Munger - Hide your email from spammers



Disclaimer expressly disclaims any warranty for the Munger. This software and related documentation is provided "as is" without any warranty of any kind, either expressed or implied, including and without limitation, the implied warranties or merchantability, fitness for a particular purpose, or non infringement. The entire risk arising out of use or performance of the Munger remains with you.

In no event shall, its representatives, or suppliers be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or any other pecuniary loss) arising out of the use of or inability to use this product.

Frequently Asked Questions (FAQ)

I use a WYSIWIG web editor (such as Dreamweaver, FrontPage, PageMill, Microsoft Word, etc.) How do I insert the Munger code in my editor? does not offer technical support for individual WYSIWIG (What you see is what you get) web editors.

Most WYSIWYG web editors have an option either to work in a "code window" (as opposed to a "design" or "layout" window), or an option to insert a "custom" tag. See if you can find and use these options. You may wish to contact technical support for your specific product, or ask in a user discussion group or forum devoted to your product.

Code for the Munger can also be manually entered outside the WYSIWYG editor using a text editor such as Notepad, SimpleText or vi (depending on your operating system).

Can I use the Munger to link an email address to a button or other graphic?

Yes. Copy the HTML img code that displays the button into the "Link text" field. For example, the image code to display a button might look something like this:

<img src="graphics/contact.gif" height="20" width="100" alt="Contact us" />

Copy everything from (and including) the "<" through the ">" into the "Link text" field. If your button has rollover events (onmouseover, onmouseout), copy those into the Link text field as well.

Special note: If a visitor to your website has disabled JavaScript, your button will not be displayed. Therefore, you should probably include your button in a <noscript></noscript> tag so that even visitors who have disabled JavaScript will still see the button (even though it will not function). If you have an alternative contact form, you should link the <noscript> button to it. At a minimum, you should probably use a link with a title attribute to indicate to these visitors that they must enable JavaScript to use the email function. A <noscript></noscript> tag might have this format:

<noscript><a href="#" title="Email links are not available because JavaScript is disabled."><img src="graphics/contact.gif" height="20" width="100" alt="Contact us" /></a></noscript>

What is munging? Why should I do it?

Unsolicited commercial email (UCE), also known as spam, is a serious problem. Many businesses use unscrupulous practices to add email addresses to mailing lists. One of these tactics is address harvesting. This involves using automated tools (called "address harvesters" or "spiders") to retrieve web pages and extract email links from the text. (This is similar to the techniques that search services like Google use to index web pages.)

"Munging" refers to any of several techniques to conceal email addresses from possible spammers.

There is an excellent detailed discussion of munging at the Project Honeypot site. Project Honeypot is an anti-spam initiative designed to trick address harvesting programs by feeding them specially-flagged phony email addresses.

How does the Munger work?

The Munger has two parts. The first part -- this page -- scrambles your email address into a specific format. The second part -- which you must insert into your web pages -- descrambles the address. JavaScript is used to rewrite the descrambled email address into your page. The link functions normally for your visitors, but the email addresses are only stored a scrambled form that address harvesters can't identify.

The email link is visible! Can't spammers just load the page manually and read it?

Yes. If you have an email address that you're trying to completely hide from spammers, you might not want to use that address on a page. However, the economics of spam rely on low costs to the spammer -- because the margin is slim, and returns get smaller and smaller as more people wise up. It's cheap to write or buy an address harvesting program; it's another thing entirely to pay someone to sit and load web pages all day long. In general, spammers are highly unlikely to load your page, read it, and store your email address.

I'm already getting a lot of spam mail delivered to my domain. Will this help?

In the short term, no. If your address is already on spam lists, you will continue to get spam. I don't expect you will see any immediate improvement.

In the long run, probably. The utility of an email address list decreases sharply over time as people change their emails. If you use Munger, your email address will not continue to be indexed. Eventually the volume of spam you receive should decrease as spammers purchase and use new lists that no longer include your address.

Can I reduce the amount of spam I get by changing my email contact?

Yes. For example, if you currently have an email link to "," we can set up a new alias using the Munger, for example ""

However, there are a couple of concerns you should be aware of:

I have the same email address links on several different pages. Do I need to use the Munger for the links on each page?

No, you can use the Munger once to generate the code, then insert it into as many web pages as you need to.

What if I have more than 5 different email addresses on a single page?

Munge the first five addresses to start with, and insert the code into your web page as specified. Then munge your additional address, but change the numbers 0 through 4 to 5 through 9. For example, change a[0] to a[4], b[0] to c[4], c[0] to c[4], and n[0] to n[4].

