Yet another Email Link Protector?

Yes, but I think this one is better:
all existing Javascript e-mail link protectors obfuscate your data with more or less complexity. In my opinion, all these scripts have a major flaw: they can all be recognized as e-mail link protectors by the best spam bots.

Look at any of these scripts and imagine you are a spam bot designer - you'll see that code to find such javascript it is not very difficult to write.

They leave their signatures:

• Javascript file name
• Programmer copyright
• Variable name
• "mailto:" , "Contact us" etc... strings

The EmailProtect solution :

The EmailProtect code uses an algorithm strong enough to encrypt your address but with the smallest signature possible. So it is difficult to detect.

EmailProtect Javascript uses the following code to decrypt the e-mail address :

 
<script type="text/javascript">
<!--
  link=""
  coded = "Jbt1J0uodUQJb9J0aX1gTMNJbKl1XUJzu6gMUJ0fsNXJ0aJbffX1gTJ0uXUJ0uJ0ZJbtJ0P1Jbf"
  key = "2S1jo5J4CliU06ZwNvRztTgEuBOmyxLFMGqf3VcXp7YPrHDQbAsI8akhd%9WnKe"
  shift=coded.length
  keylength=key.length
 
  k=5*keylength-shift;
 
  for (i=0; i<shift; i++)
    {
    ltr = (key.indexOf(coded.charAt(i))+k) % keylength
    link += (key.charAt(ltr))
    }
 
  document.write(unescape(link));
 
//-->
</script>
 

The EmailProtect PHP function will generate the above javascript and will also :

• set all random variables (key)
• set random variable names (and try not to interfere with javascript reserved words)
• encode the e-mail address

What bots will see in your HTML pages is the resulting javascript. For example :

 
<script type="text/javascript">
<!--
 
  o_="";
  ym="owAroQcEhR5owBoQIgr821qowdargRoFcZ81RoQzDqgoQIowzgr82oQcgRowAoQtrowz";
  q1="WeIgX6R4L0KnFkcVatuDSr1OBHhJCsTElAZ3z2dywxQjbivp%N8PUof9MGq57mY";
  j7=46;
  hn6=j7+17;
 
  for(k4r=0; k4r<68; k4r++)
    {
    zq=(q1.indexOf(ym.charAt(k4r))+247)%hn6;
    o_+=q1.charAt(zq);
    }
 
  document.write(unescape(o_));
 
//-->
</script>
 

Here is the code:

 
<?php
 
function EmailProtect ($iAddress, $iText, $iCssClass='')
  {
  if ($iCssClass!='')
    $iCssClass = " class='$iCssClass'";
 
  $iAddress = rawurlencode("<a href='mailto:$iAddress'$iCssClass>$iText</a>");
  $iAddress = str_replace ('.','%2E',$iAddress);
 
  $iKey   = str_shuffle ('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789%');
  $iCoded = '';
 
  $iAddressLength = strlen($iAddress);
  $iKeyLength     = strlen($iKey);
 
  for ($i=0; $i<$iAddressLength; $i++)
    {
    $n = (strpos ($iKey,$iAddress[$i]) + $iAddressLength) % $iKeyLength;
    $iCoded .= $iKey[$n];
    }
 
  $iVarsFirst = str_shuffle ('hjkmoqxyz');                              // to prevent JavaScript from reserved word
  $iVars      = str_shuffle ('abcdefghijklmnopqrstuvwxyz_0123456789');
 
  for ($i=1; $i<=7; $i++)
    {
    $aVar[$i] = $iVarsFirst[$i].substr($iVars, 2*$i, mt_rand(1,3));
    }
 
  $k = mt_rand(3,9)*$iKeyLength-$iAddressLength;
 
  $k1 = mt_rand(2,$iKeyLength-2);
  $k2 = $iKeyLength - $k1;
 
  $iJavascript = <<<HTML
 
{$aVar[5]}="";
{$aVar[1]}="$iCoded";
{$aVar[2]}="$iKey";
{$aVar[3]}=$k1;
{$aVar[4]}={$aVar[3]}+$k2;
 
for({$aVar[6]}=0; {$aVar[6]}<$iAddressLength; {$aVar[6]}++)
  {
  {$aVar[7]}=({$aVar[2]}.indexOf({$aVar[1]}.charAt({$aVar[6]}))+$k)%{$aVar[4]};
  {$aVar[5]}+={$aVar[2]}.charAt({$aVar[7]});
  }
 
document.write(unescape({$aVar[5]}));
 
HTML;
 
//  $iJavascript = str_replace(array(' ',"\n","\r","\t"),'',$iJavascript);
 
  return <<<HTML
<script type="text/javascript">
    <!--
    $iJavascript
    //-->
</script>
HTML;
 
  }
?>
 

Just include the EmailProtect function in your scripts and call it each time you need to protect an e-mail address :

 
 
... HTML ... <?=EmailProtect ('me@mail.com', 'Contact me'); ?> ... HTML ...
...
 

The code is available here.