The Email Encryptor Reborn

Email obfuscation using Javascript is a popular way to hide Email addresses from spam-bots. One of the most popular of these was written by Jim Tucek at the Academy of Science at St. Louis. Unfortunately he hosted it on one of their student pages at, and the other day (during a website move), all of those pages were taken down, leaving web developers unable to create new Email addresses for sites that use the script. After getting a panicked call from a friend (who has many clients on the script), I decided to step in and see what I could do to help. The result can be found on my new Email Encryptor page.

This actually posed an interesting challenge. Jim used RSA encryption (about 10 bits) to encrypt the strings. I’m not sure why he chose an asymmetric algorithm instead of a symmetrical algorithm – as the primary result of this choice is to make it hard to create new Email addresses (in a symmetric algorithm you could use the decryption key to encrypt as well – so the loss of the original page would have had little impact. In an asymmetric algorithm having the decryption key offers no help). Fortunately, the algorithm itself is reasonably simple and widely published. Though I use cryptography a great deal, this was actually my first time doing the math, and translating some of the mathematical requirements into computer algorithms took a bit of thought. It was also the first time I’d really thought about modulus math. Finally, there was the Javascript coding itself. Though my primary expertise remains VB .NET and C#, I’ve gotten to do quite a bit of Javascript in the past couple of years (both in web projects and some Ajax work), so that part was relatively simple. By the way, I love the Visual Studio 2008 Javascript debugger – it doesn’t get much attention, but it’s very cool. As a side-effect I also got a nice prime number example to use next week at SD-West when I talk about the TPL, I mean “the Parallel Extension to the .NET Framework”.

So ultimately I was able to get it to work. It’s now live and hopefully will serve as a good resource to those left stranded when Jim’s page went down, and the rest of us in our never-ending battle to fight spam.

17 Responses to “The Email Encryptor Reborn”

  1. Simon Says:

    Thanks for this, Dan. I really liked Jim’s encryption program. Having seen that it was likely to be taken down I took the precaution of downloading the files – but, now I can’t find them!

  2. claude Says:

    thanks! i was looking for jim’s script for a while…

  3. David Says:


    Thanks for this Dan, I was very fed up last night when I went to add another email address to my site using Jim’s program only to find that it had disappeared. I’m glad to say that I eventually stumbled upon your site. I wonder if it might be possible to include Jim’s original URL as text on your site so that the search engines might find it?

    I eventually found your site by doing a Google search for the script name.

    Anyway, great relief & thanks again.

  4. OutOfTouch Says:

    Thanks Dan for sharing! Sorry I am a little slow.
    How do I use the subject, or is that automatically decrypted if you encrypted one?

  5. Chris Says:

    Thanks Dan!

    Your a life saver! I found Jim’s obfuscator tool a few years ago when our email was being swamped by spam.

    After incorporating the obfuscation things significantly improved. So during my regular updates I’d go to a bookmark, generate the new email and move on.

    Like David. it took a little hunting, but your site has helped this little black duck get on with coding again…..

  6. Al Says:

    Hi Dan. Thanks for doing this. I was freaking when discovered that Chris’ site was down. I was going to try and contact him through Myspace then found you.

    I’m wondering if you could point men in a right direction.

    The feature seems to be broken on one of my pages but works on all the others. It’s a mystery because I cut and pasted the code from a working page so something else on the broken page is interfering with the functionality.

    On the broken page it returns a ‘mailto:emailaddress’ and places this in the browser addressbar. Of course ’emailaddress’ is the email that I am trying to send out.

    I can’t figure out why it’s doing this. Please help if you can. As I said, the exact code works on every other page.

  7. WebVixn Says:

    Thank you, Dan! I just wrote a blog about this wonderful “remake” you did. I was one of those freaking out when Chris’ site went down, too.

    I’m still amazed by how many people are out there who don’t have their email addresses encrypted (or ensure that their clients’ addresses are encrypted). Thought I’d spread the word and show folks just how easy your program is to use…

    Maybe they’ll throw some dollars your way, too?

    🙂 You’re a hero

  8. janusz Says:

    Thanks Dan

    Janusz from Poland

  9. gucky66 Says:

    Thank you, I won’t go as far as “you saved me”
    But you spared me a “lot” of time searching for another script I like.

    You’re a indeed a hero!

  10. juzme Says:

    A big shakeup in the Internet is on its way as politicians
    in both America and Europe move to pass a bunch of
    Enclosure Acts that will take great hunks of it out easy
    public access. In many ways it will become an adjunct
    of the telecoms and media industries – telcos, tv, etc.,
    far more than it has been since its “commercialization”
    in the early 1990s. Whatever the pros and cons and
    politics of this, one way or the other – anyone who is
    interested in those things can find info and discussion
    on that elsewhere – it will certainly, in very significant
    measure (even if not as much as its various political
    and commercial promoters want) come to pass. It’s
    even been, for a long time, very obviously on its way.

    The non-commercial, non-political message is: if it’s
    on the Internet in a non-commercial context and it’s
    something you’re likely to want to access in the future,
    like – by its nature – Jim Tucek’s routine to construct
    new addresses, then do a bit of constructive resource
    allocation and forward thinking and get it down offline
    NOW (and don’t Do what Simon Says) because there’s
    a good chance it won’t be there the day after tomorrow.

  11. JJ Says:


    Very nice work here, thanks for putting this together! My only comment (can’t help a code review, being a developer myself) is that Jim’s program had a nice feature of auto-obfuscating the e-mail encryption source code with random variable names, which this script lacks. Were this script to become popular enough (and it certainly deserves it), spambots could recognize the source and build the decryption in. Just a thought, though I’ll be using it all the same.

    Thanks again

  12. PaulG Says:

    Dan – thank you. I was just resigning myself to having to write a similar thing (when all I wanted was to update a couple of email addresses – a 30-second job turning into one I didn’t really have time for) when I found your page.

    Thanks again for doing this


  13. Khalilah Krafft Says:

    Hey, I came across this blog post while searching for help with JavaScript. I’ve recently switched browsers from Opera to Internet Explorer 7. Just recently I seem to have a issue with loading JavaScript. Every time I browse page that needs Javascript, the site freezes and I get a “runtime error javascript.JSException: Unknown name”. I can’t seem to find out how to fix it. Any help is very appreciated! Thanks

  14. Void Says:

    Thanks Dan for sharing the encryptor. Khalilah you should reinstall IE or get a new one IE8.

  15. Ken Says:

    Thanks, Dan. Been using the original script for quite some time, but didn’t realize that it was no longer supported.

  16. Mohit Says:

    In your code, the modulus exponential code seems to be taking arguments as base, exponential and y and claims to return base^exponent% y. However, it seems that it actually computes base^y % exponent. Also, the algorithm used is O(y) while there are well known O(log(y)) algorithms out there.

  17. Dan Says:

    Looks like you’re right about the swapped parameters. My guess is that the inputs are swapped as well – otherwise the code wouldn’t work. I’ll be honest, I haven’t looked at this in years, and don’t have time to dig deeper now.
    As far as the performance – who cares? It’s encrypting one character at a time with small numbers. You’d never notice the difference.

Leave a Reply

Comments are moderated - allow 24-48 hours for your comment to appear.