Hiding email addresses from Spambots using Javascript

Spambot is a program that searches the internet looking for email addresses. When it finds them, they are added to lists of email addresses that are then used to send Spam emails or sold on to Spammers. The easiest way for a Spambot to find this information is when an email address is hard-coded into the HTML of a website.

There’s a useful technique that you can use to stop an email address being copied from your HTML code. It takes of advantage of the fact that the Javascript for your website will run once the website is loaded into a browser. The Javascript can be used to modify the HTML to add the email address once the page is loaded in the browser. To avoid the email address being found in the Javascript code, it can be constructed from separate parts before adding to the HTML.

A simple way to achieve this is to have an “id” element in the HTML as a placeholder for where you wish to insert the email address. In the Javascript, you can use the “getElementById” method along with the “innerHTML” property or “setAttribute” method to make the change. The actual email address itself is broken into parts and built at the run stage using string concatenation.

Here’s an example of the Javascript to add a destination email address into an HTML form that uses Formspree.io:

var contactform =  document.getElementById('contactform');
contactform.setAttribute('action', 'https://formspree.io/' + 'your' + '.' + 'name' + '@' + 'somedomain' + '.' + 'com');

This will select the section of HTML code to be modified using document.getElementById(‘contactform’) . It will then use string concatenation to construct the email address as


and insert it into the form as an attribute by using contactform.setAttribute .

This is a straightforward trick to reduce harvesting of email addresses from your websites. It’s definitely worth doing.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top