Anti-Spam Techniques In PHP, Part 1
Technique 1: Obfuscating
This technique allows your email address to still be displayed exactly as it is on the web page, while hiding it in the HTML source of your page. Since the email harvesters don’t “see” your page, they just read the source, this is hard to write a pattern matcher again.
Smarty has built-in functionality for this, which you can read about in the Smarty manual, but is basically achieved like this:
{assign var='email' value='antispam@example.com'} <a href="mailto:{$email|escape:'hex'}">{$email|escape:'hexentity'}</a>
This will output:
<a href="mailto:%61%6e%74%69%73%70%61%6d%40%65%78%61%6d%70%6c%65%2e%63%6f%6d"> antispam <!-- antispam --> @ <!-- @ --> example <!-- example --> . <!-- . --> com <!-- com --> </a>
The lines have been broken up and commented just for readability.
When you view it in your browser it will just appear as antispam@example.com.
To achieve this without Smarty, we just borrow Smarty’s code (from Smarty/plugins/modifier.escape.php)
function escapeHex($string) { $return = ''; for ($x=0; $x < strlen($string); $x++) { $return .= '%' . bin2hex($string[$x]); } return $return; } function escapeHexEntity($string) { $return = ''; for ($x=0; $x < strlen($string); $x++) { $return .= '&#x' . bin2hex($string[$x]) . ';'; } return $return; } $email = 'antispam@example.com'; echo '<a href="mailto:' . escapeHex($email) . '">' . escapeHexEntity($email) . '</a>';
Realistically though, it would not be terribly difficult to extend an email harvester to decode these hex entities, but hopefully that would be good enough to eliminate some of them.
The advantage of this method is that you can still keep the email linked so users can send emails directly in their email client.