Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

hiding emails from bots

Go to End

16 Posts   6729 Views


Forum Moderator, 224 Posts

18 September 2007 at 3:57pm

Hi Folk

What is the silverstripe philosophy on hiding emails? Right now, when you make an email link it blatantly shows in the source code, meaning that email harvesters will pick it up. What is the best way or what sort of ideas do you have about hiding email addresses?

Perhaps I could write a little module for it that can be added to ss. In that case, someone needs to tell me a bit more on how to do that :-)



Forum Moderator, 628 Posts

18 September 2007 at 4:11pm

Currently we've not created any obfuscation, but certainly suggest what you feel is a good contemporary way of doing it :)


Forum Moderator, 224 Posts

18 September 2007 at 4:19pm

Edited: 18/09/2007 5:10pm

I have a small PHP function that takes the email address from the content and changes it into a bit of javascript that writes You can also write all characters as ascii code e.g. 'M etc... in combination with the above. Altogether this may provide a bit of obfuscation. Here is an example: (see bottom of the page).

Not very sophisticated, but at least it shows that you have made an effort to prevent your clients from being spammed....

Usually, within days of publishing (without obfuscation), clients will find their email being spammed.

Hope that helps



Forum Moderator, 922 Posts

18 September 2007 at 4:24pm

Edited: 18/09/2007 4:29pm

I found a pretty nice technique here:

We could probably do something like this for

<a href="send/bob/">Bob's email</a>

[code php]
class Page_Controller extends ContentController {

function send() {
// ... do some checking of $this->urlParams here and perform an HTTP redirect to the mailto URI


That page has some nice examples of php code performing this sort of behaviour, instead of placing the mailto: directly in the source code. Perhaps this could be of some use?

Hope this helps!



Forum Moderator, 224 Posts

18 September 2007 at 4:31pm

it may be nice to use something that is not commonly used, because if it is commonly used then the email harvesters have more incentive to crack it....


Community Member, 86 Posts

18 September 2007 at 9:58pm

Edited: 18/09/2007 10:03pm

I just committed the first revision of the hidemailto module for you guys to test :)

Run the following inside your silverstripe install:

svn co hidemailto

Then, follow the instructions at the top of the hidemailto/code/HideEmail.php file to implement it :).

Summary: There are currently two ways to implement, either by passing a member ID or an email address in the format user/domain/subject.

If you're listing a bunch of members on your site, and want a link to email them, you can use the following code:
[html]<!-- This is some control that returns Member objects -->
<% control Members %>
<!-- No default subject -->
<a href="$HideEmailLink" title="Email $FirstName (opens your favourite mail client)">Email $FirstName</a>

<!-- A default subject of Hi there! -->
<a href="$HideEmailLink/Hi there!" title="Email $FirstName (opens your favourite mail client)">Email $FirstName</a>
<% end_control %>[/html]

You can also insert links manually - via the CMS or hard-coded into your templates - by using the format mailto/user/domain/subject, where:
- user means the part before the @ sign - e.g. for, it will be 'matt'
- domain means the part after the @ sign - e.g. ''
- subject is optional, and is the default subject that is loaded (it can be changed by the user)

Hope this helps someone :)

edit: I've tested this on SilverStripe 2.1.0, and it requires the DataObjectDecorator extensions that were built for the gallery module.


Forum Moderator, 922 Posts

18 September 2007 at 10:57pm

Nice work Matt, I've just had a quick test and it seems to be working quite well. I'll test a bit more, and see how it goes, but it seems to be working pretty well nevertheless, and is free of javascript like most other methods rely on. :-)



Forum Moderator, 801 Posts

18 September 2007 at 11:10pm

cool stuff, matt!

why wouldn't spambots (who crawl a site anyway) be able to follow a link in the format "/ingo/" and extract the plaintext email-address from the url? they don't even have to be javascript-capable, just parse their own crawl-logs (or http-headers).

as mentioned on, you would've to combine this solution with a captcha to make it spam-bot safe. this in turn isn't very friendly to the user, who expects a simple email link.

i don't see this solution (without captcha) as much more secure than javascript-obfuscation, which can be worked around by spambots with similiar (or even more) effort. on the long run, having a $Content-parser in the module replacing all email-links with a client-side obfuscation would be cool :) definetly a good start though!

Go to Top