Topics Covered in This HTML & CSS Tutorial:
The Mailto Protocol for Email Links, Why You Should Avoid Mailto, Using JavaScript to Obfuscate an Email Link
Exercise Preview
Exercise Overview
In this hands-on exercise, you'll master creating functional email links that actually protect your inbox. While basic mailto links seem straightforward, they're a beacon for spam harvesters. You'll learn not only how to implement standard email links, but more importantly, how to deploy JavaScript obfuscation techniques that keep your contact information accessible to humans while remaining invisible to automated spam bots. This dual approach ensures professional functionality without compromising security.
Exercise Workflow
Setup Files
Open the Revolution Travel Contact folder and locate contact.html file in your code editor
Create Basic Email Link
Add a standard mailto link using the hello@revolutiontravel.com email address
Implement Protection
Replace the basic mailto with JavaScript obfuscation code to prevent spam harvesting
Customize Settings
Configure the email variables and add a custom subject line for better user experience
Creating an Email Link Using the Mailto Protocol
- We'll be using a new folder of provided files for this exercise. Close any files you may have open in your code editor to avoid confusion and maintain a clean workspace.
- For this exercise we'll be working with the Revolution Travel Contact folder located in Desktop > Class Files > Web Dev Class. You may want to open that folder in your code editor if it allows you to (like Visual Studio Code does), as this will give you better file navigation and project context.
- Open contact.html from the Revolution Travel Contact folder.
- Preview contact.html in a browser to see what we have so far. Notice the existing structure—we'll be enhancing the contact section toward the bottom of the page with a professional email link.
Towards the bottom, add the email address for visitors to see. This creates the foundation for our contact method:
<p> <strong>Email:</strong><br> hello@revolutiontravel.com </p>While this displays the email address for visitors to see, it's merely static text. We want to transform this into a functional link that launches the user's default email application with the address pre-populated, streamlining the contact process.
The mailto protocol is the web standard for launching email applications from hyperlinks. Transform your static text into a functional email link by wrapping it with the appropriate anchor tag:
<p> <strong>Email:</strong><br> <a href="mailto:hello@revolutiontravel.com"> hello@revolutiontravel.com</a> </p>- Save the file and preview contact.html in a browser to test the functionality.
Click on the email link. If the system is configured properly, it should launch the default email application with a new message addressed to the specified recipient. Users without configured email clients, or those who prefer web-based email services like Gmail or Outlook.com, will still see the address displayed on the webpage for manual entry.
Now that you understand the basic mailto implementation, let's address a critical security concern that every professional web developer must consider.
The mailto protocol relies on the user's computer having a configured email program. Users with web-based email like Gmail may not see the link function as expected, but they can still view the email address on the webpage.
Email Display Methods
| Feature | Plain Text | Mailto Link |
|---|---|---|
| User Experience | Manual copy-paste required | One-click email opening |
| Functionality | Static display only | Interactive launching |
| Accessibility | Always visible | Requires email program setup |
| Spam Protection | Minimal protection | Easily harvested by bots |
Creating a Spambot-Resistant Email Link
Here's the reality every web professional faces: mailto links are incredibly vulnerable to automated spam harvesters. These bots systematically crawl websites, extracting email addresses and adding them to spam databases. Within days of publishing a mailto link, you may notice a significant increase in unwanted email traffic.
The solution lies in JavaScript obfuscation—a technique that breaks apart the email components in the source code and reassembles them dynamically. This approach renders the email address invisible to simple text-parsing bots while maintaining full functionality for legitimate users. The script essentially fragments the mailto protocol and email address into seemingly unrelated variables, then reconstructs them when the page loads. Modern spam harvesters rarely possess the sophistication to execute JavaScript and piece together these fragmented elements.
Professional developers have numerous approaches available—from custom scripts to online generators. The key is finding a balance between security and maintainability that fits your workflow.
- We've provided a robust JavaScript solution that you can adapt for any project. Return to your code editor and open spam-proof-email.html from the snippets folder (located within the Revolution Travel Contact folder).
- Select all the code using Cmd–A (Mac) or CTRL–A (Windows).
- Copy the entire script using Cmd–C (Mac) or CTRL–C (Windows).
- Close the snippet file to return focus to your main working document.
- You should now be back in contact.html with your basic mailto link visible.
- Select the entire email link you created earlier and paste the JavaScript code over it, replacing the vulnerable mailto with our protected version.
Customize the script for your specific email address by changing the placeholder text. Update 'your-name' to hello and 'your-domain' to revolutiontravel as highlighted below:
<p> <strong>Email:</strong><br> <script> var eDone = 'hello'+'@'+'revolutiontravel'+'.'+'com'; var eSubject = ''; // optional document.write('<a '+'hre'+'f="mai'+'lto:'+eDone+'?sub'+'ject='+eSubject+'">'+eDone+'</'+'a>'); </script> </p>Professional email links often include pre-populated subject lines to help organize incoming inquiries. The mailto protocol supports this through the ?subject= parameter, and our JavaScript preserves this functionality. Add a professional subject line by inserting Travel Inquiry between the quotes:
var eSubject = 'Travel Inquiry'; // optionalSave your changes and preview contact.html in a browser to test the enhanced functionality.
Click the email link to verify it operates identically to the basic mailto version—but now with significantly better spam protection. Notice how the email application opens with the custom subject line Travel Inquiry already populated, creating a more professional user experience while maintaining security.
Email harvesters are automated programs that scan websites specifically looking for mailto links and email addresses. These bots can quickly extract your email and add it to spam databases, resulting in increased unwanted messages.
JavaScript Email Obfuscation
JavaScript Implementation Process
Copy Base Script
Open spam-proof-email.html and copy the complete JavaScript code template
Replace Mailto Link
Paste the JavaScript code over your existing mailto link in contact.html
Configure Variables
Edit 'your-name' to 'hello' and 'your-domain' to 'revolutiontravel' in the script
Set Subject Line
Add 'Travel Inquiry' to the eSubject variable for pre-filled email subjects
Test Functionality
Save and preview in browser to verify the email link works with custom subject line
JavaScript Email Protection Features
Variable Obfuscation
Breaks email addresses into separate variables that spambots cannot easily piece together. Uses nonsense variable names to confuse automated scanners.
String Concatenation
Combines email parts using JavaScript operators rather than displaying the complete address in HTML. This technique hides the full email from source code inspection.
Dynamic Generation
Creates the mailto link programmatically when the page loads rather than hardcoding it in HTML. This prevents static analysis by harvesting tools.