obfuscate-mailto.pl - generates encrypted mailto: links in a javascript include
obfuscate-mailto.pl [options] <mailto> [linktext] > getSignature.js
<script language="JavaScript" src="http://your.domain.com/getSignature.js";> </script>
If the linktext isn't provided, the mailto will be used in its place.
e.g. obfuscate-mailto.pl 'Bob Jones <bob@foo.com>' > /srv/www/getSignature.js obfuscate-mailto.pl 'Bob Jones <bob@foo.com>' 'mail Bobby'
Options: -h|--help brief help message -m|--man full man page -v|--verbose -V|--version
See Tim Williams' discussion on the ``How and Why of obfuscating your address'' at http://www.u.arizona.edu/~trw/spam/index.htm. There he proposes the idea of converting your email address into a seemingly random string of characters using a simple substitution cipher, using a <script>..</script> block.
The advantages to this approach over a verbatim mailto: link are that spambots
using simple regular expression searching for stuff like /[a-z._-]+@[a-z._-].(com|net|org)/i won't find it. Spambots have a lot of work to do and it's unlikely that they're going to parse and run javascript hoping to find an email address. They might conceivably convert HTML character entities or character codes, which is why this method is preferred for the truly paranoid.
My method is an expansion on Tim Williams' idea in that instead of putting the obfuscation into a <script>..</script>, it uses a javascript include to pull in the obfuscation code.
So you can have a mailto: link on your page by adding this to your html, which
looks like anything but a mailto: link:
<script language="JavaScript" src="http://your.domain.com/getSignature.js";> </script>
That has the advantage of keeping your HTML files cleaner, and of adding one more step to hide from the spambots, that of their having to fetch an additional file which isn't even HTML.
This obfuscate-mailto.pl script generates output which looks like this:
coded = "XKA 2. tKN4r ZAKAoMKN4r.3KCn" codedlt = "W9Mp WZ 9a fcfNmcTZD.qcW"
key = "R>jB5LiVpYwI1<btzeGUcEh0KdmsxnMXO@k8yFfauZAQq4Sv3lWDJTCrHN27goP96"
var decfn = function(str){
var shift=str.length
var plain=""
for (i=0; i<str.length; i++){
if (key.indexOf(str.charAt(i))==-1){
ltr=str.charAt(i)
plain+=(ltr)
} else {
ltr = (key.indexOf(str.charAt(i))-shift+key.length) % key.length
plain+=(key.charAt(ltr))
}
}
return plain;
}
document.write("<a href='mailto:";+decfn(coded)+"'>"+decfn(codedlt)+"</a>")
Take that and put it in a js file, like getSignature.js, on a web server somewhere.
Link to it with the <script...></script> tags as above and you're good to go.
Pick a link that works for you:
obfuscate-mailto.pl
obfuscate-mailto.pl.txt
This is inspired by Tim Williams, http://www.u.arizona.edu/~trw/spam/spam4.htm Who says: As for the code it is freeware, use it as you like. If you like it please let me know. If you hate it let me know.
This script was written, and the javascript expanded on and the include feature added 11/2004 by Kevin M. Goess.
Copyright 2004 by Kevin M. Goess
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.