Obfuscating EMail Addresses

<html>
  <head>
    <script>
       function CharCalc(a,b,c)
       {return String.fromCharCode(Math.pow(a,b) - c)}
       
       function RealAddr(AId){
       var e = document.getElementById(AId)
       if (e == null) return; 
       e.href="mai" + CharCalc(8,2,-12) + "to" + CharCalc(8,2,6) + AId + 
       CharCalc(8,2,0) + 'brandspatch' + CharCalc(7,2,3) + 'com';} 
    </script>   
  </head> 
  <body>
    <a href="conform.shtml" id="sales" onmouseover="RealAddr('sales')">Contact Sales</a>
  </body>
</html>

The technique coded above assigns the email address to the anchor when the user hovers over the link. Evidently, it will not work if the user has disabled JavaScript. However, in such cases, the default href assignment of conform.shtml could point to a contact form. We take several measures to ensure that spambots will be unable to find an email address here.

• Spambots pride themselves on the speed at which they harvest email addresses so for the most part they tend to ignore JavaScript - in any case, writing a script enabled bot is not an easy task. We build the href string using some fairly complex JavaScript string concatenation operations.
• There is no text that reads "mailto". Instead, we build this string using a combination of hardcoded text and a call to the CharCalc function.
• Likewise we generate the email address related characters :, @ and . using calls to the CharCalc function.

This technique works without a hitch in IE and Opera. However, in some versions of Firefox the e.href = "text" assignment can end up with the text string unexpectedly wrapped like this: //text/! We have not fully understood just when and why this happens.