Ask HN: How to obfuscate an email on a website in 2024?
I'm making a simple, static website for someone's small (one-person) enterprise. We'd like to put the email on the site, but I'm a bit afraid of spammers. What are reasonable practices to obfuscate the email in 2024? I can think of at least two simple (?) approaches:
"Contact me at blah(at)bleh.bloh"
(which I personally don't like), or using some homoglyph (like Cyrillic "а" instead of Latin "a") and writing a simple JS function which will change it to normal, Latin "a" after e.g. the first click/keypress on the page (so that when a human actually copies the email, it is ok, but there is no visible change in its appearance).
Are these ideas good? Why/why not? If not, what are better ones?
Note: the person I'm doing it for does not want to change the email provider nor create any email account/alias other than what they have now.
23 comments
[ 2.8 ms ] story [ 64.0 ms ] threadIn the form we collect basic information like name and email address and some other relevant info. And then we also have a free-form text area where people can write whatever.
We also put the phone number of the business on the site, so that people can call by phone instead, if they prefer.
Because they are making work for me.
Not helping me with my problem.
It's a tell for two scenarios. In the best case it suggests an intent to communicate "not for me" to me. More likely, there will be more hoops to jump through in the future. That's something I might want to avoid. I have the tee shirt.
the person I'm doing it for does not want to change the email provider nor create any email account/alias other than what they have now.
Ask them what they want, do what the want, cash the check. The solution is social, not technical. Good luck.
> Ask them what they want, do what the want, cash the check.
That person is very much not tech-savvy, and I consider my role to help them find out what they need (not "want"). (Also, there's no check involved - this is a friend of someone in the family, I'm doing this for free.)
For example, they don’t want your role to be setting up a gmail account even though that would make the spam problem mostly disappear (and avoid a bunch of other email footguns) so you aren’t doing that.
Even though they need a gmail account because potential customers will expect and accept it.
And if your client already has email and use it, they already have practice dealing with spam because putting an email address on the web hasn’t been necessary to attract spam for a couple of decades.
Our organisation considers Gmail addresses as "suspect" when processing orders.
Gmail itself is hard to deal with as a company address when integrating to internal systems (they keep changing things.)
I personally would strongly caution against using a Gmail address for your company.
or if you want to get very obtuse
rotx <rotxdemail>
and let the reader guess what x is to perform the rot operation
https://spencermortensen.com/articles/email-obfuscation/