If you're like me, you receive a lot of unwanted postal mail, and yes, a lot of unwanted email. For me, posting my email address on MCPressOnline.com, RPGIV.com, and RPGxTools.com probably contributes to the daily allocations of spam that I get.

This isn't because any of these Web sites sell my email address; it's from those dirty little "sniffer" programs. You know the ones; they go out to a Web page and read it into a program buffer. Then they scan the buffer for at signs (@) followed by a ".com," ".net," ".org." or dot this and dot that.

About two years ago, I found a Web site (one of many as it turns out) that will take your email address and obfuscate it. The word "obfuscate" is, ironically, a bit obscure itself. It means "to make so confused or opaque as to be difficult to perceive or understand."

Basically, obfuscating an email address on a Web page allows the browser user to utilize the email address ("Click here to send me an email") but prevents spammers from harvesting it for their purposes.

How do you do it? It turns out that you can send any text to a Web browser in plain ASCII, hexadecimal notation, or decimal notation. So the letter "A" for example, can be sent as A, %41, or A. The browser will render any of these three representations as the letter "A" when it is displayed or used by the browser.

An email address harvesting routine that is looking for an at sign (@) followed by a .com or similar extension should be fooled by the obfuscation. In fact, many companies that harvest email address say that they actually use obfuscation to prevent competitors from stealing their "assets." None that I know of attempt to de-obfuscate text they find on Web pages simply because they run through a large volume of Web pages each day.

The trick to obfuscation is to convert This email address is being protected from spambots. You need JavaScript enabled to view it. into a string of hex or decimal identifiers.

There are Web sites that will obfuscate an email address for you. A great Web site that I use for various ASCII and EBCDIC tables is located at LookupTables. This site also shows you the HTML encoding for each character, so if you want to enter an "A" in hex or decimal, you'll find the value on that site.

The two popular methods used to obfuscate include JavaScript generation and converting to hexadecimal or decimal notation.

Method 1: JavaScript

This method involves generating a JavaScript that uses an encrypted or obfuscated email address and sends it to the browser.

While this type of routine is fine for a single email address that appears on a Web page, I don't particularly care for it. These types of obfuscation routines can't be easily managed or adapted to multiple or dynamic email addresses.

For example, if you generate a list of hundreds of email address (for example, on a report "printed" on a Web page), you have to generate hundreds of these JavaScripts. Then, there's always the issue of users not enabling JavaScript in their browsers. Although it's rare, lack of JavaScript support can be an issue.

The University of Waterloo has a Web site that generates a rather thorough JavaScript obfuscator for single email addresses. And here's another one that's slightly less thorough.

Method 2: Encoding

This method involves encoding each character in the email address into either hex or decimal characters. While you can find Web sites to do this for you, they only work on one email address at a time. So, again, if you're writing out data from a database file to the browser and have multiple email addresses, the Web sites aren't very helpful.

This technique is still the preferred methodology when multiple email addresses are being written out to the Web page. Since you're sending only the encoded email address to the Web page, no JavaScript issues come into play.

Sample Obfuscation Routine

Using CGILIB (the free add-on to RPG xTools), I created a simple CGI program that obfuscates any email address (actually any text string) and returns it to the browser page.

The CGILIB service program includes an email obfuscation routine named cgiObfuscate(). Pass it a string of up to 640 bytes, and it will obfuscate it and return it to your CGI program. It's up to the CGI program to send it to the browser (as in the example below). The source for this procedure is listed after the example CGI program.

To try out this CGI program that is called to obfuscate an email address, click here and enter your email address (or a fake one). I do not record the email addresses entered into this page.

To illustrate how to write your own obfuscation routine, I have included the source code for the cgiObfuscate() routine below. The cgiObfuscate() routine uses two RPG xTools procedures. However, they are relatively easy to replace with non-xTools subprocedures.

 
*************************************************************
** cgiObfuscate() Convert a plain text string to its
** digitized/numeric equivalent.
** e.g., from: A to: Ł
** This allows the users to conceal from Web sniffers,
** things like email addresses that are output to a
** Web page.
** © 2004 Robert Cozzi, Jr.
** All rights reserved 004 Robert Cozzi, Jr.
*************************************************************
P cgiObfuscate B Export

D cgiObfuscate PI 4096A Varying
D szInString 640A Const Varying
D nOption 10I 0 Const OPTIONS(*NOPASS)

D atSign S 10A Inz('@') Varying

D szAsciiValue S 640A Varying
D szObfuscated S 4096A Varying

D I S 10I 0
D nPos S 10I 0
D szCCSID S 10A
D nToCCSID S 10I 0

D DS
D IntValue 10I 0 Inz
D AsciiChar 1A Overlay(IntValue:4)

** Find the @ to verify that it is email.
C if %len(szInString) = 0
C return ''
C endif

C if %Parms >= 2 and nOption <> 0
C eval nPos = %scan(AtSign: szInString)
C if nPos = 0
C return %TrimR(szInString)
C endif
C endif

** Get the CCSID of the Web browser to convert into.
** Typically this is US-ASCII 819, but may be different.
C eval szCCSID = GetEnvVar('CGI_ASCII_CCSID')
C if szCCSID <> *BLANKS
C eval nTOCCSID = CharToNum(szCCSID)
C endif

C if nToCCSID > 0
** Convert the input string to ASCII from this AS/400's CCSID
C eval szAsciiValue =
C ToAscii(%TrimR(szInString):nToCCSID)
C else
C eval szAsciiValue = ToAscii(%TrimR(szInString))
C endif

** Convert to HTML special symbols &#xxx; (decimal)
C for i = 1 to %len(szAsciiValue) by 1
C eval AsciiChar = %subst(szAsciiValue :i:1)
C eval szObfuscated = szObfuscated +
C '&#'+%Char(IntValue) + ';'
C endfor

C return szObfuscated
P cgiObfuscate E

The three RPG xTools routines used by the cgiObfuscate procedure are Get Environment Variable (GETENVVAR), Convert Character to Numeric (CHARTONUM), and Convert EBCDIC to ASCII (TOASCII). These routines simplify the cgiObfuscate implementation.

Bob Cozzi is a programmer/consultant, writer/author, and software developer. His popular RPG xTools add-on subprocedure library for RPG IV is fast becoming a standard with RPG developers. His book The Modern RPG Language has been the most widely used RPG programming book for more than a decade. He, along with others, speaks at and produces the highly popular RPG World conference for RPG programmers.

Bob Cozzi is a programmer/consultant, writer/author, and software developer. His popular RPG xTools add-on subprocedure library for RPG IV is fast becoming a standard with RPG developers. His book The Modern RPG Language has been the most widely used RPG programming book for more than a decade. He, along with others, speaks at and produces the highly popular RPG World conference for RPG programmers.

---

MC Press books written by Robert Cozzi available now on the MC Press Bookstore.

		RPG TnT Get this jam-packed resource of quick, easy-to-implement RPG tips! List Price $65.00 Now On Sale
		The Modern RPG IV Language Cozzi on everything RPG! What more could you want? List Price $99.95 Now On Sale

Also Read

H and F Position-less Specs

Practical RPG: AI and IBM i

Programming in ILE RPG - Defining Standalone Variables & Assigning Initial Values to Data