Internet Technologies
and Their Applications


The following is a JavaScript to obfuscate a single email link on a website. The script has been written in order to address the problem of email harvesting by spammers of email addresses published on websites.

The script will work across all browsers implementing the w3c DOM and has additionally been written to work under the following DTDs: html 4.01, xhtml 1.0, and xhtml 1.1. It's got one glaring limitation: as stated, it can only convert a single email address due to the use of document.getElementById(), but you get the idea. Additionally, it can of course be rewritten to obfuscate any number of email addresses on a web-page.

It's using a kind of generalised ROT-13 for the coding mechanism, which of course means that,

  • the coding as well as the decoding can be done by the very same function (self-reciprocal)
  • the alphabet has to have an even number of letters.
<script type="text/javascript">

var alfabet = 

function decode(email)
    var nyEpost = "" ;
    var ePosten = document.getElementById(email) ;
    for (j=0 ; j<ePosten.title.length ; j++)
        position = alfabet.indexOf(ePosten.title.charAt(j)) ;
        if ( position >= 0 ) 
            nyPosition = (position+(alfabet.length/2)) % alfabet.length ;
            nyEpost += alfabet.charAt(nyPosition) ;
            nyEpost += ePosten.title.charAt(j) ;
    ePosten.href  = "mailto:"+nyEpost ;
    ePosten.title = nyEpost ;
    ePostenText   = document.createTextNode(nyEpost) ;
    ePosten.appendChild(ePostenText) ;

In order for the script to work, the <body> tag has to be modifyed to call the script, and the email link has to be written in a special way:

<body onload="decode('wsx')">
<a id="wsx" title="LeWWZVcULMN90GMT9MNT9D"></a>

The above is how my email address has been encoded on this very page. If you look at the source html code for the page, you'll see this.