0

I'm creating a new website, so I am thinking about how to protect my email address and phone number against crawlers, I actually mean email harvesters (most of which I suppose don't have JavaScript enabled, but I don't have any proof of it). What I do now is definitely security by obscurity or obfuscation (I might be confusing the two terms), as I want the email address to be normally visible and clickable by the user.

My question for Security SE as I will be posting the code to Code Review SE shortly:

Is security by obscurity / obfuscation a valid option, or do the crawlers = email harvesters have JavaScript enabled?

JavaScript

var item1 = '@';
var item2 = '.';
var m_clear_text = 'test' + item1 + 'example' + item2 + 'com';
var m_html_item = document.getElementById('m_link');
m_html_item.innerHTML = '<a href="mai' + 'lto:' + m_clear_text + '">' + m_clear_text + '</a>';

HTML

<span id="m_link">test [a.t] example [d.o.t] com</span>

My goal was to make even the JS code obfuscated / obscured little bit, I believe this approach might help, but it again depends on whether the email harvesters have JavaScript enabled.

LinuxSecurityFreak
  • 1,562
  • 2
  • 18
  • 32

1 Answers1

2

Yes some email harvesters will render the page and scrape the results therefore no matter how obfuscated your JavaScript is, if the JavaScript simply outputs a plain text email it's possible it will be harvested.

On the other hand your html example above likely would not get harvested because they probably don't have that format built into many scrapers.

Another option is to just put an image of your email on your site that is readable to humans but a scraper would never scrape since most harvests don't implement OCR.

neonprimetime security
  • 936
  • 4
  • 15