April 1, 2026
Inbox hide‑and‑seek, level 2026
Email obfuscation: What works in 2026?
Hiding your email in 2026: weird tricks win, commenters say “breaches beat everything”
TLDR: A new test says CSS or SVG tricks blocked all 318 basic scrapers, while plain text failed. Comments split: some claim spam is driven by data breaches, others swear simple obfuscation still works, with a few fearing this guide helps spammers—useful for anyone trying to keep an address off lists.
New tests claim the silliest-sounding moves—like hiding your address behind CSS “display: none” or an SVG image—blocked 100% of 318 basic scrapers, while plain text got obliterated and old-school HTML entities somehow still stopped most bots. But the real fireworks were in the comments, where the crowd split into camps and let the hot takes fly.
One camp shouted “wrong battle!” with ache arguing mass spam mainly comes from giant data breaches, not web harvesters. Translation: you can braid your email into a cute SVG with a funky web font, but if your info leaks in a hack, game over. Another camp fired back with real-world anecdotes, like users saying HTML entities have quietly kept them clean for years—“security by obscurity” or “practical wins,” depending on your mood. Meanwhile, bit1993 worried this how‑to is an accidental training manual for spammers: “Thanks for the tutorial… I guess?”
Things got spicy when a commenter claimed the author’s own email is a mashup of hidden CSS and a simple cipher, turning the thread into a mini‑mystery. And there were hacks-with-a-wink: one user filters for addresses that include a quirky +tag, like putting a secret handshake in the To line. The vibe: cat‑and‑mouse continues, with memes about ROT13 becoming ROT18 and jokes that the real enemy isn’t bots—it’s breaches. Read the tests, then pick your paranoia level.
Key Points
- •The author tested obfuscation methods against 318 spam harvesters and reported block rates for each.
- •No protection blocks 0%; HTML entities block 95%; HTML comments block 98%.
- •External SVG via an HTML object element and CSS display:none each blocked 100% while remaining accessible with proper use.
- •JavaScript concatenation and ROT18 approaches also tested at 100%, but concatenation exposes the full email in source and ROT18 can be undone by basic harvesters.
- •Implementations emphasize accessibility: use object (not img) for SVG, specify width/height and a web font, use true display:none, and vary decoy tags.