I'm trying to add my email address to my homepage so that spam bots can't see it. Somewhere on stackoverflow I found the solution to write the address reverse:
<span class="reverse">moc.liam@esrever</span>
<style>
.reverse {
direction: rtl;
unicode-bidi: bidi-override;
}
</style>
But so that users still can interact with a mailto-link I've got the following code:
<a href="moc.liam@esrever:otliam" class="reverse"><i class="icon-envelope"></i></a>
<script>
$('body').on('mouseenter', '.reverse', function() {
$(this).attr('href', $(this).attr('href').split('').reverse().join(''));
});
$('body').on('mouseleave', '.reverse', function() {
$(this).attr('href', $(this).attr('href').split('').reverse().join(''));
});
</script>
Is this a secure method to hide your email address to spam bots or do they trigger the mouseenter event as well?
A "generic" spambot that triggered events in order to harvest email addresses would have to feed the page into basically a headless browser, somehow determine what might be JS-obfuscated email content and then blindly try to emulate the user interaction that deobfuscates the interesting data.
This is an enormous amount of work for possibly no benefit and no spammer would ever consider doing it.
What they would do instead if they were really interested in harvesting your site is figure out how your protection works (hey, it's just written in reverse) and just special-case the spambot to unscramble the data manually.
This type of protection scheme should be more than enough as long as you are too small to be worth targeting, but the downside is that website visitors that do not use JavaScript are going to have a hard time.