Turn an email address into a snippet that bots (maybe) can't read but visitors can.
Obfuskoder is a single-page web tool. Drop in an email address (or any HTML), and it produces a small block of HTML+JavaScript you can paste into any web page. When a real browser renders the page, the JavaScript decodes itself and writes the email into the page. Bots that scrape HTML without executing JavaScript see only opaque code.
This raises the cost of email harvesting. It does not guarantee zero spam.
Note
Obfuskoder is not designed for adversarial interaction. It's a tool for you to use, not a service for you to offer to the Internet. But, you do you.
Obfuskoder is one index.html file. There is no build step, no install step, and no dependencies.
- Locally: open
index.htmldirectly in any modern browser (file://works). - On any static host: copy
index.htmlto GitHub Pages, Netlify, S3, your own server — anywhere that serves static files. - Offline: once loaded, the page makes no network requests.
Inside the app:
- Basic form — enter an email address, the link text visitors will see, an optional title (tooltip) and an optional subject line. Click Obfuskode.
- Advanced form — paste any HTML containing an email address (or anything else you want to obscure). Click Obfuskode.
The encoded snippet appears with a preview of the decoded link and a Copy button.
No data ever leaves your browser. Obfuskoder makes no network requests, sets no cookies, uses no analytics, and writes nothing to localStorage. You can read the entire source by viewing the page.
The latest two stable versions (as of this release) of Chrome, Firefox, Safari, and Edge — desktop and mobile.
The output is a <span> (containing a fallback message for non-JavaScript users) followed by an inline <script>. The script holds the email address as an array of integers offset by a random key — never as readable text, and with no @ character anywhere in the static snippet. When it runs, it decodes the array, replaces the <span> with the original HTML, and removes itself from the DOM (page). The snippet works inside AJAX-loaded pages because it does not depend on document.write.
A self-check runs on every encode to confirm the snippet round-trips correctly before showing it to you. The self-check is part of Obfuskoder, and is not included with the encoded snippet.
MIT. © 2026 Michael A. Alderete.
Obfuskoder is inspired by the original Hivelogic Enkoder by Dan Benjamin, which is sadly no longer online. An archived copy of the original form is available via the Internet Archive's Wayback Machine.
Reference implementations consulted while writing this tool include the original Hivelogic Enkoder web page, the Hivelogic Ruby plugin (Hivelogic, 2007), the PHPEnkoder WordPress port by Michael Greenberg, and Standalone PHPEnkoder by Jonathan Nicol. None of their code ships in Obfuskoder; the obfuscation algorithm here was written from scratch (by Claude Code; I fucking hate JavaScript).