Hide your Email Address from Spammers with Escape Code

There is nothing worse than having your email inbox fill up spam just after you set it up. You need to post your email address on your blog/webpage so that readers/customers can contact you. How can you prevent the spammers from getting it while allowing legitimate users access? WordPress plugins and scripts that use CAPTCHAs are one way. However, they are not so easy to implement on non-PHP pages. And, some CAPTCHA critics claim they deter legitimate users.

Spambots harvest email address from your webpage’s source file. Spambots don’t have eyes! They look for email addresses in your code such as:


One way to cloak an email address is to ‘escape it’ using an encoder. The email address above then becomes:


We are not done yet because a browser needs an ‘unescape’ script to reconstitute the email address. It looks like this:

<code><script language="javascript">document.write( unescape( '%6A%6F%68%6E%40%6D%79%73%69%74%65%2E%63%6F%6D' ) );</script></code>

What have I done? I have put the escaped string in a set of quotes, wrapped that inside a built-in unescape() method, and then wrapped it all in a document.write() method.

Lost? Don’t worry. It’s easy. Go to this page and escape your email address. Then, follow the directions on the page or put it between the single quotes here:

<code><script language="javascript">
document.write( unescape( '' ) );

You can even escape an entire mailto link.

It will look like this:

<code><script language=javascript>document.write( unescape(  %3C%61%20%68%72%65%66%3D%22%6D%61%69%6C%74%6F%3A%6A%6F%68%6E%40%6D%79%
73%69%74%65%2E%63%6F%6D%22%3E%45%6D%61%69%6C%20%4A%6F%68%6E%3C%2F%61%3E' ) );</script></code>

Put the code into your template (HTML). Then, your browser will display it like this:

Email John

As far as I know, spambots cannot read escape code. Not yet anyway!