Archive

Archive for April, 2012

E-mail Munger: A PHP function to display click-able but spam safe e-mail addresses on web pages

April 10th, 2012 4 comments

If you’ve ever published your e-mail address online in plain text you will likely have noticed an increase in the amount of spam mail you receive. One of the easiest ways for spammers to pick up e-mail addresses is to use automated tools to crawl the web and to extract e-mail addresses from web pages. The software tools to do this are relatively easy to create and e-mail addresses on web pages are usually quite easy to spot as they often include a mailto: link to provide that expected click-to-email action.

I’ve seen various methods used to protect e-mail addresses from spam harvesting but most have a downside and/or generate a non-functioning mailto link. Examples are:

  1. Replace the e-mail address with an image (visitor must retype).
  2. Put spaces in the address (visitor must edit).
  3. Add a word that must be removed e.g. email@domain.net-REMOVE (visitor must edit).
  4. Change the character encoding to use HTML ASCII codes.
  5. Use JavaScript to generate the e-mail link on click or page load (relies on visitor having JavaScript enabled)
  6. Use a contact form instead of providing an e-mail address.

Of the above only options 4 and 5 can maintain the mailto: link functionality – option 6 works but is more hassle for the developer and visitors are often cautious of entering their own e-mail address on a web form.

I prefer not to rely on the availability of JavaScript so thus far option 4 has been my preference, however most solutions out there rely on a single type of encoding and even with useful online tools like http://www.addressmunger.com/ it is a pain to generate the e-mail links manually each time.

So I created my own solution – a PHP e-mail munging function that uses three types of character encoding and which makes it simple to include a munged e-mail link in your HTML page. As a little bonus the encoding is random so the e-mail address is encoded differently on every page load (though I’m not sure what real benefit this brings).

The end result of using this function is a click-able mailto: e-mail link. Setup is easy. Just include the below function on every PHP page or more likely in your main PHP include.

Then each time you want to include an e-mail address link on your web page simply insert this PHP snippet:

<?=mungemail('email@domain.net')?>

And thats it!

If you want to show different display text or want the scrambled e-mail address but no link just pass in those parameters as described in the function below.

<?php
// Email Munger Function
// Published: 10/04/12 by Phil Morgan
// This funtion returns an e-mail address randomly encoded in ascii/hex, as a link (optionally) with display text (if specified).

// Parameters:
// $str_email - email addressto munge
// $str_display - display text (optional otherwise uses e-mail address)
// $bln_link - create link (default, set to false to return e-mail address only)

function to_rand_ascii($chr)
{
    switch (mt_rand(1, 3)) {
        case 1:
            return "&#" . ord($chr) . ";";
            break;
        case 2:
            return "&#000" . ord($chr) . ";";
            break;
        default:
            return "&#x" . dechex(ord($chr)) . ";";
    }
}
function mungemail($str_email, $str_display = NULL, $bln_link = True)
{
    for ($i = 0; $i < strlen($str_email); $i++) {
        $str_encoded_email .= to_rand_ascii(substr($str_email, $i));
    }
    if (strlen(trim($str_display)) > 0) {
        $str_display = $str_display;
    } else {
        $str_display = $str_encoded_email;
    }
    if ($bln_link) {
        for ($i = 0; $i < strlen('mailto:'); $i++) {
            $str_mailto .= to_rand_ascii(substr('mailto:', $i, 1));
        }
        return "" . $str_display . "";
    } else {
        return $str_display;
    }
}
?>

Comments and ideas are welcome! The code above is free to use in your own personal web sites. If you want to use it in commercial sites I’d appreciate a donation.

Categories: PHP code Tags: