now with added Masterweb and IB Geek Girl

spider web Ecanus•net :: Tutorials


These aren't really full blown tutorials – more quick 'n' dirty guides to doing stuff that might save you some time. Click the links below to see them.

Spam Free Email: avoiding getting spammed to death

Unless you're the sort of person that never receives email and looks forward to receiving an inbox full of mail offering you ahem, pharmaceutical products to enhance your performance, real genuine (honest!) software at unbeatable prices, and a host of other offers that you just can't miss, putting your email address online without some forward planning is never wise, whether it's in a guestbook, on a forum, or on your website. So how do you avoid this deluge of unwanted mail without never disclosing your email address to anyone?

There are a number of methods, some better than others, you can use to obscure your email address from those pesky little bots↗ that scour the web looking for unsecured email addresses to add to their evil masters' mailing lists. This is the ecanus•net guide to avoiding getting spammed to death.

Forums and Guestbooks and the like

Avoid putting your email address on insecure sites where any old bot that happens to be wandering by can pick it up. If you simply have to put your email address, at least make it hard by not making it look like an email address, for example by leaving spaces between the words, adding additional words that a human knows to take out before trying to mail you, or replacing symbols, for example:

myname @ mydomain . Com
myname [at] mydomain [dot] com

This isn't very secure though. Many bots can probably parse out added words and already know most of the tricks. On the MasterWeb & IBGG forums we don't recommend leaving your email address on the open forums. If people want to contact you they can do so through your profile.

HTML Entities

A safer way to put your email address online is to encode both the 'mailto' and your email address using HTML entities (the code that's used to display special characters like the copyright symbol © etc.). Encoding your email address using hexadecimal and/or ISO characters can protect your email address from the email harvesters. What you end up with is an extremely long string of letters, numbers and symbols (sure messes up the look of your nice tidy code if you're a bit of a coding control freak!). Encoding your whole email address by hand could be a little tedious though, and unless you've got plenty of time on your hands or you're bored and there's nothing on the TV, you'll probably want to use one of the online generators to do it for you. These are a few the MasterWeb team had bookmarked:


Perhaps one of the most effective ways of putting your email address online is to use an image, 'cos then there's no text for those naughty little bots to come and read. The email address below for example is an image.

example email address

There are a couple of disadvantages to using images though. Apart from the fact that it takes time to produce an image, it's also difficult to style an image and provide feedback to the user, for example a rollover effect, and a visitor can't copy 'n' paste your email address into their email client. To solve the "it takes ages to produce an image" problem, you could use this handy little tool. Perhaps most importantly though from an accessibility point of view, your email address is invisible to screen readers, anyone using a text browser, or indeed if the images on your web page fail to load.


You can use a number of client–side scripting techniques to hide your address, JavaScript being one of the favourites. The following is one of the favourite methods but a quick Google will find a host of others.

	<script language="JavaScript">
	var contact = "contact me";
	var addr = "myname";
	var domain = "";
	document.write("<a href=" + "mail" + "to:" + addr + "@" + domain + ">" + contact + "</a>");

This can be a very effective way of hiding your email address – bots don't do scripts, but, it doesn't work if JavaScript is disabled, and some browsers including 'mobile' browsers such as those in mobile phones and PDAs and most assistive browsers don't support JavaScript.

The "no JavaScript" way

This one works even if JavaScript is disabled – it simply redirects to a page where you can have a contact form (of course we did wonder why you'd need to display your email address if you're using a contact form, but it may come in useful).

	<a href="contact.html" name="+myname" id="myaddy">email me</a><br />
	<script type="application/x-JavaScript">
	function myaddy()
  		var at, pos;
		while ( obj = document.getElementById( 'ghostaddr' ) )
      pos =' ', 0);

      if ( pos <= 0 ) {
  = null;
                         if ( == '+' ) {
           at = 1, pos )+ '@'+ pos+1, );
           obj.innerHTML = at;
           at = 0, pos )+ '@'+ pos+1, );
            obj.href = 'mail'+ 'to:'+ at; = null;

The backwards way round way: CSS reversal

Ever wondered what you might be able to use that 'unicode-bidi' bit of CSS for? Well here's one...use it to hide your email address! Step 1: type in your email address '' becomes 'moc.niamodym@emanym' (at this point you're probably thinking "this is never gonna work, and I've just spent 10 minutes figuring out what my email address is backwards!" ;)) Step 2: you apply two styles, as follows:

<span style="unicode-bidi:bidi-override; direction:rtl;">moc.niamod@emanym</span>

Step 3: paste the above code somewhere and try it really does work! (yeah, we're easily amused!)

Positive points: it's kinda cool in a geeky sorta way, and seems to work against those pesky little bots for now.

Bad points: while it may be good for simply displaying an email address, unfortunately you can't then do much with it – your visitors can't copy and paste your email address into their email client, some browsers don't support this, and all screen readers are gonna get is the alphabetti spaghetti version of your email address.

Of course you could try combining two or more of the above methods... evil smiley

Contact Form

Perhaps the safest way is not to physically display your email address on the page, but to use a form with a script to handle your emails. If you're an uber geek you could write one yourself, or there are a wide range of pre–written codes, some open source, and some commercial you can use. A quick Google will find you loads.

Although bots can submit forms (though you can make it difficult for them by including things like image verification), and they can't get your address, it will send an email.

No solution is ever 100% guaranteed though, and it's likely that in time spam–bots will develop the intelligence to bypass many of the methods used to stop them.

The sad news is that if a visitor to your site can get your email address, so can a spammer. Wherever possible, use a disposable email address on your website that you can discard if it's compromised by a spammer.

For probably the most accessible and spam proof form currently residing on the planet (it's got 16 different ways to stop those pesky little bots in their tracks built in!), you really need to check out Mike Cherim's Secure & Accessible PHP Contact Form (it's the one I now use on all my sites) which, as the name suggests, uses PHP, but there are many others that use CGI, ASP, etc.

Most email clients (Outlook, Thunderbird etc.) include spam filters, and many hosting packages offer spam filtering on their mailboxes which uses a range of heuristic algorithms (whatever they are) on email headers and message bodies to identify spam. Read the documentation and learn how you can use them to help stop spam.

Are your email addresses visible?

How successful have you been at hiding your email address? You can check out your page here: – just type the url in the nice little box and if you're lucky, it'll find no visible email addresses on your page.