Here’s a trick you can use to improve the quality of messages that arrive in your general inquiry mailbox. As the person who triages ours, anything to improve it is worth the effort.

Most spammers harvest their addresses using bots that just parse your site’s html and apply some simple regex to determine what looks like an email address. This is why people do ‘clever’ things like changing the ‘@’ to ‘at’ or put spaces around it, etc. While this might work, I think it looks rather unprofessional; it shows you are lazy. And do you really think the people writing the kits for these harvesting script don’t know these tricks?

A better solution is to obfuscate the email from the bots, and display it in the browser (to humans). Here is what we do on our site:

<p class="office_contact">
  <span>Email: <script type="text/javascript">eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%69%6e%66%6f%40%7a%65%72%6f%66%6f%6f%74%70%72%69%6e%74%2e%6e%65%74%22%3e%69%6e%66%6f%40%7a%65%72%6f%66%6f%6f%74%70%72%69%6e%74%2e%6e%65%74%3c%2f%61%3e%27%29%3b'))</script></span>
</p>

The magic here is that email address is displayed only to things that are running a javascript engine — and most spam bots don’t. At least currently. This is a classic arms race problem where this too will be pointless in a couple years, but for now its a working solution.

Right around now is the time the geeks reading this say something like ‘JS is unsecure! I never have it turned on due to a crazy high level of paranoia I operate on!’. Okay, sure. I bet you are also ‘experiencing’ the web without cookies too. But fine. Here is something for you too to at least indicate that there is something you are missing. Well, a lot of somethings, but this something specifically.

<script src="/javascripts/jquery-1.3.2.min.js" type="text/javascript"></script>
<p class="office_contact">
  <span>If you had Javascript turned on, you would find out how to contact us</span>
</p>
<script type="text/javascript">
  var email = unescape('%3C%61%20%68%72%65%66%3D%22%6D%61%69%6C%74%6F%3A%69%6E%66%6F%40%7A%65%72%6F%66%6F%6F%74%70%72%69%6E%74%2E%6E%65%74%22%3E%69%6E%66%6F%40%7A%65%72%6F%66%6F%6F%74%70%72%69%6E%74%2E%6E%65%74%3C%2F%61%3E');
  $('.office_contact span').html('Email: ' + email);
</script>

As for how you get the magic bit of encoding, well, I used this JavaScript ASCII Converter. Just put in your string in the first field and change the delimiter to %. (You will also need to add a % to the beginning of the encoded string.)