Permlink Replies: 1 - Pages: 1 - Last Post: 27 Oct 23, 19:45 Last Post By: JeffTucker

Posts: 54
Registered: 18-Jun-2010
Hiding mail addresses in albums
Posted: 11 Sep 23, 19:56
  Click to reply to this thread Reply

I'm posting this topic here because I'm using Tiger, and the solution works in Tiger, but I don't mind moving it to "General".

I usually place my email address as a link in the page footer and in the album information window, it's convenient for visitors. I realized today that this email address was present in clear text in the source code of the page and was "offered" to spambots :-(

So, I decided to encode my email address in my albums. Google showed me different possibilities:

  • encode the address by replacing some text by special characters, like "mailto:foo(at)boo(dot)com" or "". I think that today, with the computing power available to spammers, that they can easily interpret the html and break such encoding, which makes this solution ineffective.
  • I have seen solutions using CSS to recompose the email address on the screen (and in the links) without having the address in plain text in the source, but I found this approach a bit cumbersome.
  • I saw (and adopted) a simpler solution with a little bit of Javascript: it uses links encoded in rot13 (see for example
If you want to set this up, here is the procedure to follow:

  • You must first encode the mailto link in rot13 with an online encoder like For example, "" becomes "znvygb:sbb@obb.pbz"
  • Then add the following code in the album settings in the Advanced / Custom code / Javascript section, reporting the encoded mailto link:
function decode(a) {
  return a.replace(/[a-zA-Z]/g, function(c) {
    return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26);
function openMailer(element, repl) {
  var ra = decode("znvygb:sbb@obb.pbz"); // Place here the encoded mailto link
  element.setAttribute("href", ra);
  element.setAttribute("onclick", "");
  if (repl) { element.firstChild.nodeValue = ra.replace("mai"+"lto:", ""); }

  • Use this link in the Site / Footer / URL section, in place of a mailto link:
href="#" onclick='openMailer(this);

Additionally, I use the link below in the album information box. Using the 2nd parameter of openMail allows to replace at screen "click here" by the real mail address when the link is clicked.
Contact: <a id="email" href="#" onclick='openMailer(this, 1);'>click here</a>

It's done ! That way, the links works as expected, but the email address is no present in the code source of the page! :-)

Now, maybe jAlbum and/or Tiger can help us improve this subject?

Edited by: phil44 on 11 Sep 2023, 20:37. Reason: reformatting

Edited by: phil44 on 21 Sep 2023, 18:45 Add missing call to openMailer in the last example

Edited by: phil44 on 27 Oct 2023, 19:43: Fix url which had a space in it, leading to 404 error.

Posts: 8,208
Registered: 31-Jan-2006
Re: Hiding mail addresses in albums
Posted: 11 Sep 23, 20:49   in response to: phil44 in response to: phil44
  Click to reply to this thread Reply
I haven't found it necessary any longer to disguise my email address on my site. I think the spammers are mostly using other techniques to acquire email addresses. For a common domain like, for example, they can just try every combination of letters and numbers, and keep track of the ones that don't bounce. And gmail filtering is now good enough that you can mostly just let it do its thing. Sure, I get a few dozen messages a day in the "junk" folder on my gmail account, but who cares? The stuff pretty much never lands in my actual inbox.

When using an email address on my own domain/host, I took a simpler approach. Let's say that my real email address is On my host cPanel, I can create a forwarder without actually creating a POP email account. So, in seconds, I can create a forwarder that forwards all mail for to my real email address. Then I post that address on my site. If I get any mail addressed to it, it forwards to my real email address, but the headers show me that it got there via that route. If the address starts getting spam, just delete the forwarder and create a new one for

When using that technique, I almost never actually had to change the phony address on the site. The spammers were never scraping it, and it virtually never got any spam.
Forum admins
Helpful Answer
Correct Answer

Point your RSS reader here for a feed of the latest messages in all forums