Divert to default decoder page on EmailShroud site.
The default behaviour is to replace the email address with a link to a decoder web-page on SomethinkOdd.com. This web-page decodes the obfuscated email address and displays it, but the user must type it in manually to their email program.
Note: This default behaviour diverts the user to a 3rd party web-site – i.e. this one. In the unlikely case that the amount of CPU and bandwidth used by this service becomes non-trivial, I reserve the right to add (tasteful) adverts to the page that they see. I understand that may be unacceptable to some people, and I offer them an alternative action plan – see below.
An alternative action plan is to include the email address in the text, after being transformed in some way so it is no longer recognizable as an email address (e.g. including some garbage in the email address, with instructions to the reader to remove it.)
You can use the default transformation, or change the parameters to produce your own. I encourage you to produce your own to (a) localize the text to your blog’s language or style, and (b) to prevent spammers from writing code to overcome this technique.
The transformation occurs in three parts:
- a prefix, placed before the address.
- a replacement for the @ symbol.
- a suffix, placed after the address.
This allows popular transformations like:
- replace the “@” with “@NOSPAM.” Or “@REMOVEME”
- replace the “@” with “ AT “.
- Optionally, add some text to explain to people how to modify the address.
EmailShroud works by obfuscating the email address. In theory, this won’t stop a motivated hacker from extracting the email address – all the information is available to decrypt the email address. In practice, it doesn’t take much to obscure the email address to a level that a spammer won’t bother, and will move on to another web-site to harvest someone else’s address.
EmailShroud offers three levels of obfuscation so you can tradeoff between the level of security and the cost of decoding.
Rearrangement is a very simple system and takes negligible computation to encode and decode. It was the only solution available in EmailShroud 1.0. While I maintain that rearrangement is currently sufficient obfuscation, critics of EmailShroud 1.0 considered it insufficient, which is why EmailShroud now offers three levels.
Reverse/Shuffle is a still a simple system, and takes very little computation to encode and decode. Its advantage over Rearrangement is that it cannot be decoded with a trivial “regular expression” engine.
Triple DES (3DES)
3DES uses standard industry-standard encryption techniques. It is computationally it is fairly expensive, to encode and decode. It should discourage the efforts of even the stubbornest spammer!
On a page with many email addresses, you may notice a delay in loading while the computation is performed.
- The EmailShroud site remains the weakest link in the obfuscation. The spammers could merely follow the link to the EmailShroud site, and let it do the decrypting, then harvest the lightly obfuscated address from the page. If you want this level of obfuscation, you should use your own, novel, transformation strings.
- It is computationally too expensive; if EmailShroud became too popular, my server would spend its entire day decrypting email addresses.
- I had a stab at implementing it anyway, but it was very buggy and I got bored. 🙂
How to Set and Debug the Options
- Open the Options Panel
- Login to your WordPress Admin site.
- Select the Options page.
- Click on the EmailShroud tab.
- Select the Desired Action Plan.
- If you chose Transform, you can select the desired transformation parameters.
- Tip: Take care with leading and trailing spaces.