to
Return to previously viewed page