Skip over navigation

Outsmarting the Spambots

By on Jun 28, 2012 in Web Design, Web Engineering

Way back in 2005, we explored a number of different ways to protect your email address from spambots and shared a protection method we call MakeSafe.

The spambots haven’t stopped and neither have we. Over the last few years, we’ve developed a new version of MakeSafe that further obfuscates emails to continue stumping spambot crawlers, and makes it easier to include in your website.

The MakeSafe script encodes email addresses in a non-readable format and then uses JavaScript to decode them when someone views the page. Since rendering pages for output/js is an inefficient use of processing time, most bots just scan this source code and move on without realizing it’s a real email address. The updated MakeSafe script encodes the email address with escaped hex values and produces something like this:

<script>eval(unescape('\x64\x6f\x63\x75\x6d\x65\x6e\x74\x2e\x77\x72\x69\x74\x65\x28\x22\x3c\x61\x20\x68\x72\x65\x66\x22\x2b\x22\x3d\x27\x6d\x61\x69\x6c\x74\x22\x2b\x22\x6f\x3a\x26\x23\x31\x30\x35\x22\x2b\x22\x3b\x26\x23\x31\x31\x30\x3b\x22\x2b\x22\x66\x6f\x26\x23\x36\x34\x3b\x22\x2b\x22\x6c\x26\x23\x31\x31\x31\x3b\x22\x2b\x22\x26\x23\x31\x31\x37\x3b\x64\x22\x2b\x22\x64\x26\x23\x31\x31\x31\x3b\x22\x2b\x22\x26\x23\x31\x30\x33\x3b\x2e\x22\x2b\x22\x63\x26\x23\x31\x31\x31\x3b\x22\x2b\x22\x6d\x27\x3e\x26\x23\x31\x30\x22\x2b\x22\x35\x3b\x6e\x26\x23\x31\x30\x22\x2b\x22\x32\x3b\x26\x23\x31\x31\x31\x22\x2b\x22\x3b\x40\x26\x23\x31\x30\x38\x22\x2b\x22\x3b\x26\x23\x31\x31\x31\x3b\x22\x2b\x22\x26\x23\x31\x31\x37\x3b\x26\x22\x2b\x22\x23\x31\x30\x30\x3b\x64\x26\x22\x2b\x22\x23\x31\x31\x31\x3b\x67\x2e\x22\x2b\x22\x26\x23\x39\x39\x3b\x6f\x6d\x22\x2b\x22\x3c\x2f\x61\x3e\x22\x29\x3b'));<script>

Good luck reading that!

Create your own

We’ve put together a page that you can use to create your own code. Just enter the email address and link text that you want obscured from Spambots, and it’ll create code you can paste into your HTML.

Check it out: http://louddog.com/makesafe/

Bonus: A WordPress Plugin!

If you’re using WordPress, go ahead and download the MakeSafe plugin for free or grab it off GitHub.

Once you’ve installed the plugin, it will search your page for any email address formatted like [somename@someplace.somethingcom] and automatically replace it with the javascript and crazy encoded email address above.

Extra Bonus: Quick tips for reducing spam!

A few quick reminders: don’t do anything to let spambots know your email address is a live/active email address. They won’t spend time on a dead/inactive email address. But if your email is active, those email parasites are gonna munch on your inbox like a swarm of mosquitos.

  • Don’t display images on distrusted emails. Remember that all urls have the ability to be tracked. Once you display images, it signifies the spammers that your email accessed that image and will flag your email as live flesh.
  • Don’t click any suspicious links. Always preview the urls before clicking on them. If the URL looks unfamiliar then ignore it. Think twice about clicking on links that have been shortened with a third party email shortener like bitly, too.
  • Don’t unsubscribe from something you didn’t subscribe to, just mark it as spam for you email client to filter out. By unsubscribing, you’re saying that you intended to be on that email list in the first place, as well as indicating that you’re spam prey.
  • Don’t reply to spam. If you know the sender, but the email content is a bit suspicious, their email account may have been hacked. Check with the email sender for clarification via phone or non-email method. If you reply to spam email, the spammer will flag your email address as a live target.

Fight spam with distrustful, skeptical eyes. For most people, their work or personal email address is very sensitive. So be cautious of what you click and don’t trust anyone! Email isn’t always what it seems.

Hey! This wasn't written by a leash of foxes! It was written by , who does awesome work at Loud Dog, a digital branding firm in San Francisco that helps businesses express themselves authentically via identities, websites, and marketing collateral.

If you want us to do awesome work for you, if you have a question, or if you're just feeling lonely and want to chat, we want to hear from you!

Get in touch

Leave a Reply

Your email address will not be published. Required fields are marked *