LionelScript - Stop email harvesters with a simple Javascript function

If you're weary about putting your email address on your website because of pesky email harvesters, worry no more! I've created a simple bit of javascript (dubbed 'LionelScript') that will allow you to keep those mailto: links on your site, without the address being collected and used for nefarious purposes.

How does it work?

To get the anti-harvesting script working, you simply need to replace your mailto: links with a bit of javascript:

This then calls a function which will automatically email 'jimbo@yourdomain'.

To Setup & Use LionelScript

Setup is quick and easy - follow these steps:

Step 1. Download LionelScript 1.0

You can grab the latest version of LionelScript direct from this website.

Step 2. Link to LionelScript in your Markup

Add the following code to the <head> of your webpage:

Step 3. Configure lionelscript.js

You need to edit one line of the javascript file, so that mail will go to the correct domain. Open up lionelscript.js using Notepad / Textpad / TextWrangler, and edit the very first line (the bit that says var domain = "sober-productions.co.uk";), and replace the domain with whatever the domain you want the mail to go to. Remember not to include 'www'!

Step 4. Add sayHello() references in where appropriate

All that's left is to replace your mailto: links with the following bit of code:

<a href="javascript:sayHello('jimbo');">Say Hello to Jimbo</a>

Step 5. Test is out!

Test LionelScript out with a link a bit like this one - if it works, your default mail handler should load up with the address "hello@yourdomain", and you're ready to rock!

That's it! If you have any problems, bugs, questions, or suggestions, feel free to send them over!

4th August, 2006
Code.

This post is related to 4 areas of discussion: lionelscript, lionel script, code, javascript.

MICHAEL said:

2.12am, 7 December 2007

i am having trouble getting the email harvester to work with firefox. It works with IE7 fine.
Please let me know if there is a work around.

Craig Munro said:

7.54pm, 4 August 2006

Ben, you're definitely right about using images to hide the addresses - it's a good method, but it's time consuming because for each link to an address that you want, an image has to be created, uploaded, and linked to - my method is much quicker, and one which doesn't involve any extra work than one would ordinarily do when creating an email link. Also, you will run into trouble getting the image to look consistent across all browsers - the way Photoshop will render your text won't necessarily be how different browsers / platforms render the text. Also, you still aren't solving the issue of how to make the addresses clickable - it still takes extra actions, namely copying, pasting, and manually opening your email client. Having said that though, using images for addresses is a method which shouldn't necessary be discounted if it's how you prefer to make your links.

The reason I wrote this wasn't to present a completely fool-proof, difinitive way of hiding your address - it's definitely more of a proof-of-concept than anything else. While it'll by no means stop the spammer who's willing to spend time figuring out workarounds for this sort of scripting, it is a valid and useful way to stop the automated harvesting of addresses. It'll certainly stop harvesters which work by downloading the page, and sucking out anything resembling a mailto: link.

Ben Yogman said:

7.30pm, 4 August 2006

In many, many cases, the domain is the easiest piece to guess and we're not obcuring the user at all. Even when the domain isn't guessable, you can just try gmail, yahoo, and hotmail and one will give you a real user (as might more than one) in many cases.

Finally, dumb question but how do you prevent a spammer from just calling the javascript function themselves to suck out the address once they know that function returns an address?

It's somewhat doubtful that a spammer would go to that level of effort, but if he encountered enough of this, why not?

I think the best, easiest trick right now is just to make an image for your email address (and no, don't put email in the name of the file), and forget mailto links altogether. Also, it's probably best not to prefix that message with stereotypical "contact me at" or "email me at" stuff.