Email addresses are common targets for spam, phishing attacks — even malicious crawlers. While there are many ways to obfuscate addresses from marketers or bots, no method is perfect. On top of this, usage of simple obfuscation techniques often results in a worse user experience; having said that, it should be balanced with more user-friendly techniques (that are less effective protection against spam).
In essence, email obfuscation is a simple concept that can be difficult to balance between bot-prevention and the overall user-experience.
As mentioned previously, there are many ways for Email Obfuscation to happen:
1) Putting email addresses into images
This is a simple method of obfuscation — essentially, a website owner can embed his/her email address(es) into an image that a bot cannot read. Unfortunately, with new AI (artificial intelligence) neural networks, this can be defeated. Users also have to read text from an image, resulting in both accessibility and user-experience issues.
2) Using text-based obfuscation techniques
Text-based obfuscation involves putting email addresses in a human-readable format that is still hard for a crawler to read. For example, if a webmaster wishes to place
email@example.com on their website, a potential deterrent would be to write
support(at)bunny(.)net (or other similar variations to this). Similar to the previous technique, users lose out again as they cannot easily copy an address.
<p> I am available at the following email address: <span id="email"><noscript>JS is required to view this address.</noscript></span> </p>
Now, when a “legitimate” browser loads the website, the following code is executed:
… and for regular users, an email address (that can be copied) appears:
I am available at the following email address: firstname.lastname@example.org
While imperfect, this solution is the most user friendly of the four listed methods. They neither have to read text from an image or remove placeholders. The only downside to this form of obfuscation is the relative simplicity of “decryption”: any bot running a fully fledged browser can easily bypass basic forms of JS-powered email hiding techniques.
4) Captcha-based obfuscation
CAPTCHAs, or user challenges, are typically the least user-friendly solution to hide contact information. They usually look like the following:
Other variations include scrambled text or auditory CAPTCHAs. Another major issue is the existence of services that can solve CAPTCHAs automatically; not only do CAPTCHAs make a user experience far worse, they can end up being equally as insecure as the latter option.
An automated application used to scrape (i.e. take) content from other sources.
Generally, obfuscation is the act of manipulating content such that specific users/bots cannot read your content.