Obfuscated email not really obfuscated. but why not?

Rails
1

I have a page with an email address visible (so humans can print the
page if necessary). I used the following to code to obfuscate the
email. When I view the page source in my browser it appears all is
well, but I was told today by the SEO person at our web developer that
the email address is not obfuscated on this page. He had a printout
with the email address clearly visible after some obfuscated text.

So, is the following incorrect in some way I just can’t see?

Email: <%= mail_to @post.employer.email, @post.employer.email, :encode
=> “javascript”, :subject => 'request for information: '+ @post.title
%><% end %>

2

On 23 Mar 2011, at 04:39, “sol.manager” [email protected] wrote:

I have a page with an email address visible (so humans can print the
page if necessary). I used the following to code to obfuscate the
email. When I view the page source in my browser it appears all is
well, but I was told today by the SEO person at our web developer that
the email address is not obfuscated on this page. He had a printout
with the email address clearly visible after some obfuscated text.

What does the output look like if you view the HTML source in your
browser?

Fred

3

For example, on the web page the following Email: [email protected]
had the following source code.

  • Email:

    • To me this seems obfuscated, but the SEO person produced a print out
    with something similar above but looked more like:
    after the and before the his print out had
    href=“mailto:[email protected]?subject=job
    %20application”>[email protected]

    I didn’t know if this was a difference in web browsers or how he was
    able to see this, but he did.

    On Mar 23, 4:37am, Frederick C. [email protected]

    4

    The problem seems to be that use was using Firebug add-on for Firefox
    and was viewing the page in debug mode, so essentially he was seeing
    the “front” and the “back” at the same time. Robots don’t crawl the
    front, the crawl the source. So in the end, I believe this was
    operator error and not incorrect obfuscation of an email.

    5

    On Wed, Mar 23, 2011 at 9:29 AM, sol.manager [email protected]
    wrote:

    %6c%75%74%69%6f%6e%73%25%32%30%41%73%73%69%73%74%61%6e%74%22%3e%6a%6f
    able to see this, but he did.

    That’s a good question. What browser and version did he produce that on?

    B.

    6

    On Mar 23, 2011, at 8:33 AM, sol.manager wrote:

    The problem seems to be that use was using Firebug add-on for Firefox
    and was viewing the page in debug mode, so essentially he was seeing
    the “front” and the “back” at the same time. Robots don’t crawl the
    front, the crawl the source. So in the end, I believe this was
    operator error and not incorrect obfuscation of an email.

    This is also true if you use Safari/Chrome’s developer inspector. A
    pure view source will show you the javascript mess. Inspecting the
    element will show you the result of the javascript call…

    -philip

    7

    On 23 March 2011 15:33, sol.manager [email protected] wrote:

    The problem seems to be that use was using Firebug add-on for Firefox
    and was viewing the page in debug mode, so essentially he was seeing
    the “front” and the “back” at the same time. Robots don’t crawl the
    front, the crawl the source. So in the end, I believe this was
    operator error and not incorrect obfuscation of an email.

    Really, don’t even bother.
    Firstly, you’re wrong in your assertion that “Robots don’t crawl the
    front, they crawl the source” - nice simple robots may well only look
    at the source. But it’s well known that the big search engines can
    determine if sneaky JS or CSS methods have been used to stuff keywords
    into source, but hide them from view.

    Secondly, you have no idea what nasty robots are doing - and I
    assume they’re the ones you don’t want getting the email addresses
    from your page (for spamming, etc). There’s no reason not to assume
    that robots don’t view your whole site exactly as users do, including
    ignoring robots.txt files - in fact, a robots.txt file is the first
    thing I would look at if I want to know where the juicy stuff might
    be…

    Just work under the premise that whatever works for your users will
    work for robots - if the user can click a mailto link, or read a
    legible email address, so can a robot, whatever obfuscation you’ve
    tried.

    In fact, rather than foiling robots, your method discriminates against
    real users who don’t have JS-enabled browsers.

    If you really want to delay spammers, then render email addresses
    like “pavling(at)gmail(dot)com” - or some similar method that is
    deducible by humans, but unfamiliar enough to not be easily parsed by
    scripts (until loads of people use the method, and it’s worth having
    the script look for matching patterns too…) - of course, users can
    no longer click-to-send, and I don’t think it’s worth the hassle.

    Life’s too short - use a good spam filter, and don’t worry about it.
    :slight_smile: