A simple anti-spam email link obfuscator in JavaScript for your webpages, by Andreas Neudecker.
Contributed language versions: Java (B. Bergenheim), CFML (A. Hope), PHP (R. Offermanns), ASP (F. Mavituna), Python (A. Neudecker).
Version 0.5.2

[English] [Deutsch]

Spam-me-not Documentation


You want no spam in your mailbox?

You are not alone. Email used to be just the perfect replacement for snailmail: direct, fast, cool. But today, spam has become so ubiquitious that many citizens of cyberspace find that up to 90% of their daily emails are spam or - the technical term - "unsolicited bulk email (UBE)". But how do these spammers get your email address anyway?

The email address sources of the spammers

A recent study of the Center for Democracy & Technology (CDT) uncovered some interesting information: As you may have guessed already (especially if you have your own homepage) in most cases spammers find addresses for their huge collections on webpages. Of course they do not visit your page and copy the address to their files. They use specialised search robots that, similar to the web search engines you know (Google, Altavista, Alltheweb, ...). They filter email addresses out of the pages automatically and ad them to the address databases used by the spammers. Also, once in a database, addresses will often be sold to other spammers and added to more databases.

The CDT's report on their research:

Why Am I Getting All This Spam?
Unsolicited Commercial E-mail Research Six Month Report

Since you are interested in reducing the spam arriving in your inbox, your address is probably out there somewhere already. So does that mean you are lost? Certainly not. There are measures to reduce the spam in your mailbox:

  1. Don't give your private or office email address away on websites when signing on for a free service. Always use a seperate address for such purposes (free email services are perfect for this).
  2. When signing in or filling order forms on the web check for "smallprint" options that say you are willing to receive advertising emails by the company you are dealing with and/or 3rd party. Deny this always!
  3. Never use the "option" to sign-out of a spam mailing you received. Your reply will only confirm to the spammer that your email address is active and he often will sell it as "confirmed" and "opted-in" address.
  4. Use spam filters on the mail server, if you can (Spamassassin is a wellknown free and open-source tool for this).
  5. Use spam filters in your email client program (Mozilla Mail has a very good one! See for details + download)
  6. do not publish your email address in a way robots can easily harvest.

Spam me not!

But how can you do this? You need to publish your email address for potential customers, business partners, employers or friends? This is where Spam-me-not comes in. This little JavaScript encodes and thus "obfuscates" your email address so that spammers cannot easily harvest it from your web pages with their search robots.

How do I use it?

JavaScript is only needed for encoding your email with this program. It is NOT needed for the pages where you want to publish the encoded addresses.

Do not encode the html tags or else it will not work.


This source code

will be displayed in a browser as:

Check the source code of this page, too. And the JavaScript "spam-me-not.js".

Does it really work? And why?

If your email address is already in the hands of spammers, this tool will not help much (though the report mentioned above states that the amount of spam will indeed decrease). You obviously need a spam filter (like spamassassin, e.g.). But if you are publishing the email address on your webpages for the first time, you will want to stop the spammers from getting your new address. Of course, one could always copy + paste the email address from the browser window. But spammers need millions of addresses. So they use robots (i.e. specialised search enginge software) that will search the web for email addresses. Usually the easiest way will be to look for "@" in the webpages, maybe for <a href="mailto:". With your email encoded neither is in the sourcecode of the webpage.

Of course it is possible that a spammer's email search robot decodes the number codes for the characters. But seemingly this is not yet common among these robots. So, for the time being, it will help a lot.

To make it harder, I am using a random mixture of decimal and hexadecimal notation of the codes so that only a robot that decodes both types can solve the puzzle and find the email addresses.

[2003-09-28] The Workgroup of Theoretical Biology at the University of Bonn is using obfuscated email addresses for approx. 9 months now. The level of incoming spam has remained quite low, even for my own address that used to be online unscrambled for quite a while before. Of course there are always some spams where the email addresses used have been generated randomly or using name lists. -- I would appreciate to hear of your experiences with obfuscated email addresses.

Also recent legislative, like the DMCA in the US or "Paragraf 52a" of the new version of the German "Urheberrechtsgesetz" (laws I detest in this form and strongly oppose because they can strangle free speech, research and fair and open business competition), these bad laws can actually help us in prohibiting anybody in those countries to use any means to decode our encoded email, as our webpages are copyright-protected work and any tool to decode our copy-protection on this work (however simple or stupid this encoding might be), here namely the email, is illegal and can be prosecuted. Cute! ;-)

Why yet another email obfuscator tool?

1st I wanted a platform-independent solution (i.e. it should work with Linux, Windows, MacOS etc.). 2nd I was not content with the JavaScript Encoders I found. One actually had an endless if/else-chain for all the letters + ciphers to encode them, an other one only provided decimal code for a javascript-generated link. Others did not encode some characters. 3rd I wanted to refresh my JavaScript knowledge (not having written much lately).

I wanted the resulting code to work without JavaScript. In fact, it even works with non-graphical browsers. I checked with elinks, w3m and lynx as well as with standard graphical browsers, namely Mozilla 1.x/Netscape 6.x, Opera 6.x, Internet Exploder 5.x.

Contributed versions in diverse languages

All versions are included in the download archive.


Björn Bergenheim let himself be inspired by my little JavaScript and wrote a Java version of Spam-me-not for server-side use. He sent it to me for publication on this site. Thank you, Björn!


This version was contributed by Adam Hope. Thanks, Adam! CFML is, by the way, Macromedia's "ColdFusion Markup Language". You can download it here.


Ralf Offermanns kindly provided a PHP version. Thanks, Ralf.


I am working on a Python version that will be able to encode all email addresses in one or more HTML files, or recursively in all HTML files in a directory. For a start, here is a working alpha version.


Ferruh Mavituna has done an ASP version that is available on his homepage, but he also contributed it to this project. So it is in the download archive, too. Thanks to you, too, Ferruh.

Other programming languages

If you have a version written in a different langauge, I would happily add it to the collection (preferably licensed under the GPL).

Download Spam-me-not

You can download Spam-me-not as a ZIP archive. This archive contains the HTML and CSS files, the JavaScript program and as the other language versions.

Spam-me-not License

Spam-me-not is published under the GNU General Public License (GNU GPL), version 2 or later. This basically means: copying is alright. Changing it is alright as long as you provide the source and give credit to the original author(s). This is currently also valid for the contributed language versions (Java, CFML, PHP, Python. The Java version is additionally licensed under the BSD license and you are free to chose which one you prefer.

Contact me

If you find a bug or have any questions about this little utility please contact me by email at In case of a bug report, please do not forget to include the version of Spam-me-not you were using, as well as operating system (+ version) and browser (+ version). Thank you.

Copyright © 2003 by Andreas Neudecker. The original URL of this page is