Spam proofing email addresses in the frontend

I was looking for a solution to spam proof mailto links in the frontend to make them a little harder to crawl for those nasty bots. The most effective solution I found so far was Jottings Email Link Obfuscator. Fortunately there’s also a public PHP version, so I though this should be quite simple to add in as a custom snippet by adding it to my MIGX field tag:

// spamproof


$address = $input;

function munge($address) {
  $address = strtolower($address);
  $coded = "";
  $unmixedkey = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.@";
  $inprogresskey = $unmixedkey;
  $unshuffled = strlen($unmixedkey);

  for ($i = 0; $i <= strlen($unmixedkey); $i++) {
    $ranpos = rand(0,$unshuffled-1);
    $nextchar = $inprogresskey{$ranpos};
    $mixedkey .= $nextchar;
    $before = substr($inprogresskey,0,$ranpos);
    $after = substr($inprogresskey,$ranpos+1,$unshuffled-($ranpos+1));
    $inprogresskey = $before.''.$after;
    $unshuffled -= 1;

  $cipher = $mixedkey;
  $shift = strlen($address);
  $txt = "<script type=\"text/javascript\" language=\"javascript\">\n" .
  "<!-"."-\n" .
  "// Email obfuscator script 2.1 by Tim Williams, University of Arizona\n".
  "// Random encryption key feature by Andrew Moulden, Site Engineering Ltd\n".
  "// PHP version coded by Ross Killen, Celtic Productions Ltd\n".
  "// This code is freeware provided these six comment lines remain intact\n".
  "// A wizard to generate this code is at\n".
  "// The PHP code may be obtained from\n\n";

  for ($j=0; $j<strlen($address); $j++) {
    if (strpos($cipher,$address{$j}) == -1 ) {
      $chr = $address{$j};
      $coded .= $address{$j};
    } else {
      $chr = (strpos($cipher,$address{$j}) + $shift) % strlen($cipher);
      $coded .= $cipher{$chr};

  $txt .= "\ncoded = \"" . $coded . "\"\n" .
  " key = \"".$cipher."\"\n".
  " shift=coded.length\n".
  " link=\"\"\n".
  " for (i=0; i<coded.length; i++) {\n" .
  " if (key.indexOf(coded.charAt(i))==-1) {\n" .
  " ltr = coded.charAt(i)\n" .
  " link += (ltr)\n" .
  " }\n" .
  " else { \n".
  " ltr = (key.indexOf(coded.charAt(i))-
  shift+key.length) % key.length\n".
  " link += (key.charAt(ltr))\n".
  " }\n".
  " }\n".
  "document.write(\"<a href='mailto:\"+link+\"'>\"+link+\"</a>\")\n" .
  "//-"."->\n" .
  "<" . "/script><noscript>N/A" .

  return $txt;

As of right now I only get the email value returned without any of the snippet code, so I’m guessing something is not working right. As for my (limited) understanding, I can’t find the issue. Any ideas?

Maybe the extra " ObfuscateEmail-Revo" works for you.

As for your snippet code: You put all the code in a function munge but never call this function.
Try removing the line function munge($address) { and the } at the end.

Sorry for the rookie mistake and thanks for pointing me to the Extra alternative. Is any of those methods to be preferred/ more effective? I saw the ObfuscateEmail-Revo doesn’t need any JS but seems to be checking the whole page for emails every time…

The advantage of the extra is, that it automatically works for any email-address on all your pages.
Your method is probably faster but has to be applied manually and can’t handle email-addresses in the content-area for example.

1 Like

Although I probably don’t have any emails in the content field, that’s a good call. I also just noticed the Snippet can’t handle domains containing a hyphen (yet). Thanks for the help!

The emo extra does a JavaScript obfuscation like your code but for the whole page.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.