Summary: Prevent email addresses from being harvested from your site
Version: 1.0
Prerequisites: none
Status: do not use, does not protect
Maintainer: Jari Vanha-Eskola jari.vanha-eskola@eduweb.fi
Categories: !Links, !Security, !Administration !Spam Obsolete

Questions answered by this recipe

This section is optional; use it to indicate the types of questions (if any) this recipe is intended to answer. How do I protect my email addresses in mailto-links from being harvested by spam robots?


Modifications to obfuscate email addresses so that they are not displayed in plain text to robots. Script recreates link text as character encoded, thus mailto:spam@nospam.com becomes mailto:spa...m

Does not require JavaScript or any other special techniques, works in every browser and client device.


Add the following code to your local/config.php and you're all set!

 ## obfuscate mailto-links
 $LinkFunctions['mailto:'] = 'myLinkIMap';
 ## $IMapLinkFmt['mailto:'] = "<a class=\"urllink\" href=\"\$LinkUrl\">\$LinkText</a>";
 function myLinkIMap($pagename,$imap,$path,$title,$txt,$fmt=NULL) {
	if ($txt{0}=='&') return LinkIMap($pagename,$imap,$path,$title,$txt,$fmt);
  global $FmtV, $IMap, $IMapLinkFmt, $UrlLinkFmt;
  $FmtV['$LinkUrl'] = obfuscate(PUE(str_replace('$1',$path,$IMap[$imap])));
  $FmtV['$LinkText'] = obfuscate($txt);
  $FmtV['$LinkAlt'] = str_replace(array('"',"'"),array('&#34;','&#39;'),$title);
  if (!$fmt) 
    $fmt = (isset($IMapLinkFmt[$imap])) ? $IMapLinkFmt[$imap] : $UrlLinkFmt;
  return str_replace(array_keys($FmtV),array_values($FmtV),$fmt);
 function obfuscate($s) {
	$r = '';
	for ($i=0;$i<strlen($s);$i++) {
		$r = $r . ( ($s{$i}==':') ? ':' : sprintf('&#%03d;', ord($s{$i})) );
	return $r;

Release Notes

If the recipe has multiple releases, then release notes can be placed here. Note that it's often easier for people to work with "release dates" instead of "version numbers".


This does obfuscate the email address in the source code. It looks like it will work, except that it goofs up when the email address has a "display name" in it. The email address format (see paragraph 4 of this link)) is:

    mailto: displayname <aname@someplace.com>

    mailto: ZooKeeper <guru@gnuzoo.org>

The "greater than" - ">" symbol and the "less than" - "<" symbol get converted to HTML character entity references "&lt;" and "&gt;". This makes the email link invalid.

Because pmwiki uses wiki markup instead of html, html writers need to learn to use:
    [[mailto:username@domain | The_name_you_want_displayed]] 
instead of html/email syntax. For example:
    [[mailto:guru@gnuzoo.org | ZooKeeper]]

Nice but ...

Sadly it is probably not enough to protect from harvesters, I tested the solution with http://aspirine.org/cgi-bin/trouvemail.pl?lang=en and it fell under poor encoding. rot13 used by the other solutions is also not enough -Damien September 28, 2008, at 04:54 PM

See Also


User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.