Most anti-spam scripts I have seen are actually javascript scripts that obscure the email

Question

0

Asked: May 28, 20262026-05-28T16:25:54+00:00 2026-05-28T16:25:54+00:00

Most anti-spam scripts I have seen are actually javascript scripts that obscure the email

0

Most anti-spam scripts I have seen are actually javascript scripts that obscure the email by encoding it with character entities. But I think a good bot would still find this easy to decode again?

On my website I used a separate controller that is only used to send mails. The page receives an encrypted email parameter through GET and decypts it using a specific private key. Then sets the header to: mailto: $email and redirects the user back to where he came from.

Is this an effective way to protect email links or am I overseeing something important?

if ($this->uri->total_segments() >= 1) {
    $email = $this->decode($this->uri->uri_string());
    if ($email) {
         header("location: mailto: " . $email);
         if (isset($_SERVER['HTTP_REFERER'])) {
             redirect($_SERVER['HTTP_REFERER'], 'refresh');
         }
    }
}

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-28T16:25:55+00:00

Editorial Team

2026-05-28T16:25:55+00:00Added an answer on May 28, 2026 at 4:25 pm

This works fine, and is a known technique, e.g. http://www.maxi-pedia.com/prevent+email+address+harvesting & http://csarven.ca/hiding-email-addresses#javascript.

It can still be decoded, so it’s not 100% effective. Also, it may be an accessibility issue – screen readers won’t be able to pick up your email address, so it won’t be appropriate for all scenarios.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Most anti-spam scripts I have seen are actually javascript scripts that obscure the email

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply