mailto: Obfuscation

Althought the mailto: link provides the easiest way to allow users to send a message to make a suggestions or to give feed back, unfortunately it also provides spammers with an easy way to harvest email address’s from mailto: links.
On this page we will look at different ways to make an email address available on a web page/document, but not in the source code of the page/document and the different methods that can be employed to obfuscate a mailto: link and the email address to make it very difficult if not impossible for spiders or spambots to harvest the email address.

There are many different methods that can be employed to hide or obfuscate a mailto: link and/or email address, each method has it’s own distinct advantages and disadvantages so it is up to you to decide which method would be the best one to employ to protect your email address.
It is possible to combine many of the methods to gain a greater level of protection, for instance using regular ASCII characters and URL encoded ASCII characters and JavaScript to obfuscate the whole mailto: link and email address to provide a much greater level of protection and keep your email address safe from the unwelcome attention of spiders and spambots.

Remember once your email address has been harvested and your inbox is bursting with spam if you obfuscate your email address this will NOT stop the spam, simply because the spammers already have your email address, plus they will most probably have sold it on to many other spammers, this will only stop your email address from being harvested in the future, what you need to do is get a new email address and then obfuscate your new email address.

The simplest way to make an email address available to users in a web page, but not visible in the source code of the document, is to use an image that contains the text for the email address, the spider or spambot will find it very difficult to parse the text contained in the image like this one below.
  
You should also consider styling the text or distorting the text I used the liquify tool in Photoshop to get the wave effect in the example image above this making it harder to parse the text in the image.
By putting the email address in the image there is no mailto: link or email address in the source code for the spider or spambot to find and harvest, all that is visible in the source code is an <img> tag like the example below, which the spider or spambot is not really interested so they should ignore it.

This method does have disadvantages though, the users browser must have images enabled, or they will not be able to see the image or the email address, this also means that people with disabilities who use a text browser such as Lynx will not be able to see the image or email address at all which is an accessbility issue, and the user cannot click on the image to initiate their email client.

Another disadvantage of using an image is that the user cannot copy the email address directly from the page, and save it to clipboard so that they can paste it into the To: line of an email to send a message, they will have to type it in manually.
If the visitor uses an email client they only have to open it and start a new message and type in the email address and they can send a message.
Unfortunately if they use web mail it will not be as easy they will have to first make a note of the email address either by saving it to a file or getting a pen and paper and manually writing the email address down.
The visitor then has to either leave your site or open a new window or tab, depending on their browser in order to log into their web mail account, so that they can send a message, most users will probably see this as just too much trouble and won’t bother sending a message.

Top of page

Another method of hiding an email address is to use Flash to create either an image or a button and then add a behaviour ie a link to open a web page then you can use mailto: in the link so it spawns an instance of the users email client when they click on the image or button.
Obviously the user must have the Flash player installed on their system or they will not be able to see the image or button and will not be able to use it to contact you.
To see an example button that I have made using Flash in a little window use this link Flash button example.

An issue to consider if you are inserting a Flash file in a web page/document is validation, this is why I have linked to my example and opened a little window to display it so that I can use the <object> and the <param> tags and the <embed> tag together so that my example will work in any browser, as the code example below illustrates.

This method will make it very difficult for spiders or spambots to parse the email addres from the Flash file they would need to actually decompile the .swf file to parse the email address and harvest it, which is not worth the effort for a single email address.
The disadvantages of this method are that the Flash file may fail to load for some reason and people who use text browsers will be unable to see the image or button making it an accessibility issue, but if you know your audience will have the Flash player installed on their system this method provides a good level of protection and the user can intitiate their email client.

Top of page

A very basic method to obfuscate an email address, is to hide it in plain sight in the web page by not employing the mailto: link or the @ sign, and just using regular characters, to display the email address on the page in plain sight like the email address in the example below.
   
Contact: me_at_mydomain.co.uk

Using this method the source code only contains regular characters as the example below illustrates.

Most people are smart enough to work out that this is in fact an email address using text message type grammar, but just to be on the safe side and for clarity you can always put some instructions just below the email address or as near to it as possible, informing the user to replace the characters "_at_" with a real @ sign.
The instructions could also be contained in the email address like the example below.
   
