WordPress.org

Details

The e-mail obfuscation techniques included in this plugin were chosen for their effectiveness and general applicability with minimal impact on users. I urge you to read about an experiment performed by Silvan Mühlemann in which he protected e-mail addresses using nine different techniques. He ensured the page containing those e-mail addresses got indexed by Google and then waited 1.5 years. During that time he measured the amount of spam received to each of the e-mail addresses.

Three techniques stood out as having received zero spam e-mails during that time. Two of those three techniques are included in this plugin. The fourth technique is also included even though it did get a very small amount of spam -- the technique was still very effective and more importantly does not rely on users to have CSS or JavaScript enabled.

The techniques are as follows. All three are enabled by default. Weigh the requirements against what you're comfortable requiring of visitors in order for them to see and make use of e-mail addresses you post on your site.

(For all the examples below, assume you have the link <a href="mailto:person@example.com">person@example.com</a> in your post.)

Changing text direction with CSS

• How does it work? The email addresses are sent reversed in the markup. Using CSS, the text gets reversed so that visitors see the email addresses as intended. Email scrapers don't recognize the emails in their reversed form and don't typically utilize a CSS engine to help determine how text would look onscreen.

• Uses CSS? Yes, which means if a visitor does not have CSS enabled, the emails will appear backwards to them.

• Uses JavasScript? No.

• Can visitor copy-n-paste the link from onscreen text without needing to make modifications? No, but a "copy link address" will work properly.

• Does this protect emails appearing in mailto: links and within HTML tag attributes? No.

• How effective is this? In the aforementioned experiment, no spam emails were received when using just this technique.

• Example:

  <a href="mailto:person@example.com"><span class="codedirection">moc.elpmaxe@nosrep</span></a>

Using CSS display:none

• How does it work? Garbage text, wrapped in span tags, is inserted into any displayed email addresses. Using CSS, the text gets hidden so that visitors see the email addresses as intended. Email scrapers don't typically utilize a CSS engine to help determine how text would look onscreen.

• Uses CSS? Yes, which means if a visitor does not have CSS enabled, the emails will appear with extra text in them.

• Uses JavasScript? No.

• Can visitor copy-n-paste the link from onscreen text without needing to make modifications? Yes (unless they have CSS disabled).

• Does this protect emails appearing in mailto: links and within HTML tag attributes? No.

• How effective is this? In the aforementioned experiment, no spam emails were received when using just this technique.

• Example

  <a href="mailto:person@example.com">person@<span class="displaynone">null</span>example.com</a>

Replacing the `@` and `.` characters

• How does it work? The @ and . characters are replaced with alternative strings, such as AT and DOT, respectively. The exact replacements are configurable on the plugin's settings page. By default, if you don't specify custom replacements, the plugin will use entity substitution (@ becomes @ and . becomes .).

• Uses CSS? No.

• Uses JavasScript? No.

• Can visitor copy-n-paste the link from onscreen text without needing to make modifications? No, though it should (hopefully) be clear to the user what they need to replace.

• Does this protect emails appearing in mailto: links and within HTML tag attributes? Yes, though if you specify custom replacement strings visitors clicking on a mailto link will have to modify the email address that shows up in their mail program.

• How effective is this? In the aforementioned experiment, almost no spam emails were received when using just this technique. However, this technique does not require the support of any particular client-side techniques (CSS or JavaScript).

• Examples

  • Custom AT and DOT replacements
    • <a href="mailto:personATexampleDOTcom">personATexampleDOTcom</a>
    • <a href="mailto:person@DELETETHIS.com">person@DELETETHISexample.com</a>
  • Everything encoded (aka hexadecimal HTML entity substitution)

  <a href="mailto:person@example.com">person@example.com</a>

How it looks

If all techniques are enabled at once, the resulting obfuscation of the example link above is:

<a href="mailto:person@example.com"><span class="codedirection">moc.elpmaxe<span class="displaynone">null</span>@nosrep</span></a>

However, in your browser it would appear to you as it does prior to obfuscation, and the link for the e-mail would still work. Theoretically, however, spammers would have a somewhat more difficult time harvesting the e-mails you display or link to in your posts.

NOTE: (Only when using the custom replacement feature will visitors need to modify the e-mail address for use in their e-mail program.)

Links: Plugin Homepage | Plugin Directory Page | Author Homepage

Template Tags

The plugin provides one optional template tag for use in your theme templates.

Functions

• function c2c_obfuscate_email( $text, $args = array() )

Arguments

• $text Required argument. The text and/or HTML that contains e-mail addresses that you want to be obfuscated.

• $args Optional argument. An array of configuration options, each element of which will override the plugin's corresponding default setting.

  • encode_everything (boolean) : Encode all characters in the e-mail address using hexadecimal HTML entity substitution?
  • use_text_direction (boolean) : Utilize CSS text direction technique?
  • use_display_none (boolean) : Utilize CSS display:none technique?
  • at_replace (string) : String to use in place of @ in e-mail addresses (used only if encode_everything is false)
  • dot_replace (string) : String to use in place of . in e-mail addresses (used only if encode_everything is false)

Examples

• Basic usage. Obfuscate e-mail addresses in $text according to current plugin settings.

<?php echo c2c_obfuscate_email( $text ); ?>

• Override all plugin default settings when obfuscating e-mail addresses in $text and just use text direction technique.

<?php echo c2c_obfuscate_email( $text, array(
  array('use_text_direction' => true, 'use_display_none' => false, 'encode_everything' => false, 'at_replace' => '', 'dot_replace' => '')
) ); ?>

Filters

The plugin exposes one filter for hooking. Typically, customizations utilizing this hook would be put into your active theme's functions.php file, or used by another plugin.

c2c_obfuscate_email_filters (filter)

The 'c2c_obfuscate_email_filters' filter allows you to customize what filters to hook to be filtered with email obfuscation. The following filters are all filtered by default:

• link_description
• link_notes
• bloginfo
• nav_menu_description
• term_description
• the_title
• the_content
• get_the_excerpt
• comment_text
• list_cats
• widget_text
• the_author_email
• get_comment_author_email

Arguments:

• array $filters : the default array of filters

Example:

// Also obfuscate emails appearing in custom field values
add_filter( 'c2c_obfuscate_email_filters', 'change_c2c_obfuscate_email_filters' );
function change_c2c_obfuscate_email_filters( $filters ) {
    $filters[] = 'the_meta';
    return $filters;
}