A while ago, I wrote about different methods in JavaScript to prevent spam harvesters from recognizing an email address. These methods work by placing a scrambled version of the email address into the page source so that a spam harvester cannot recognize it as an email address. Using JavaScript, the scrambled text is unscrambled and displayed as usual to human visitors. Usually, the “scrambling” is based on replacing characters of the email address with its hex-entities (Rails’ mail_to helper does so if using :encode => :hex or :encode => :javascript). My theory was/is, that using hex-entities is not sufficient anymore nowadays, since they can be easily reversed with simple search-and-replace operations.

So I came up with the idea to use a scrambling method that cannot be easily reversed. I assumed that spam harvesters probably can decode hex-entities, but still aren’t able to execute JavaScript. However since this was just an assumption, I started a simple test over the last 6 months to find out how good or bad the different scrambling methods perform.

If you put your email address on a public web page, you can usually be sure to get tons of spam from there on, because address harvesters will sooner or later visit your page and recognize the email address.

There are different solutions to prevent harvesters recognizing an email address. I personally don’t like the use of images to display email addresses or the use of feedback forms instead displaying addresses at all. These methods have a negative impact on the site usability, since a visitor wouldn’t be able to easily copy an email address to his email application anymore.

Another method is to scramble email addresses in a way that harvesters cannot recognize it. Using JavaScript, the address is unscrambled and displayed to a human visitor. Even though this is not a foolproof solution, it provides the best measure between safety and usability in my opinion – as long as you do it right.

So here’s an easy way to use scrambled email addresses in Rails views.