It's pretty common to see obfuscated email adreses on the web: me@example.com becomes me[at]example[dot]com. But does it work? How hard is it for spambots to translate munged email addresses?
Really, really easy. It took me (a rank javascript novice) a few hours and ~50 lines of code to automatically decode the vast majority of text-based obfuscations. To try out your own obfuscation, type it in the live demo below.
For more on this, read my blog post on why you shouldn't obfuscate email addresses
deObfuscate = function(text) { // decode html entities text = text.replace(/\w{1,3};/g, decodeEntity); //remove tags text = text.replace(/<[^>]+>/g, ""); // find the "dot" text = text.replace(/\W*\.\W*|\W+dot\W+|\W+d0t\W+/gi, "."); text = text.replace(/([a-z0-9])DOT([a-z0-9])/g, "$1.$2"); text = text.replace(/([A-Z0-9])dot([A-Z0-9])/g, "$1.$2"); //find the "at" text = text.replace(/\W*@\W*|\W+at\W+/gi, "@"); text = text.replace(/([a-z0-9])AT([a-z0-9])/g, "$1@$2"); text = text.replace(/([A-Z0-9])at([A-Z0-9])/g, "$1@$2"); // get rid of obfuscating phrases; if the offending phrase includes the "at" or "dot," we // have to put that back. text = text.replace(/[_\W]*n[_\W]*(o|0)[_\W]*(s|5)[_\W]*p[_\W]*a[_\W]*m[_\W]*/gi, function(match){ if (match.indexOf(".") > -1) return "."; if (match.indexOf("@") > -1) return "@"; return ""; }); //decode simple javascript fromCharCode obfuscations text = decodeJs(text); return text; } // this only works on really naive js obfuscations; tacks decoded emails on the end. decodeJs = function(text) { decoded = ""; if (! (m = text.match(/fromCharCode\((.+)\)/))) return text; points = m[1].split(",") //only reads the first email; one could iterate to be more thorough for (i=0; i-1) ? parseInt(codePoint.slice(1), 16) : codePoint; return String.fromCharCode(decCodePoint); } writeEmails = function(cleanText) { var str = ""; emails = cleanText.match(/\w+@\w+\.(com|org|biz|gov|edu)\b/ig); if (!emails) return false; for (i=0; i " + emails[i] + ""); } $("#results ul").empty().append(str); } $(document).ready(function() { $(" ").appendTo("#results"); // empty ul doesn't validate setInterval("writeEmails(deObfuscate($('textarea').val()))", 200) $("a.show-hide").click(function() { if (this.innerHTML == "(show the code)") { $("pre").slideDown(); this.innerHTML = "(hide the code)"; } else { $("pre").slideUp(); this.innerHTML = "(show the code)"; } }); });