Support » Plugins » New plugin: EmailShroud protects against email spam

  • What is EmailShroud?

    In order for spammers to send email to millions of people, they need millions of email addresses. One way to get these addresses is to automatically search the web, harvesting email addresses from unsuspecting web-sites. EmailShroud helps to protect email addresses that are published on a WordPress Blog.

    Note: EmailShroud is not like most of the anti-spam plugins for WordPress. EmailShroud does not protect the blog against Comment Spam. EmailShroud helps to protect the owner, authors and other people mentioned on a blog from receiving email spam.

    How does it work

    EmailShroud does more than just use “escape codes�, which is a poor-man’s solution to this problem.

    It uses JavaScript to “obfuscate� the email address. Spammers don’t run JavaScript during their harvesting, as it would take too much effort and is unlikely to help produce many more email addresses. Almost all browsers used to actually read blogs do run JavaScript – the browser transparently decodes the email address without the reader even noticing.

    EmailShroud gracefully handles browsers that are not running JavaScript.

    Where do I get it?

    EmailShroud is available at:

    How do I learn more?

    Support questions are more likely to be seen and answered if they are directed to the above site, rather than here.

Viewing 13 replies - 1 through 13 (of 13 total)
  • Mark (podz)


    Support Maven

    You have no mention of a licence ?
    If someone wished to build on or adapt your work, could you advise them of your position regarding your code ?

    Podz, re: Licence

    That’s a good point, and one that I will try to rectify. I guess the main reason I didn’t is that I didn’t want to have to spend much effort researching the legalese to find out the best way to give away my code.

    Informally, my attitude is: it would be nice (but not obligatory) if you would let me know that you are making a derivative work. It would be even nicer if I could fold your changes back into the next version of the code. I would be disappointed if you took away the link to my EmailShroud site, but I would be far more likely to grumble about it in my blog than to call a lawyer. If I become unresponsive to requests, consider it abandonware and do what you like. Go ahead and use as part of a bigger piece of commercial software. If you *think* you can sell it as is, I would fire your marketing manager! If you actually *can* sell it as is, I want to hire your marketing manager!

    Formally, I guess that the Lesser GPL is the closest, but even that seems a little too strict. Can you recommend a license template I should look at to capture the gist of my stance?

    EmailShroud 2.0 is now available.

    As requested above, includes a reference to an Artistic License, a couple of bug-fixes and a large list of new features.

    How does your plugin differ from the obfuscate-email plugin and the email-immunizer plugin?


    Thanks for your question.

    The short answer is that obfuscate-email and email-immunizer are both simpler and less secure than EmailShroud.

    Thanks to your prompting, I’ve added a longer explanation to the “Acknowledgements and Further Reading” section of the EmailShroud page.

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    Problem with your plugin: If you use it, your pages won’t be valid anymore. Your page fails to validate because “encryptedAddress” is not a valid attribute of the anchor tag.

    You can indeed add attributes, but you need to do it properly. Create a DTD to extend the XHTML spec and add your attribute to it. Then modify the plugin to include a reference to the extended DTD at the top of the page as well. Then you will validate correctly.

    Here’s an example of how to create your DTD:


    Yes, you are absolutely correct: EmailShroud 2.0 doesn’t preserve XHTML validation – as the section on XHTML Compliance of the EmailShroud documentation describes.

    Note: It continues to work using an XHTML Strict theme (on the common browsers I tested it on). This is a big step forward from EmailShroud 1.0.1, where it didn’t work with Strict XHTML at all!

    I considered briefly adding support in the DTD for the extra attribute; I thought it would be very hard. I decided to release what I had now – which works – and look at cleaning up some of the XHTML niceties later.

    Thanks for the reference; it looks like it will be a bit easier than I thought – although I would still rate it as pretty hard – especially if I need to hack the theme’s nominated DTD!

    I’ve added it to the published list of possible future features.

    Thanks again for your suggestion.

    Hi juliano – I was fairly enthused about this plugin until I realized (as Otto points out) that it borks validation. I’m sorry, but I don’t use plugins which cause validation/accessibility problems. I hope you get it cleaned up to valid code soon.

    I’m not particularly interested, btw, in a “custom DTD” sort of solution.

    Unfortunately, as soon as I install this plugin on my local test copy of the blog, all pages completely blank out (*nothing* is displayed). This copy is running on Apache 1.3.33/PHP 5.1.2 on Mac OS X 10.4.7 and was not viewable in the latest Firefox versions on either Mac or PC ( or Mac Webkit based browsers (Safari, Omniweb).

    I’ll give it a try on my hosting provider’s installation of Apache, but this does not bode well for success.


    This is an odd report – I can’t imagine what in EmailShroud that might cause these symptoms.

    I did a quick sanity test on Apache/Mac/FireFox and it worked fine (admittedly running PHP 4.something and WordPress 2.0.3).

    I’d be interested to hear:
    (a) did it work okay on your hosting provider’s web-server?
    (b) what was in the Apache PHP error log?
    (c) when you deactivated EmailShroud did the blog start working again? Can we definitely point the finger at EmailShroud here?

    Of course, if anyone else is having similar problems, please let me know. I am best contacted through the EmailShroud site:


    Thanks for the info. I haven’t tried this on my hosting provider’s server yet.

    However, I did look in the Apache log and here is the offending line:

    PHP Parse error: syntax error, unexpected $end in /Users/bgaspers/Sites/wordpress/wp-content/plugins/emailshroud/sto_emailshroud.php on line 437

    Here are the last 4 lines in that file:

    </div> <?php
    } /* sto_emailShroud_options_subpanel */

    Is that how it is supposed to be?

    And yes, when I deleted EmailShroud, everything went back to normal. This was very repeatable.

    Just to close off the BGaspers issue above:

    Through email conversation we established that his machine was detecting a PHP syntax error in the file. It worked fine on his hosting provider’s machine – so it was only a problem on one machine. I haven’t had any other reports of this, and my limited testing on Macs hasn’t reproduced the error.

    At this stage, I am forced to write it off as a mysterious once-off, but I would be very keen to here if other Mac users have (or even don’t have) the problem.

    Contact me via:

    Thanks to another user, Mark L, we have found the cause of bgaspers issue. I have broken the WordPress coding standard by relying on the “<?” abbreviation for the “<?php” tag.

    If your web-server is not configured to support PHP markup using short tags, it will not work.

    I will correct this egregious error in the next version, and apologise for the inconvenience.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘New plugin: EmailShroud protects against email spam’ is closed to new replies.