Contact: me@DeleteThismydomain.co.uk

Althought the email address can now be parsed and harvested by a spider or spambot, the email address is invalid protecting the email address.
Remember always put the text that is to be deleted by the user after the @ sign so that the domain name part of the email address is then made invalid
If you put the text between the username or alias and the @ sign then a spider or spambot can harvest the important part of the email address containing the domain name etc, that is still valid and of value to them.
To help make it clear to the user what to delete and avoid confusion you could employ the <del> tags to score through the text as the example below illustrates.
   
Contact: me@DeleteThismydomain.co.uk

You could also use the <s> or the <strike> tags, but they were deprecated in HTML 4.1 and are not supported under the XHTML 1.0 Strict DTD, it is better practice to use the <del> tags instead.

By using regular characters this method will work in any browser, so even people who use a text browser will be able to see the email address, plus they can copy it directly from the page making this method more accessible than using an image, but the user cannot initiate their email client using this method.

Top of page

Another method to obfuscate an email address, is to employ html comments and regular characters to display an email address on a web page/document in plain sight, like the email address in the example below.
   
Contact: me@mydomain.co.uk

This method works by placing the @ sign and greater than > and less than > symbols and other characters between the comments which makes it difficult for spiders and spambots to parse and harvest the email address from the source code of the page/document.

This method does not provide an effective solution, although it will work in any browser and the user can copy the email address directly from the web page/document, but they will not be able to initiate their email client.

Top of page

It is also possible to obfuscate an email address, by using CSS and regular characters to display an email address in a web page/document and hide it in plain sight like the example email address below.
   
Contact: me@NaNmydomain.co.uk

To use this method you need to insert a <span> element containing a few regular characters into the email address after the @ sign, and use the class attribute to apply a style and format the <span> element like the source code example below.

Then you need to create a style definition either in the <head> section of the page/document or in an external stylesheet using the class attribute to match the span to the style definition which sets the display property of the <span> element to none like the example below.

Using the display property removes the <span> element from the page/documents flow so there is no space where the <span> element is located in the email address, but if we had used the visibility property set to hidden there would be a space where the <span> element is located in the email address.

The advantages of using this CSS method are that it is well supported and will work in most browsers today, also the email address can be copied directly from the web page/document and saved to the clipboard.
However the disadvantages are that the user cannot initiate their email client and if their browser does not support this method it will not fail gracefully, also it is possible that a spider or spambot may parse the source code and harvest the email address.

Another method using CSS that can be employed uses the unicode–bidi: property and the direction property to change the base direction of the characters in a web page/document, or in this case to display the characters of an email address correctly like the example below.
   
ku.oc.niamodym@em :tcatnoC

To use this method you will need to insert a <span> element into the source code of the page/document that will act as a container for the email address, and use the class attribute to apply a style to format the contents of the <span> element, then insert the characters for the email address in reverse order (backwards) like the source code example below.

Then you need to create a style definition either in the <head> section of the web page/document or in a seperate stylesheet using the class attribute to match the span to the style definition that uses the unicode–bidi and the direction properties to change the direction of the characters contained in the <span> element as the example below illustrates.

The advantages of using the unicodebidi algorithm are that this method is well supported so the email address will be displayed correctly in most browsers even text mode browsers, and the email address can be copied directly from the web page/document.
The disadvantages of using this method are that it will not fail gracefully in browsers that dont support the unicodebidi algorithm, the email address will be displayed backwards, making it a nusiance for the user to invert the address and the user cannot initiate their email client.

Another method is to use the :after pseudo–element to insert the email address into the web page/document as it loads in the browser, by inserting a <p> element, and then use the class attribute to apply a style to the <p> element, and put some text and the email address username/alias into the paragraph like the source code example below.

Then you need to create a style definition either in the <head> section of the web page/document or in a seperate stylesheet using the class attribute to match the span to the style definition that uses the :after pseudo–element to insert the rest of the email address into the <p> element like the example below.

Unfortunately the CSS :after pseudo–element is not well supported this method will work in the Mozilla, Opera and Netscape browsers, but it will not work in the Internet Explorer or text mode browsers which is an accessibility issue, plus the user cannot initiate their email client by clicking on the email address either.

Top of page

A very popular method to obfuscate an email address is to replace the regular characters with the equivalent 7–bit ASCII character , you can find two tables that contain a listing of all 128 of the 7–bit ASCII characters on this page ASCII characters.

The basic method to obfuscate an email address using ASCII characters is to use the basic plain sight method descibed above, but this time replace the @ sign with its equivalent ASCII character which is &#64; so that it looks like a regular email address as the example below illustrates
   
Contact: me@mydomain.co.uk

Using this method the @ sign is now visible to the user which makes it clear that it is an email address, yet there is no @ sign or a mailto: link in the source code that the spiders or spambots are searching for, which is illustrated in the example below.

