A blog for odd things and odd thoughts.

Features and Limitations


What EmailShroud will detect and protect

EmailShroud will search for email addresses in the following places:

  • The contents of WordPress pages.
  • The contents of posts.
  • The contents of post excerpts.
  • The contents of RSS feeds.

It will search for:

  • Links to email addresses (i.e. anchor tags with mailto addresses.)
  • Email addresses written in the content of a post with the text mailto: in front of it.
  • Email addresses simply written in the content of a post.

Limitations of EmailShroud

What EmailShroud won’t detect and protect

In the following rare circumstances, EmailShroud may pass through the email addresses, unprotected:

  • Domain names with multiple consecutive dashes.
  • Email addresses in WordPress page titles and post titles.
  • Where the anchor tag is malformed, so it is not recognized as an anchor tag.
  • Where the email tag appears outside of the pages, posts, excerpts and RSS feeds. In particular, in a list of links in a side-bar or in templates.

In the following rare circumstances, EmailShroud may damage existing links:

  • Where a user-name and password is included in a URL.
    • i.e. using the userinfo subcomponent of a URL.
    • This is rarely used outside of phishing attempts.
  • Where cc, bcc and subjects are provided in an anchor tag, they may be stripped out.
  • Where email addresses are included in title or similar attributes inside an anchor tag, they will be replaced with the user name.
    • There has been a report of this happening in input forms.
  • Where the anchor tag is malformed, so it is not recognized as an anchor tag.
  • Automatically generated excerpts may have their email addresses stripped.
    • See below for more information.
  • Email addresses in Category Descriptions.

Special Behaviour for Excerpts

In some circumstances (for example, category views or for RSS feeds) an excerpt of a post may appear. WordPress allows the author to produce their own excerpt – if they don’t, an automatically generated excerpt is used. If the author manually enters an excerpt, it is treated by EmailShroud much like regular content. If WordPress automatically generates an excerpt, it strips all tags, and the links to email address will not appear.

Future Features?

The following have been considered as potential features for future releases. I do not actually commit to actually implementing them any time in this lifetime!

  • Generate an image containing the email address, and include the image inline.
  • Cache the generated encrypted text (particularly for DES.)
  • Support redirection back to own site, rather than to EmailShroud web service.
  • Support cc, bcc and subject attributes on anchor tag.
  • Support detection of email addresses in themes, lists and categories.
  • Support detection of email addresses in user’s comments.
  • Support even lower-level of security: escape codes – dropping all Javascript requirements entirely.



EmailShroud requires WordPress 2.0, or above. It has been tested on WordPress 2.0.3-2.0.7, and 2.1.0-2.1.3. It has been tested on Linux and MacOs. It has also been successfully run (unchanged and without careful testing) on WordPress 2.1.3-2.9.2.


EmailShroud have been historically tested on:

  • Mozilla Firefox 1.0.4,,, (Windows & Mac)
  • Microsoft Internet Explorer 6.0 & 7.0 (Windows)
  • Opera, 9.25 (Windows)

EmailShroud 2.2 has been specifically tested on:

  • Mozilla Firefox (Windows)
  • Microsoft Internet Explorer 67.0 (Windows)
  • Opera 9.25 (Windows)

XHTML Compliance

EmailShroud should work in themes that use XHTML Strict and Transitional.

Other Plugins

The WP-Print plugin and the EmailShroud plugin have quite different goals. When installed together, they both work as designed and do their jobs. It is just that the result looks a little ugly: obfuscated URLs are printed out on paper.


  1. Mark L contacted me through private communication to identify a bug in EmailShroud.

    I have broken the WordPress coding standard by relying on the “<?”
    abbreviation for the “<?php” tag.

    If your web-server is not configured to support PHP markup using short tags, EmailShroud will not work.

    I will correct this egregious error in the next version, and apologise for the inconvenience.

    [Update: This was fixed in Version 2.1]

  2. Jonathan S. contacted me through private communication to highlight the impact of a known limitation in EmailShroud.

    A page had an INPUT form. One of the fields had a VALUE attribute, and the value contained an email address. As was warned about in the limitations, EmailShroud saw the email address and tried to protect it, breaking the HTML.

    This is a very specialised situation that won’t affect most bloggers, but it is legitimate, and EmailShroud will break the page in this situation.

    I apologise, but I cannot yet see a solution here. It will be hard to detect this situation, and even harder to work out what to do about it – the email address cannot be safely protected, which leaves it open to the spammers to harvest.

Leave a comment

You must be logged in to post a comment.