Tim ChaseApr 2

An interesting article¹ by Spencer Mortensen on obfuscating email addresses on web-pages, detailing how well each technique has worked.

While all the more advanced techniques had much higher blocking-success, I dislike how they rely on CSS or JavaScript which breaks in most of the simple text-mode browsers. For inline-text email addresses, the comment method

me@examp<!-- comment -->le.com

seemed to hit the sweet-spot of working in all browsers, yet effectively eliminating 98% of spamming attempts.

However, that doesn't appear to work in a mailto: link,

<a href="me@examp<!-- comment -->le.com">Contact me</a>

so it might make more sense to use the Entities method in that case:

<a href="mailto:&#109;&#101;&#64;&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#99;&#111;&#109;">Contact me</a>


¹ https://spencermortensen.com/articles/email-obfuscation/

Email address obfuscation: What works in 2026?

Show threadChris Mackay 🇨🇦Apr 2
@gumnos Using a form works 100% of the time, eliminates the game of whack-a-mole with spammers, and doesn’t require the user to have a configured email client (or remember their webmail login) if they’re using a shared computer (e.g. library PC).
Show threadMorgan AldridgeApr 2

@tantramar @gumnos I'll counter that using a form has many downsides (naturally, many still shared by email):

1. Still a target for spammers, often requiring JS captchas and such
2. No guarantee the destination is checked or left to collect spam
3. Doesn't provide the user with actual contact info
4. Higher liklihood of message data loss (user must remember to copy form content before submitting because an error often results in loss of the message content)
5. Privacy concerns

Show threadChris Mackay 🇨🇦Apr 2
@morgant @gumnos 1. Website problem, not user problem
2. Not unique to either method
3. Feature (not a bug)
4. More of an issue in years past; crashiness is much reduced (I used to worry about this a lot but can’t remember the last time it bit me)
5. Not unique to either method
Show threadMorgan AldridgeApr 2

@tantramar @gumnos I wholly agree that most of these are shared problems, but I have to — respectfully — disagree on points 1. & 4.

1. JavaScript and captcha requirements are often a problem for website users (maybe just running older/lower-end hardware, limited/inconsistent Internet access, or accessibility issues due to disabilities) and the spam is still a problem for the receiving user

2. I encounter this frequently, especially on mobile devices where switching apps may cull browser tasks

Show threadMorgan AldridgeApr 2
@tantramar @gumnos Not arguing against forms, they're just better as an optional alternative as opposed to a replacement for providing an email address. I have _zero_ interest in going back to the early days of the Internet with people emailing orders, contact info, credit cards, etc.! Or, marginally better, emailing with instructions to call to provide those details.
Show threadTim Chase

@morgant @tantramar

Forms also require server-side infrastructure that inhibits use with a static site. Yes, you can set the form target to some outsourced form-processor, but usually those then come to you…as email 😁

Apr 2 at 3:22pmWeb
Show threadChris Mackay 🇨🇦Apr 2
@gumnos @morgant Very true.