Spam Safe Email Addresses?

Spam Safe Email Addresses?

For anyone who needs to put their email address onto a web site there is the constant threat of having the address picked up by the automatic email address harvesters employed by spammers. They then have the problem of being inundated by unwanted email.

The Center for Democracy & Technology produced a report (no longer online?) a few years ago on where addresses are the most vulnerable and what can be done about it.

Their main line of counter-attack is to convert the email address into something that, hopefully, the spammers' tools will not recognise. There tends to be three main approaches of which the report mentions the first two:

  1. Replacing the '.' and '@' characters with ' dot ' and ' at '. This is probably becoming less secure nowadays.
  2. Replacing all characters in the address with the &#nnn; format where nnn is a 3-digit decimal value of the character to be converted. Whilst far more secure than the first option, it would not be totally impossible to reverse engineer the information back into a usable address.
  3. The final option is converting the whole email address into a graphic. This is certainly the most secure option of the three. However, with the increasing amount of effort being put into cracking other security features such as CAPTCHAS even these can no longer be said to be 100% secure.

Even so, using any of the above must be better than exposing a plain email address to the world. Hello there.

This article shows how web sites using the PHP programming language can be used to implement any of these methods.

Character Conversion

Here we convert the email address into something that is still text but means that spammers need to do some hard work in order to get a valid email address out of it. It employs the following PHP function which can output the address in two formats or a combination of both according to the value sent in the $type parameter - this should be one of:

  1. Converts all characters to the &#nnn; format;
  2. Replaces @ with ' at ' and . with ' dot ';
  3. Does 2 and then 1.
<?php

function convertEmail ($email, $type)
{
  switch ($type)
  {
    case 2 :
    case 3 :
      $emailConv = str_replace (".", " dot ", $email);
      $emailConv = str_replace ("@", " at ", $emailConv);

      if ($type == 2)
        break;

      $email = $emailConv;
      $emailConv = "";

      // Drop through...

    default :
      for ($i = 0; $i < strlen ($email); $i++)
        $emailConv .= sprintf ("&#%03d;", ord ($email[$i]));
  }

  return $emailConv;
}

?>

Calling the function is simple, e.g.:

  $convertedEmail = convertEmail ("fred@bloggs.com", 2);

Because PHP files are processed at the server end, the plain email address sent to the function is never transmitted over the Internet. I have used this routine to display my email address on the contact page.

Converting To An Image

The function described here will convert any text (including email addresses) into an image, which is why it's called string2pic.

It would be quite difficult, though not impossible, for an email harvester to extract an address from an image so you can be quite certain that your email address is relatively safe. The only problem here is that legitimate users cannot copy and paste your address and, with long or complicated ones, there is always the possibility of mistyping.

However, for those that want to go this far, copy the following code into a separate text file and save it under the name emailpic.php. Replace the dummy email address with your own and change the colours and font size as required:

<?php

function string2pic ($str, $bgCol, $fgCol, $font = 2)
{
   // Calculate the image size from the string and font

   $width = 2 + strlen ($str) * imagefontwidth ($font);
   $height = 2 + imagefontheight ($font);

   // Create the image

   $im = @imagecreate ($width, $height);

   // Set up the background and text colours

   $bR = ($bgCol & 0xFF0000) >> 16;
   $bG = ($bgCol & 0xFF00) >> 8;
   $bB = ($bgCol & 0xFF);
   $bg = @imagecolorallocate ($im, $bR, $bG, $bB);

   $tR = ($fgCol & 0xFF0000) >> 16;
   $tG = ($fgCol & 0xFF00) >> 8;
   $tB = ($fgCol & 0xFF);
   $fg = @imagecolorallocate ($im, $tR, $tG, $tB);

   // Write the text to the image

   @imagestring ($im, $font, 1, 1, $str, $fg);

   // Return the image

   return $im;
}

// Output the image as a PNG file

print header ("Content-type: image/png");
imagepng (string2pic ("fred@bloggs.com", 0xFFFFFF, 0x003300, 5));

This function relies upon the GD (graphic) library being installed along with PHP (it is usually always installed with the later versions of PHP). If you are using a very early version of GD then you may need to output the image as a GIF in which case you should replace the last two lines with:

   print header ("Content-type: image/gif");
   imagegif (string2pic ("fred@bloggs.com", 0xFFFFFF, 0x003300, 5));

(Note that PHP versions 4.3.9 and later use a GD library that has reinstated GIF support as the Unisys patent has now expired.)

Now, whenever you need to display your email address on a web page (which needn't be a PHP page - plain HTML is fine) you can just use:

   <img src="emailpic.php"/>

And here it is displaying my address: This is an image containing my email address

Improving The Image

This is an alternate graphic version which can use True Type fonts in place of the limited built in ones. This will give you a much wider choice of font to use with the disadvantage that you must also supply the font file as well.

Here are a number of places that supply free TTF fonts:

As far as the code goes, the main difference is the use of slightly different graphic calls and the fact that a path to the TTF font and its size must also be sent to the function:

<?php

function string2picttf ($str, $bgCol, $fgCol, $font, $fontSz)
{
   // Calculate the image size from the string and font

   $txtSz = imagettfbbox ($fontSz, 0, $font, $str);
   $width = 4 + abs ($txtSz [2] - $txtSz [0]);
   $height = 4 + abs ($txtSz [5] - $txtSz [3]);

   // Create the image

   $im = @imagecreate ($width, $height);

   // Set up the background and text colours

   $bR = ($bgCol & 0xFF0000) >> 16;
   $bG = ($bgCol & 0xFF00) >> 8;
   $bB = ($bgCol & 0xFF);
   $bg = @imagecolorallocate ($im, $bR, $bG, $bB);

   $tR = ($fgCol & 0xFF0000) >> 16;
   $tG = ($fgCol & 0xFF00) >> 8;
   $tB = ($fgCol & 0xFF);
   $fg = @imagecolorallocate ($im, $tR, $tG, $tB);

   // Write the text to the image

   @imagettftext ($im, $fontSz, 0, 1, $height - 3, $fg, $font, $str);

   // Return the image

   return $im;
}

// Output the image as a PNG file

print header ("Content-type: image/png");
imagepng (string2picttf ("fred@bloggs.com", 0xFFFFFF, 0x003300, "fonts/arial.ttf", 11));

?>

Here's an example using the Camomile font: