Encoding Email for Public Website

[Sayth]

Hey all,

Just wondering what your thoughts are. I'm fairly new to web design so I'd like your opinion on encoding email.

Is www.mailtoencoder.com just as secure as (or more secure than) www.wbwip.com/wbw/emailencoder.html ?

In the first one, you use javascript to hide your email in the source code, but the email is visible to the user (nice to have for the user), but the other one has you create a link (like the person's name, not their email address) and then using code, on click the browser brings up your email program with the address inputted.

What would you use? I like the first because the user can copy/paste the email for a web-based email rather than an installed program.

Thanks!

 

[Fort_Major]

In the end it doesn't really matter. if bots "really" wants to steal your e-mail they can.

From my experience, the more mainstream OOB solution you use the higher likelihood that a bot is programmed to a) recognize it and b) use pre-programmed method to circumvent it.

I generally recommend people to not let let decisions like this affect the accessibility of your website to your end consumer in a negative/annoying manner.

On a side note, whatever method you do, I also recommend that there is a mailto: method in your hyperlink since these are now (user/Master?) configurable to go to web-mail.

I know that latest Firefox can be configured to go to web-mail. It would not surprise me if Chrome is the same way or at least tries to make you think Gmail is the only one that it can be done with.
"most" Tablets/phones should also do this.

 

[Sayth]

Great advise. Thanks for replying. I'll just use the www.mailtoencoder.com/ one because it's easier for the clients visiting the site.

Take care and Happy Easter!
-S

 

[Grentz]

That JS method works well. Plain mailto links are easy and common to harvest, so the JS at least gives some form of defense that is not intrusive to the users

 

[Fort_Major]

That JS method works well. Plain mailto links are easy and common to harvest, so the JS at least gives some form of defense that is not intrusive to the users

A good JS method should inject mailto: link imho.

 

[Grentz]

A good JS method should inject mailto: link imho.

That is what that one does?

 

[Fort_Major]

I do not know. I was stating that as a "the hallmark of a good encryptor should do.." I have come across a lot of e-mail encryptors that do not make the link very accessible.

 

[Grentz]

I do not know. I was stating that as a "the hallmark of a good encryptor should do.." I have come across a lot of e-mail encryptors that do not make the link very accessible.

Gotcha. Yes this is what the one linked to above does. Essentially it encodes the email in code so you cannot simply scrape the mailto: link (like many bots do), but to the user it uses javascript to reconstruct a valid email in a mailto link form.

 

[TCM]

And please don't call it encryption. There is no key.

It's obfuscation.

 

[Fort_Major]

And please don't call it encryption. There is no key.

It's obfuscation.

^^
Hah, yeah what he said. Sorry I wasn't feeling pedantic that day(s)

 

[Grentz]

Hence using the word encode, not encrypt