Can I use the Munger from other web sites? Can I keep using the Munger if I terminate my contract with

No. This feature is offered only to current customers, and only for web sites hosted directly on's servers.

What if a visitor to my web site has disabled JavaScript? What about accessibility/Section 508?

If JavaScript is disabled, or if your visitor is using technology designed to assist the visually impaired, such as a Braille device or screen reader, the email address will not be displayed. Instead, the contents of the <noscript></noscript> tag will be presented. It is important to ensure that your visitors will be able to interpret this information, but you may want to be cautious about the format you use to present it.

For example, when address harvesting first became an issue, some web designers responded by formatting addresses as myname -at- mydomain. Unfortunately, as soon as this technique became common, address harvesters were modified to identify addresses in this format, swiftly reducing its effectiveness.

The Munger creates a <noscript></noscript> tag by default that uses an alternate representation of the characters in your email address. For example, the character "@" will be replaced in your web page by &#64;. This format should be difficult for most address harvesters to extract, but it is not totally secure. You may want to customize the <noscript></noscript> tag, especially if you are linking your email address to a graphic. Other possibilities for <noscript></noscript> including simplying displaying a message to your visitors:

<noscript><p>Email links are not available because JavaScript is disabled.</p></noscript>

or providing a link to a page on your web site that provides another means of contacting you (such as a comment form):

<noscript><p>To contact us, please use the <a href="comments.html">comments form</a>. </p></noscript>

Please note, as discussed in the disclaimer, that you assume all risk from the use of this software, including (but not limited to) any potential damages arising from interrupted or failed communication attempts.

I already use JavaScript on my site. Can I still use the munger?

Yes, however, your JavaScript may not use variable or function names required by the script. Specifically, you cannot have a variable or function named a, b, c, d, e, m, n, or o.

My page fails validation after I insert your code. How can I fix that?

Strictly speaking, a <noscript></noscript> tag should not appear in a block-level element like a paragraph, so if you have an email link embedded in a paragraph, you may get validation errors. In practice, mainstream browsers allow this error, and has attempted to simplify the Munger process to meet the needs of clients with varying degress of technical knowledge.

If your site requires strict validation, there are two techniques you can use.

  1. Include the relevant block-level element in both the <script> and <noscript> tags, e.g.:

    <script type="text/javascript">document.write("<p>Email us at " + n(0) + " for more information</p>");</script>
    <noscript><p>Email links are not available unless JavaScript is enabled. Please use our <a href="cgi-bin/contact.cgi">contact form</a> to submit an inquiry.</p></noscript>

    A visitor with JavaScript enabled will see the text in the <script> tag: "Email us at for more information."

    A visitor with JavaScript disabled will see the text in the <noscript> tag instead: "Email links are not available unless JavaScript is enabled. Please use our contact form to submit an inquiry."

  2. Separate the <script> and <noscript> tags, e.g.,:

    <p>Email us <script type="text/javascript">document.write(n(0);</script>for more information.</p>
    <noscript><p>Email links are not available unless JavaScript is enabled. Please use our <a href="cgi-bin/contact.cgi">contact form</a> to submit an inquiry.</p></noscript>

    A visitor with JavaScript enabled will see "Email us ( for more information," and will not see the content of the <noscript> tag.

    A visitor with JavaScript disabled will not see the link at all, only the text outside the <script> tag: "Email us for more information." This visitor will also see the additional paragraph in the <noscript> tag, "Please use our contact form to submit an inquiry." recommends that you test carefully to ensure that your text makes sense whether or not your visitor has JavaScript enabled.

I'm using MySQL, PHP, or other dynamic content on my site. Can I still use the munger?

Yes. Simply include the code generated by this page in your PHP script, included documents, or database records as necessary.

Won't address harvesters figure out how to descramble my addresses?

This is possible, but believes, highly unlikely.

To broaden a search for to include name -at- is extremely easy with pattern matching techniques like regular expressions. To identify and reconstruct an address stored in a scrambled format is much more difficult, and it would result in a much slower -- i.e., more expensive to run -- harvesting program. Additionally, if a web site developer has gone to the effort of concealing an address from harvesters, that address is less valuable to the harvester because the recipient of the email is likely to be sensitized to the problem of UCE, will be resistant to email which arrives despite any filtering that may be in place. believes this more work/lower return balance will discourage address harvesters for the foreseeable future.

Other questions?