Thanks a bunch for the code Walt. I am using it on a client's site.

Reason why I use YOUR code vs the one above is:
My code takes the same first part of the e-mail. Ex: "something"@domain.com where I say the first part = something, it also displays the e-mail address text as "something". So if I wanted to have <a href="mailto:something@something.com">And say something other than something@something.com</a> I would have to use YOUR code.

My code would only work good for:
I hope you can understand the differences.

This is great info, thank you for putting it together. Does this still allow someone to click on the address and launch their email client?

Yes it does. Both versions "work."

Of course. Otherwise it would be useless

The browser will take the code and translate it into the exact code you would have used had you used the email address itself. If you'd like to see it, go to http://wildeware.com and look at the contact page. View the source for the page and try clicking the link. You'll see it operate as you expect, but you won't be able to find the email address. It's part of the javascript in the source. Try various ideas on a test page of your own making.

great stuff!

What about a script to hide from not only spambot but also human? The few scripts I have found on the Internet do not realy HIDE e-mail address. They only SCRABLE e-mail address in one way or the other.

A few years back, I visited a web site and sent an e-mail to the webmaster. When I clicked on the "e-mail me" button, a form poppd up, I wrote a comment and clicked the "send" button. The e-mail was sent but I had no clue to where it was sent. I viewed the source of the form but still saw no e-mail address.

How is this done?

Hello Zhou,

This is not as complicated as it seems, it's just that the email / contact us form is using server-side scripting to process the input.

The email address to send the information to is stored inside the server-side script, so you never actually get to see it on a web page no matter how much you look.

But unless the email address is encrypted on the server, bots will still get it even though you can't. Plus with the latest changes to browsers it's getting harder to use a form for emailing. You almost have to have a formmail cgi script available.

I am not sure spam-bots can get to your email addresses even if they're unencrypted on the server. If it's possible, I cannot imagine how this can be done - maybe you need to explain how this 'vulnerability' can exist in these kinds of situations?

The same way a program can find all the files that contain a specified text string over your entire hard disk.

• find a server
• start at the root directory
• open each file in each directory
  • search file for the character @
  • if found
    • check characters before @ for legal email characters A-Z, 0-9, ., etc
    • check characters after @
    • store everything found
• continue search for another server