At least using the ASCII character for the @ sign it is clear to the user that this is an email address and they can copy the characters directly from the page ready to paste into the To: line of a message.
Also the user will not have to alter the email address by replacing the "_at_" characters with an @ sign to making the task a lot easier for the user, but the email address is still visible in the source code of the page/document providing limited protection.

The next step is obvious, we replace all the regular characters in the email address with ASCII characters which will look identical to the previous example when it is rendered in the users browser as the example below illustrates.
   
Contact: me@mydomain.co.uk

When a spider or spambot looks at the source code now, all that it can see are some regular characters and the ASCII characters that are the email address, which make the email address less obvious in the source code.

By using ASCII characters to replace the regular characters in the email address and the @ sign the whole email address is no longer visible in the source code of the page/document as an email address, providing another level of protection than the plain sight method to obfuscate the email address.

Top of page

One of the most popular methods to obfuscate an email address is to use the mailto: link and replace the emails regular characters with ASCII characters as discussed in the previous plain sight example above, to create a link like the example below.
   
Contact: Me

Althought a mailto: link is now visible in the source code of the page/document, the email address is not visible because it is has been obfuscated using ASCII characters, making it less obvious in the source code.

This method is a bit more accessible to the user than the plain sight methods that we have discussed previously, simply because this method employs the mailto: link which makes it a lot easier for the user to send a message if they have an email client installed on their system, even if they use a text mode browser.

It is also possible to take this method a step further and use ASCII characters to obfuscate the mailto: part of the link so that it is not visible in the source code of the page/document, and the link will still work just like the example link below.
   
Contact: Me

Now that the mailto: part of the link has been obfuscated using ASCII characters as well as the @ sign and email address it will be a lot harder for a spider or spambot to find and harvest the email address as the code example below illustrates.

By obfuscating the mailto: part of the link it now looks just like a regular link or </a> element in the page/document source code, as the example above illustrates, which provides a greater level of protection against spiders or spambots than the methods discussed previously.

You can also create a more sophisticated mailto: link by adding more elements such as a cc, bcc and subject lines, and obfuscate them using ASCII characters, as the link below illustrates.
   
Contact: Me

Even thought the link contains the mailto: and the extra elements it still looks like a regular <a> element in the source code of the page/document making the link less obvious in the page/document source code as the example below illustrates.

You will still need to replace any spaces between words with %20 so that they are URL encoded, and also escape the ampersand (&) with the entity for the ampersand which is &amp; this is because they are part of a URL, you can find more information here about the mailto: link.

Top of page

Another popular method to obfuscate an email address is to use the mailto: link and replace the emails regular characters with URL encoded ASCII characters, to create a link like the example below.
   
Contact: Me

Althought a mailto: link is now visible in the source code of the page/document, the email address is not visible because it is has been obfuscated using URL encoded ASCII characters, making it less obvious in the source code as the example below illustrates.

If you want to obfuscate the mailto: part of the link to make it less obvious in the source code of the page/document do NOT use URL encoded characters the link will NOT work, you will need to use regular ASCII characters like the example below.

It is also possible to create a more sophisticated mailto: link by adding more elements such as cc, bcc and subject lines and obfuscate them using both ASCII and URL encoded ASCII characters as the example link below illustrates.
   
Contact: Me

Now that all the characters in the extra elements have been obfuscated they are less visible in the source code and the link looks like a regular <a> element as the example below illustrates.

If you do employ this method treat the extra elements as "name value" pairs and use ASCII characters to obfuscate the name part of the pair, and use URL encoded characters to obfuscate the value part of the pair.
You will need to escape the ampersand (&) with the entity for the ampersand which is &amp; and also URL encode any spaces in the subject line using %20 as discussed in the ASCII character method above.
You can find more information here about the mailto: link.
As long as the visitor has an email client installed on their system they can click on the link to initiate their email client and send a message.
You can find a comprehensive listing here at the W3Schools web site of URL encoded ASCII characters.

Top of page

The simplest way to use Javascript to insert a plain text email address into a web page/document, is to employ Javascripts document.write() method, to write the email address into the page/document as it loads in the browser like the example below.
   

The basic idea of this method is that it allows you to break the email address into parts making it harder to parse from the source code of the web page/document, to make it harder for spiders and spambots to harvest the email address, which the source code example below illustrates.

