Email Obfuscation Checker

Is it possible thwart email harvesters by obfuscating email adresseses, such as by displaying them as <name[at]example[dot]com>?

Ever wonder how hard it is to decrypt such addresses? The answer? Very easy!

This site decodes email address that are encrypted using typical obfuscation methods. A few exampled are shown in the form below. You can edit the examples or replace them with other obfuscated addresses. Get cracking!

Show explanation

1. Obfuscated email addresses are trivially easy to decrypt

IThe original source for the script was found at http://jasonpriem.org/2009/05/stop-obfuscating-email. Additional decryption features were added to completely decrypted the popular "UnCryptMailto" script hosted at jumk.de/nospam/stopspam.html.

The "UnCryptMailto" script converts email addresses of the form <goofy@encryption.com> into <nbjmup;hppgzAfodszqujpo/dpn>. The site then provides the following dubious javascript, suggesting that it should be used in place of plain text email addresses on the victim's website:

<a href="javascript:linkTo_UnCryptMailto('nbjmup;hppgzAfodszqujpo/dpn');">goofy [at] encryption [dot] com</a>

Astute readers may already see several obvious patterns. Here are a few more 'obfuscated' addresses created with the UnCryptMailto" script, and color coded to help you quickly identify patterns.

Original Obfuscated
goofy@encryption.com nbjmup;hppgzAfodszqujpo/dpn
goofy2@encryption.com nbjmup;hppgz2Afodszqujpo/dpn
abcdefg@encryption.com nbjmup;bcdefghAfodszqujpo/dpn
1234567@abcdefghijhlmnop.com nbjmup;2345678Abcdefghijkimnopq/dpn
what@about-the-tld.net nbjmup;xibuAbcpvu.uif.ume/ofu
and@another.net nbjmup;boeAbopuifs/ofu
by-now@it-should-be-obvious.dude nbjmup;cz.opxAju.tipvme.cf.pcwjpvt/evef

Do you see it? Each and every character is incremented by one on the ASCII character table. A becomes B, B becomes C, etc. Decrypting this code is demonstrated in the below examples, where tests #13 and #14 are decrypted twice, once for the silly-looking label and once for the ASCII character shift.

2. Decryption algorithms are often publicly available

In the case of the popular "UnCryptMailto" script, the decryption algorithm is available at http://jumk.de/nospam/stopspam.html where every spam harvester is free to grab it. Actually, I wouldn't be suprised if that site is hosted or sponsered by spam harvesters in order to delude the foolish.

3. Decryption algorithms are sometimes pasted directly into the page they are intended to protect

This is probably one of the stupider ideas ever conceived. The theory seems to be that spam harvesters are outwitted by the need to view source code. The strategy of obfuscating the address relies on the concept of Security through Obscurity". According to this method, email addresses are preseumed safe as long as the 'bad guys' don't discover the decryption algorithm. This is why posting the decdription code directly into the page it is meant to protect is simply, ummmm... stupid.

For example, see the suggested directions at http://jumk.de/nospam/stopspam.html. The site advises its victims to add the following decryption algorithm to the head of their web pages—an awesomely stupid tactic, similar to hanging the key to a locked door onto the door itself.

BTW: The most significant line in this script is displayed in red. This is the heart of the obfuscation process, such as it is.

<script type="text/javascript"> <!--
    function UnCryptMailto( s )
    {
        var n = 0;
        var r = "";
        for( var i = 0; i < s.length; i++)
        {
            n = s.charCodeAt( i );
            if( n >= 8364 )
            {
                n = 128;
            }
            r += String.fromCharCode( n - 1 );
        }
        return r;
    }

    function linkTo_UnCryptMailto( s )
    {
        location.href=UnCryptMailto( s );
    }
    // --> </script>

4. Such decryption algorithms are trivial to find

Many naive website builders may use the same function names as publicly available code examples. This makes it trivially easy to find the orginal source by searching for matching function calls. Unsurprisingly, jumk.de/nospam/stopspam.html proves to be the top listed site in a Google search for UnCryptMailto, perhaps indicating that many email harvesters have been there before us.

5. Many obfuscation methods are not actual encryption algorithms

It only takes a few moments for a thoughful person to notice that the encryption algorithm in the "UnCryptMailto" script does nothing more than increment each ASCII character by 1. Bingo. Algorithm cracked. This is perhaps the most basic character-level encryption scheme ever devised, and is not worthy of the name. It is so blatantly inadequate that it is sometimes presented in introductory cryptography classes to demonstrate what not to do precisely because so many obvious patterns are created.

6. Nothing more (actually 12 less) than ROT13

ROT13 ("rotate by 13 places") is a simple letter substitution cipher that replaces a letter with the letter 13 letters after it in the alphabet. ROT13 is an example of the Caesar cipher, developed in ancient Rome. In the basic Latin alphabet, ROT13 is its own inverse; that is, to undo ROT13, the same algorithm is applied, so the same action can be used for encoding and decoding. The algorithm provides virtually no cryptographic security, and is often cited as a canonical example of weak encryption. For more on ROT13, see http://en.wikipedia.org/wiki/ROT13

7. Such schemes are trivially easy to guess using character location patterns

The fourth character from the end of many email addresses is a period (.). In the "UnCryptMailto" script this location always contains a slash (/), an obvious pattern. The slash character is exactly one ASCII character higher than the period. Bingo. Algorithm cracked.

8. Such schemes are trivially easy to guess using group character patterns

Recurring groups of characters are an easy starting point for cracking any encryption scheme. There are several patterns that keep recurring in "UnCryptMailto" addresses. For example they all begin with "nbjmup". Not surprisingly, each of the characters in this string is exactly one ASCII character higher than the characters in the string "mailto". Bingo. Algorithm cracked.

9. Such schemes are vulnerable to artificial pattern testing

Go to jumk.de/nospam/stopspam.html and enter a very obvious pattern such as <aaaa@bbbbbb.com>. The predicted result will be <nbjmup;bbbbAcccccc/dpn>. Bingo. Algorithm cracked. Don't be fooled by the characters at the start of the text. That's just "mailto:" with each character incremented one ASCII number to create, "nbjmup;". "m" becomes "n", "a" becomes "b", "i" becomes "j", etc.

Enter obfuscated addresses

Valid addresses decoded