Does Email Obfuscation Work? Results
Four years ago I started a test to see how well different email obfuscation techniques worked to thwart spammers.My requirements in order of preference were:
- A clickable link.
- Gracefull degrade for users without javascript.
- Users should be able to copy the email address to the clipboard.
- It should be easy for me to insert an email address on a page.
- It should reduce spam.
Well, it’s been 4 years and here are the results:
| Method (see original post for explanations) | Emails in inbox | percentage of plain text |
|---|---|---|
| Using plain text | 247 | 100% |
| Using AT DOT | 48 | 19% |
| Using AT DOT and javascript to de-obfuscate | 45 | 18% |
| Using code direction | 0 | 0% |
| Using style=”display:none” | 1 | 0% |
| Using ROT13 | 0 | 0% |
These addresses all pointed at Gmail inboxes and Gmail deletes spam after 30 days so the spam folder counts can be ignored.When I started the experiment I hoped the AT DOT and javascript to de-obfuscate as that seemed to fill most of my requirments but the spammer’s crawlers have obviously cracked that trick (not hard I know). The best solution would seem to be an <a> link using ROT13 and the text of the link either a span using code direction or applying the style to the <a> link itself.Something like:https://gist.github.com/90a3e7f4545fe66d22feMessy (and unchecked / written by hand) but I guess an email address will not change much so, once the correct code is worked out, it could be added to a snippet or clipboard manager.