The email address can be copied directly from the web page/document as long as the browser is JavaScript enabled, but they cannot click on the email address to initiate their client.

The document.write() method can also be employed to insert a mailto: link into a web page/document so that the user can click it and initiate their email client like the example below.
   

This time the link is broken into parts and the value of each part is stored in a variable named emAdy and by using the add–by–value += operator to assign each link parts value to the variable you only need to declare a single variable rather than declaring a separate variable to hold the value of each link part.

Then the script can be inserted into the source code of the page/document wherever you want the link to appear and as long as the users browser is JavaScript enabled they will be able to use the link.

Although the link and email address have been broken into parts to make it harder to parse, the email address is still visible in the source code of the page/document, to resolve this isssue the script can easily be split into two scripts and the script containing the variable declaration and value assignment is then put into the <head> section of the document like the example below or even better in a separate .js file.

Then the second script that will write the link into the page/document is inserted into the source code in the required location and then only the variable name is visible in the script in the source code of the page/document as the example below illustrates.

The link will now be written into the web page/document as it loads in the browser, as long as the browser is JavaScript enabled, and the user can then click on the link to intiate their email client and send a message.

Althought the document.write method provides a convenient way to write html content into a web page/document, the method depends upon timing, if the method is called before the onload event it will just append the content, but when the method is called after the onload event it will clear the existing content then write in the new content.
It is better practice to use the innerHTML property or use the createElement() method to insert new content into a web page/document.

Another method to insert a link into a web page/document as it loads in the browser employs JavaScripts innerHTML property to insert the link into an html element such as a <span> element, like the link below.
   

This script uses a simple function to insert the link, which has been broken into parts and the value of each part assigned to a variable (emAdy) which is inserted into the html element using the getElementById() method to reference the element directly by it’s id attribute (mailBox) and then the innerHTML property is given the value of the variable emAdy as the example below illustrates.

The only things that are now visible in the source code are the onload event handler in the <body> tag that calls the function shoAdy() as the page/document loads in the browser, and the empty <span> element ready to recieve the link as the example below illustrates.

As long as the users browser is JavaScript enabled they will be able to click on the link to initiate their email client and send a message, otherwise they will not even be able to see or use the link.
It is also possible to refrence the <span> element using only the elements id attribute like this document.mailBox.innerHTML= emAdy;

A very simple in–line method is to use a regular <a> element to create a link like the one below.
   
Contact: Me

The email address can be broken into parts making it harder to parse from the source code of the web page/document as the example below illustrates.

This method uses the JavaScript pseudo–URL to supply parameters to the href attribute of the <a> element, and the JavaScript void operator makes sure that no value is returned that the href attribute can use, and the <a> elements onclick event handler triggers the link and spawns an instance of the users email client as long as the browser is JavaScript enabled.
If you supply a hash (#) sign as the parameter to the href attribute and then use an onclick event–handler like this href="#" onclick="window.location=’mailto:me’+’@’+’mydomain.co.uk’" it will cause the page to be reloaded when the user clicks on the link.
As long as the visitors browser is JavaScript enabled they can click on the link and initiate their email client and send a message.

You can also use an <input> element or <button> tags to create a button like the example below.
   
Contact Me

The email address is broken into parts to make it harder to parse form the source code of the web page/document, and when the user clicks on the button the onclick event–handler invokes the the JavaScript expression initiating the users email client as long as their browser is JavaScript enabled.

Another method is to use the JavaScript expression in a simple function then use a button to call the function like the one below.
   
Contact Me

The script containing the function can then be placed in the <head> section of the web page/document or even better in a separate .js file, and the email address is broken into parts making it harder to parse.

Or you could assign the value of the mailto: and the email address to a variable.

The only thing that is now visible in the source code of the web page/document is the button tag and the onclick event–handler and the name of the function, which a spider or spambot are not looking for.

As long as the visitors browser is JavaScript enabled they will be able to click on the button and initiate their email client and send a message.

All of the methods so far deal with protecting a single email address, this script is very flexible and can be employed to protect multiple email addresses, use the link below to see a working example where you can send a message to any one of the three Stooges
In this method the mailto: and each email address are stored in a variable in the manner described in the examples above using the JavaScript add–by–value += operator, and the variables are declared within a function called nuMsg() which does all the work.

