E-mail addresses that cannot be harvested

I_M_

I'd really searched the web for a php script that would allow
me to give my e-mail address to visitors but not expose it to e-mail harvesters.
More specifically, vistor should be able to click
a link and their e-mail app. would start with my address filled in.
(You might have seen addresses written as foo at example dot com,
while this is very difficult to harvest, I don't like it as it is a bad
design solution.)

Well, I didn't find the php script I was looking after. So I decided to code it myself.
I'm new to php and the coding is sloppy, but I
think the following solution allows you to give out your address
without risking it being harvest by bots. I would like to know
what your opinions are - is this a good solution? Is there
anything missing? Here it is.

When I want to insert a mailto: link (<a href="mailto:"></a>), I write the following:

<?php include('displaysendto.php'); echo(DisplaySendTo('info','send e-mail','')); ?>

There's no magic here, DisplaySendTo() is a method in
displaysendto.php and it accepts three arguments (left to right):

'info': e-mail account on current domain. If you domain is
example.com and you specify 'info', the address would be info@example.com
'send e-mail': text between <a></a>. Here, you'd get <a>send e-mail</a>
'': value of the title attribute of <a>. Here, you would get title=""
[/list=1]
What does the echo statement above acctually print out?
Let's look at displaysendto.php.
```
<?php

// this function is an anti-spam measure. It it used to insert e-mail links (with mailto: as protocol)
function DisplaySendTo($account, $text, $title)
{
	$display = '<a href="sendto.php?email=' . $account . '" target="hiddenSendTo" title="' . $title . '">' . $text . '</a><iframe src="" name="hiddenSendTo" width="0" height="0" scrolling="no" frameborder="0"></iframe>';
	return $display;
}

// basically the same as above only this one is used for <area> inside a <map>.
// It prints only portions of the <are> so the calling code looks a bit strange
function AreaDisplaySendTo($account, $alt)
{
	$display = " href=\"sendto.php?email=" . $account . "\" target=\"hiddenSendTo\" alt=\"" . $alt . "\" />\n</map>\n<iframe src=\"\" name=\"hiddenSendTo\" width=\"0\" height=\"0\" scrolling=\"no\" frameborder=\"0\"></iframe>";
	return $display;
}
?>
```
Here, we have two functions.
DisplaySendTo() is used for the <a> tag, while AreaDisplaySendTo() is used when you have a <area> and want to use mailto:
inside <area>'s href attribute. The second function is called with a code similiar to this:
```
<map name="Map" id="Map">
  <area shape="poly" coords="113,137,82,168,119,209,149,183,155,186" <?php include('displaysendto.php'); echo(AreaDisplaySendTo('info','E-mail me!')); ?>
```
So if you use DisplaySendTo(), you'll get an HTML output like this:
```
<a href="sendto.php?email=info" target="hiddenSendTo" title="">send e-mail</a><iframe src="" name="hiddenSendTo" width="0" height="0" scrolling="no" frameborder="0"></iframe>
```
Use AreaDisplaySendTo() and your HTML will look like this:
```
  href="sendto.php?email=info" target="hiddenSendTo" alt="E-mail me!" />
</map>
<iframe src="" name="hiddenSendTo" width="0" height="0" scrolling="no" frameborder="0"></iframe>
```
If you check out displaysendto.php carefully, you'll see I include
a <iframe> in each method. Why? This
is the only way the browser will launch the user's e-mail agent
without sending the user to a new, blank page. The <iframe>'s
width/height are set to zero so they do not affect the layout.

Yeah, both functions open the file sendto.php (with php variable
$email) in the invisible <iframe> window. So let's look at sendto.php. (I found sendto.php somewhere on the net, but I have unfortunately forgot from where or who wrote it)
```
<?php
$domain = "example.com"; 

if ($_GET['email']) { 
  header ("Location:mailto:$email@$domain");
} 
else {   
  header ("Location:[url]http://www.example.com/[/url]");
} 
?>
```
Here, we specify our domain using $domain. So if $email is
info and $domain is example.com we naturally get
info@example.com. Duh 😉

If there is a $email
variable for sendto.php (i.e. sendto.php?email=info), the
script sends the visitor to a mailto page. If you check the code
in displaysendto.php, you'll see that sendto.php is opened in the
<iframe> called hiddenSendTo.

That's about it. There is no way an e-mail harvester can get your
e-mail (...I think). A drawback is that when the visitor hovers
over your link, they see a usual URL and not an e-mail link. E.g.
sendto.php?email=foo instead of foo@example.com. But this can easily
be fixed using javascript, I just avoided JS because some users
disable it.

Again, the code isn't the best but it should
give you an idea of how the script works. What's your opinion?

keywords: e-mail, spam, harvest, php, bot, spider, script