Email obfuscation: What works in 2026?
7 hours ago
- #spam prevention
- #web security
- #email obfuscation
- Plain text email obfuscation techniques include no protection, HTML entities, comments, SVG, CSS display none, and various JavaScript methods like concatenation, Rot18, conversion, AES encryption, and user interaction, each with varying effectiveness against spammers.
- Clickable link obfuscation methods protect mailto links using HTML entities, URL encoding, HTTP redirects, SVG, and JavaScript techniques similar to plain text, aiming to hide email addresses from harvesters while maintaining usability.
- Observations indicate most harvesters are unsophisticated and easily defeated by simple obfuscation, and they often target high-traffic pages, so protection is necessary even if some pages seem safe.
- Methodology involves using the article as a honeypot to collect spam statistics by exposing obfuscated email addresses and tracking which techniques are broken, with careful deduplication and separation of plain-text and link-based stats.