It is possible to use if() control statements to achieve the same end, but it is a lot easier and more efficient to use a switch() control statement, then you can easily add new cases to the switch() statement to protect more email addresses as and when the need arises.
The script can be stored in the head section of the document or even better in a separate .js file in a separate directory/folder.

When the user clicks on the link the value Larry is which is highlighted in the example link below, is passed to the function nuMsg() and stored in the variable name, which is also highlighted in the code example above.
The variable name is then passed to the switch() control statement where it is matched to the case with the same value which is case "Larry": and then an instance of the users email client is spawned so that they can send a message.

The only thing that is now visible in the source code of the web page/document is a regular <a> element that contains the onclick event–handler and the name of the function nuMsg() which a spider or spambot are not looking for.
As long as the visitors browser is JavaScript enabled they will be able to click on the link and an instance of their email client will be spawned and they can then send a message.

With any of the methods described above it is also possible to obfuscate the mailto: and email address using either ASCII or URL encoded characters or a mixture of both types of characters.
It is also possible to add more elements such as cc, bcc and subject lines to create a more sophisticated mailto: link as discussed above in the mailto: ASCII and the URL encoded encoded methods.

Top of page

It is always a good idea to make provision for the few visitors with browsers that are NOT JavaScript enabled by placing a message or some advice between <noscript> tags directly below the button or mailto: link in the web page/document like the example below.

You could put a plain text email address between the <noscript> tags and you could obfuscate the email address using ASCII characters which can then be copied directly from the web page/document, or you could provide the user with a link to a page containing instructions how to JavaScript enable their browser so that they can send a message.

Top of page

It is also possible to encrypt an email address or the whole mailto: link making it virtually impossible for a spider or spambot to harvest the email address from the web page/document.
This is usually done using JavaScript or some other scripting language, the email address is encrypted and then stored ready to be decrypted upon demand by a function in a script, for instance when the user clicks on a link in the web page/document.

The methods that can be employed to encrypt an email address or mailto: link can range from a simple substitution cipher, or prime numbers and factoring could be used to cipher (encrypt) the email address to provide a greater level of encryption.
There are many sites on the web that provide tools to encrypt an email address, unfortunately very few of them actually encrypt the email address, most of them just replace the email address characters with ASCII and or URL encoded characters.

Here are three sites that definitely encrypt email address’s and mailto: links.

• Jim Tucek’s email encryptor which has now moved to Dan Applemans blog.
• Tim Williams substitution cipher
• Syronex email encryption tool and optional challenge or CAPTCHA

Using these encryption methods will make it virtually impossible for spiders or spambot to harvest the email address, and as long as the visitors browser is JavaScript enabled and they can click on the link and send a message.

Top of page

Providing a form on a web site so that visitors can send a message is the best way to ensure that your email address does not appear in the source code of any of the documents that make up the web site, where a spider or spambot could harvest it.
The great advantage of using a form to allow visitors to send a message is that the user/visitor does not need to have an email client on their system to send a message, even if they are in a Cyber Cafe or at a friends house they can easily send a message, which makes this method the most accessible of all the methods discussed here.

Setting up a form for visitors to send feed back is not very difficult even if you dont know how to write a CGI script you can download one that you can configure and deploy on your web site.
Make sure that the CGI script that you wish to employ does not require the email address to be entered in a hidden field in the form, to be passed to the CGI script when the forms contents are submitted, this will defeat the object of employing the form and the CGI script in the first instance.

It is very important that you make sure that the CGI script that you are going to employ is secure and it will only allow form/s on your web site to use the script to send data, to prevent others from linking to your CGI script from their forms.
Unfortunately employing a form and a CGI script does not mean that your will be immune from the unwelcome and uninvited attentions of spammers, unfortunately it is the opposite, if the CGI script that you employ is not secure they will soon find it and start abusing it, and using it as an open relay to send spam.

Initially it will look like you are responsible for sending the spam and this could land you in a lot of trouble with your ISP or the company who host your site and your domain name may even get black–listed, not to mention lots of angry emails from the people who recieved the spam from your domain.
In order to avoid this make sure that the CGI script that you choose to employ is secure, well documented, and well supported by the author and find as much information and make sure you understand everything before you start, if your not sure about something there are plenty of forums you can join to ask questions and get advice about the script your working with.

You can find more information about html forms and form elements here just use the link marked html forms in the navigation panel on the left at the top of the page, plus there is also a link to the CGI Resources web site in the section about Scripts and script Services where you can find all sorts of CGI scripts.

