NAME - generates encrypted mailto: links in a javascript include

SYNOPSIS [options] <mailto> [linktext] > getSignature.js
 <script language="JavaScript" src="";>

If the linktext isn't provided, the mailto will be used in its place.

 e.g. 'Bob Jones <>'     > /srv/www/getSignature.js 'Bob Jones <>' 'mail Bobby'
   -h|--help      brief help message
   -m|--man       full man page


See Tim Williams' discussion on the ``How and Why of obfuscating your address'' at There he proposes the idea of converting your email address into a seemingly random string of characters using a simple substitution cipher, using a <script>..</script> block.

The advantages to this approach over a verbatim mailto: link are that spambots using simple regular expression searching for stuff like /[a-z._-]+@[a-z._-].(com|net|org)/i won't find it. Spambots have a lot of work to do and it's unlikely that they're going to parse and run javascript hoping to find an email address. They might conceivably convert HTML character entities or character codes, which is why this method is preferred for the truly paranoid.

My method is an expansion on Tim Williams' idea in that instead of putting the obfuscation into a <script>..</script>, it uses a javascript include to pull in the obfuscation code.

So you can have a mailto: link on your page by adding this to your html, which looks like anything but a mailto: link:

 <script language="JavaScript" src="";>

That has the advantage of keeping your HTML files cleaner, and of adding one more step to hide from the spambots, that of their having to fetch an additional file which isn't even HTML.

This script generates output which looks like this:

  coded = "XKA 2. tKN4r ZAKAoMKN4r.3KCn"
  codedlt = "W9Mp WZ 9a fcfNmcTZD.qcW"
  key = "R>jB5LiVpYwI1<btzeGUcEh0KdmsxnMXO@k8yFfauZAQq4Sv3lWDJTCrHN27goP96"
  var decfn = function(str){
        var shift=str.length
        var plain=""
        for (i=0; i<str.length; i++){
                if (key.indexOf(str.charAt(i))==-1){
                } else {
                        ltr = (key.indexOf(str.charAt(i))-shift+key.length) % key.length
        return plain;
  document.write("<a href='mailto:";+decfn(coded)+"'>"+decfn(codedlt)+"</a>")

Take that and put it in a js file, like getSignature.js, on a web server somewhere. Link to it with the <script...></script> tags as above and you're good to go.


Pick a link that works for you:


This is inspired by Tim Williams, Who says: As for the code it is freeware, use it as you like. If you like it please let me know. If you hate it let me know.

This script was written, and the javascript expanded on and the include feature added 11/2004 by Kevin M. Goess.


Copyright 2004 by Kevin M. Goess

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.


2005-10-29 encoding link text as well, some cleanup

2004-11-20 Initial version.