Zero Signup ToolsFree browser tools

Text Tools

Email Obfuscator

Obfuscate email addresses with HTML entities, JavaScript, CSS, or [at] / [dot] tokens. Eight encoding styles side by side, ready to paste into your site.

one per line, or comma / semicolon separated

1 valid email detected.

Examples

Wrap in mailto: link

Adds an <a href=mailto:...> tag around HTML outputs.

Leave blank to show the obfuscated address itself.

Plain text tokens

Used for the [at] / [dot] output.

How many characters per string literal in the split-and-join output.

Single-byte key used by the Cloudflare-style hex output.

HTML

HTML decimal entities

Every character becomes a &#NNN; entity. Browsers decode it; naive bots see only numbers.

<a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#104;&#101;&#108;&#108;&#111;&#64;&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#99;&#111;&#109;">&#104;&#101;&#108;&#108;&#111;&#64;&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#99;&#111;&#109;</a>

HTML

HTML hex entities

Same idea as decimal but using &#xHH; references. Some CMS editors prefer hex.

<a href="&#x6d;&#x61;&#x69;&#x6c;&#x74;&#x6f;&#x3a;&#x68;&#x65;&#x6c;&#x6c;&#x6f;&#x40;&#x65;&#x78;&#x61;&#x6d;&#x70;&#x6c;&#x65;&#x2e;&#x63;&#x6f;&#x6d;">&#x68;&#x65;&#x6c;&#x6c;&#x6f;&#x40;&#x65;&#x78;&#x61;&#x6d;&#x70;&#x6c;&#x65;&#x2e;&#x63;&#x6f;&#x6d;</a>

HTML

URL percent encoding

Percent-encodes the address. Useful inside mailto: links and query strings.

<a href="mailto:hello%40example.com">hello@example.com</a>

HTML + JS

Reversed with JavaScript

Reverses the address in the markup; a small script reverses it back at render time.

<a id="e-17" href="#">hello@example.com</a>
<script>
(function(){
  var s='moc.elpmaxe@olleh';
  var r=s.split('').reverse().join('');
  var a=document.getElementById('e-17');
  a.href='mailto:'+r;
  a.textContent=r;
})();
</script>

HTML + JS

JavaScript split-and-join

The address is broken into small string literals that JS concatenates at runtime.

<a id="e-17-s" href="#">hello@example.com</a>
<script>
(function(){
  var p=['he','ll','o@','ex','am','pl','e.','co','m'].join('');
  var a=document.getElementById('e-17-s');
  a.href='mailto:'+p;
  a.textContent=p;
})();
</script>

Text

Plain text [at] / [dot]

Replaces @ and . with readable tokens. Use in podcasts, READMEs, and footers.

hello [at] example [dot] com

HTML + CSS

CSS unicode-bidi reverse

Stores the address reversed in the markup; CSS flips it back visually. No script needed.

<style>
.e-rev { unicode-bidi: bidi-override; direction: rtl; }
</style>
<span class="e-rev">moc.elpmaxe@olleh</span>

HTML + JS

XOR + hex (Cloudflare-style)

Hex string XOR-encoded with a single byte key; a tiny script decodes it client-side.

<a id="e-17-x" href="#" data-cfemail="49212c252526092c31282439252c672a2624">hello@example.com</a>
<script>
(function(){
  var d=document.getElementById('e-17-x');
  var s=d.getAttribute('data-cfemail');
  var k=parseInt(s.substr(0,2),16);
  var out='';
  for(var i=2;i<s.length;i+=2){
    out+=String.fromCharCode(parseInt(s.substr(i,2),16)^k);
  }
  d.href='mailto:'+out;
  d.textContent=out;
})();
</script>

Quick reference

Which output should you use?

Static HTML, no scripts

Use HTML decimal or hex entities. They render exactly like a normal mailto link but skip pattern scrapers that look for @ in the markup.

Pages with JavaScript

Use reversed or split-and-join. Bots that do not execute JavaScript (the vast majority) never see the readable address.

Plain text contexts

Use the [at] / [dot] replacement for podcasts, READMEs, footers, and any place HTML or scripts are not available.

Strict-CSP pages

Use the CSS unicode-bidi trick. No inline script, no HTML entities, and the markup still contains the address (reversed).

Highest defense

Use the XOR + hex output. The address never appears in plain form in the HTML, and the decoder is just a few lines of script.

Caveats

Determined scrapers can defeat any client-side obfuscation. Treat these techniques as a friction layer that filters out most basic bots, not as a guarantee.

How to use

  1. Paste one or more email addresses into the input area (newline, comma, or semicolon separated).
  2. Toggle Wrap in mailto: link if you want clickable HTML output, and optionally set the visible link text (e.g. "Contact us").
  3. For the [at] / [dot] output, pick a token style or type your own (e.g. " [at] ", " AT ", " (at) ").
  4. Tune the JS split chunk size and the XOR key if you need a specific output shape.
  5. Click Copy on any of the eight outputs to copy that obfuscation style, then paste it directly into your HTML, Markdown, README, or template.

About this tool

Email Obfuscator takes one or more email addresses and rewrites them into eight different anti-scraper forms, side by side, so you can pick the one that fits where you want to paste it. HTML decimal entities convert every character into a &#NNN; reference; HTML hex entities do the same using &#xHH; references that some CMS editors prefer. URL percent encoding produces the form used inside mailto: links and query strings. A reversed-with-JavaScript output stores the address backwards in the markup and reverses it back at render time, so bots that do not execute scripts never see the readable form. JavaScript split-and-join breaks the address into many small string literals that the browser concatenates at runtime, with the chunk size adjustable from 1 to 8 characters. A plain text [at] / [dot] output replaces @ and . with readable tokens you can use in podcasts, READMEs, footers, status pages, and anywhere HTML is not available, with one-click presets for the most common token styles. A CSS unicode-bidi trick stores the email reversed in the markup and uses pure CSS to flip it back visually, useful for strict Content Security Policy pages that disallow inline scripts. A Cloudflare-style XOR + hex output encrypts the address with a single-byte key (0 to 255, your choice) and ships a tiny decoder that reverses it on the client, hiding the address entirely from raw HTML view. Every output has a Copy button, and the HTML outputs can optionally be wrapped in a mailto: link with a custom visible label like "Contact us" so the result drops straight into a page template. The tool is honest about the limits of client-side obfuscation: determined scrapers can defeat any of these techniques, so the goal is a friction layer that filters out the basic harvesters that hammer contact pages. Everything runs in your browser. Addresses you paste are never uploaded, logged, or shared.

Free to use. Works in your browser. No signup, no login.

Related tools

You may also like

All tools
Text

Email & URL Extractor

Pull emails, URLs, phone numbers, and IPv4 addresses from any text.

Open tool

Developer

Email Validator

Validate, deduplicate, and clean lists of email addresses with typo suggestions.

Open tool

Generator

Mailto Link Generator

Compose a mailto link with cc, bcc, subject, body, and copy-ready HTML and Markdown snippets.

Open tool

Developer

HTML Entity Encoder Decoder

Two-way HTML entity encoder and decoder with named, decimal, and hex modes.

Open tool

Developer

URL Encoder Decoder

Encode and decode percent-encoded URLs.

Open tool

All toolsText Tools