Home/ Questions/Q 7415177
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T07:14:59+00:00

I have a been reading up on email obfuscation. I found an interesting post

  • 0

I have a been reading up on email obfuscation.

I found an interesting post entitled Best Method for Email Obfuscation? – By Jeff Starr where he describes various tests preformed over 1.5 years by Silvan Mühlemann.

According to this study, css obfustication was 100% effective throughout the 1.5-year test, despite its various downsides.

Seeing as i was playing around with this method of obfustication before, i decided to give it another go, with the addition of a php function that i came accross.

Here is the function:

// Converts email and tel into html special characters
function convert_email_adr($email)
{
    $pieces = str_split(trim($email));
    $new_mail = '';
    foreach ($pieces as $val)
    {
        $new_mail .= '&#'.ord($val).';';
    }
    return $new_mail; 
}

And here is the php using that function.

$lstEmail = convert_email_adr("{$row['email']}");

This does exactly as described, and i would assume that this would work out quite well, assuming the harvesters have not written code that identifies the string of special chars and decodes them.

So i decided, what if i combined these two methods, as in, i break the string into special chars, then use strrev on it, then use css to reverse the string… Simple…

Here is the added peice of php that reverses the actual string as seen in the page source:

$lstEmail = strrev($lstEmail);

and the css to reverse it again on the client side:

span.obfuscate { unicode-bidi:bidi-override; direction: rtl; }

And the html: 

<p><span class='listHeadings'>eMail:</span> <span class='obfuscate' style='font-size:0.6em;'><a href='mailto: $lstEmail?subject=Testing 123'>$lstEmail</a></span></p>

But the problem is that the string is now in reverse and will not be validated… Here is an example:

;901#&;111#&;99#&;64#&;801#&;501#&;79#&;901#&;301#&;46#&;411#&;101#&;001#&;011#&;111#&;611#&;011#&;79#&;811#&;301#&;501#&;79#&;411#&;99#&

What happens is that the special characters are not decoded into actual characters, so all you see is the string of special character in reverse.

There is also the downside as described by Jeff Starr, that you cannot use the css method in mailto as you cannot use the span tag within the href attribute.

So now i am truly stuck at an odds of how to go about this task. I guess i might be able to live with forcing people to input my email address themselves if they would like to mail me… But, on the other hand, i am not so sure about that.

Then there comes the task of validating special characters in reverse…

Would anyone be able to provide me with any type of input or support in this regard? Also any suggestions in different, LEGITIMATE ways of going about this task would be greatly appreciated!!

I say legitimate because i plan to use these functions in one of my live projects that is a business listing website (currently using the php function above)… The last thing i want to do is start playing around and create a gap and let out a bunch of info for the spammers! I think that would be very bad for business…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Just reverse it before you obfuscate it…

    $email  = 'blah@whatever.co.uk';
$new    = convert_email_adr($email);

echo '<span style="unicode-bidi:bidi-override; direction: rtl;">'.$new.'</span>';

function convert_email_adr($email, $reverse = true, $obfuscate = true)
{
    $email = trim($email);

    if($reverse)
    {
        $email  = strrev($email);
    }

    if($obfuscate)
    {
        $pieces = str_split($email);
        $email  = '';

        foreach($pieces as $piece)
        {
            $email .= '&#'.ord($piece).';';
        }
    }

    return $email; 
}
    • 0