It is also possible to use a <form> tag to send an email, simply by setting the values of three of the tags attributes listed below, so that when a visitor clicks on a button an instance of their email client is spawned so that they can send a message.

1. Set the method attribute to post
2. Then set the enctype attribute to text/plain
3. Then set the action attribute to mailto: and the email address and
   any extra elements such as ?subject etc you wish to add.

I do not recommend using this method, it is better to use a CGI script as discussed above to send form data via an email rather than using the mailto: URL.
Mailing form data in this manner is actually considered controversial in some Web standards circles, plus the W3C HTML specification does not endorse this technique, so use this method judiciously and only after you have carried out extensive testing on the browser/s that you intend to support.

Also bear in mind that if you add fields to the form for the visitor to fill in the data will not be automatically inserted into the email when the visitor clicks on the submit button, to achieve this you will need a script to retrieve the value of each field and then insert the data into the body of the email.

Top of page

Using http: redirects is another popular method that can be employed to keep an email address out of the web page/documents source code, the user clicks on a link to a server side script containing a mailto: URL which spawns an instance of the visitors email client, so that they can send a message. The code example below is a basic http: redirect script written in PHP.

The only thing that is visible in the source code of the web page/document is a regular <a> element or link which contains only a link to a .php file containing the script on the server so there is nothing in the source code of the page/document for a spider or spambot to harvest as the code example below illustrates.

Here is a link to a working example of a PHP http: redirect

It is possible to obfuscate the email address using url encoded ASCII characters in the PHP script, but it is not possible to obfuscate the mailto: part of the header or the extra attributes such as ?subject= as discussed previously with other methods.

The other down side to this method is that when the user clicks on the link an empty page is loaded in the browser and the mailto: and the email address etc are visible in the browsers address bar and as empty pages title, plus the user then has to use the back button to get back to the page where they clicked the link to continue browsing, which just disrupts the users experience which is not exactly user friendly.

There will most probably be some way to stop the page reloading as there is with the JavaScript methods unfortunately at the moment I just do not know enough about PHP to work out how to do this.

As long as the user has an email client on their system when they click on the link an instance of their email client will be spawned, and they can send a message, but if they dont have an email client available, and they use web mail you will need to provide an alternative to accomodate these visitors, and display an obfuscated plain text email address which they can copy and paste.

Top of page

Another popular method that is employed to protect email address’s is the challenge–response type test or CAPTCHA as it is more commonly known, this type of test is often used to determine if the user is actually human.
The test usually requires the user to enter the characters displayed in a distorted image into a text field, then they have to click a button, if they have entered the characters displayed in the image correctly an instance of their email client will be spawned allowing them to send a message.

You will have most probably already seen a CAPTCHA image like the example here on the right, especially if you have ever created an email account with either Hotmail or Yahoo, getting the user to enter the characters from the image into a text box, helps to ensure that a person not an automated program is actually creating the new email account, and to stop spammers opening many accounts that they can then use to send spam.

Downloads:

CAPTCHA 2.0 Protect a single email address. CAPTCHA 2.0 Protect multiple email addresses.

I have now rewritten and upgraded both of the CAPTCHA applications which I have been meaning to do for a while now so that they validate the data the user enters thoroughly and intelligently with informative alerts to assist the user if they happen make a mistake when they enter data. Both of the CAPTCHA’s use a random number between 0 & 999999 rather than a finite question that could be easily discovered, if the user enters the correct number an instance of their email client is spawned and they can send a message.

This CAPTCHA can be used to protect a single email address captcha

This CAPTCHA can be used to protect multiple email addresses multi captcha

If you would like to use my CAPTCHA application on your own web site you can download a copy of either application using the links above on the right, all I ask in return is that you leave the comment at the top of the script containing information about the script etc intact.
If you are wondering if the script works I have used my CAPTCHA application to protect a single email address on my own web sites ever since I wrote the script and I have not had one single spam email in the past 2 years.

Although using a CAPTCHA may take a moment or two longer before the visitor can send a message it will provide a greater level of protection especially when it is combined with any of the other methods discussed here to obfuscate or encrypt the email address, making it very difficult if not impossible for most spiders or spambots to harvest the email address.

If you are not familiar with html or JavaScript and you dont know how to create your own CAPTCHA there is a link in the Encryption section of this page to the Syronex site where you can use a tool to encrypt email addresses and they also provide the option to add a user challenge or CAPTCHA to add a greater level of security.

	Enter your search terms Submit search form
	Web www.syntaxsandbox.co.uk