How to prevent spammers from harvesting e-mail addresses from your web site using spiders

Home | Audio | Buy | Contact | Downloads | FAQ | Links | | TOC | Videos

Because we want to help you prevent spammers from harvesting e-mail addresses from your web site, we are encouraging others to steal the JavaScript we use to do this with.  In the Javascript examples below, a fictitious e-mail address of is used.  The way this works is that it basically assembles the e-mail address and HTML code to open up your e-mail software on the fly. The spiders that crawl your web site looking for e-mail addresses to harvest (to sell to spammers), are looking for the character string "mailto:", then the e-mail address that follows it.  This Javascript makes it impossible for them to capture the e-mail address because the "mailto:" line it appears on is broken into several pieces that can only be assembled back together by opening the page with a browser that has Javascript enabled.  Here's the code we used on our contact.html page to do this:

This part of the script tells the visitor to turn on Javascript if it's turned off if they want to see the e-mail address:

<NOSCRIPT><span style="background-color: #FFFF00"><font size="2"><b>OUR E-MAIL ADDRESS WILL NOT DISPLAY BECAUSE YOU HAVE JAVASCRIPT TURNED OFF.</b> You must have JavaScript turned on to be able to click on the link that sends us e-mail messages. The reason we do this is that we use JavaScript to assemble our e-mail address piece by piece to make it nearly impossible for spiders that crawl our web site to harvest our e-mail addresses. Once they harvest them they sell them to spammers and we get junk mail. The JavaScript we use for this purpose doesn't capture any information about you. The ONLY reason it is used on this page is to thwart harvesting of our e-mail addresses. </font></span></NOSCRIPT>

Here's the JavaScript that assembles the e-mail address on the fly:

<!-- Begin
//Tip: if you want to make it even harder for automated software to reassemble the e-mail address, mix up the sequence of the next 7 lines.

it1 = "mail";
it2 = "to";
part1 = "nob";
part2 = "ody";
parta = "nowhere";
partb = ".";
partc = "net";

document.write('<p><b>Send us e-mail at: </b> ')
document.write('<a href=\"' + it1 + it2 + ':' + part1 + part2 + '@' + parta + partb + partc + '\">');
document.write(part1 + part2 + '@' + parta + partb + partc + '</a>');
// End -->

If JavaScript is currently turned on, you'll see a line below that contains the fake e-mail address.  Go ahead and click on it to see how it assembles the fictitious e-mail address, then opens up your e-mail software to send a message to it.  If you had Javascript turned off to begin with, and you just turned it back on, you will need to reload the page to see the e-mail address.


How to turn Javascript on in Netscape

Click on Edit in the toolbar at the top of the page
Click on Preferences
Double-click on Advanced
Click on Scripts & Plug-ins
Click on the checkbox to the left of the word "Navigator" - there should be a checkmark inside of the box when you're finished
Click on the OK button


How to turn Javascript on in Internet Explorer (IE)

Click on Tools in the toolbar at the top of the page
Click on Internet Options
Click on the Security tab at the top
You have two options at this point.  If you click on the "Default level" button, that will reset all of your IE options back to the original settings, which includes Javascript being turned on.  If you have other settings in IE that have been customized and you don't want to lose those settings, then click on the "Custom Level" setting instead.  If you're not sure, the safest thing is to use the Custom Level button.
Use the slide bar on the right to scroll down the list of option until you see "Scripting", then "Active Scripting" on the next line below it, indented to the right.   Click inside the "Enable" circle, then click the OK button.
When it asks you if you're sure you want to change the settings, click on the "Yes" button.
Click the "OK" button.