auf deutsch

E-Mail Address Protection


This server encrypts your e-mail address in a way, that makes it impossible for automatic programs (so called "address harvesters"), to find your clear-text e-mail address on web pages, and to consequently use it for sending you unwanted commercial e-mails (so called SPAM).

How is the E-Mail Address protected?

To decrypt the e-mail address, the user has to prove being a human and not a machine. That is done using the CAPTCHA service of

Encryption of Your E-Mail Address

To use this service, you simply enter your name and e-mail address into the following fields, press "Encrypt" and use the computed URL in your website or forum-footer.

Your Name (Optional):
Your E-Mail Address:

Frequently Asked Questions

Will e-mail addresses be logged on the server?

E-mail addresses will not be logged on the server. As the clear text e-mail addresses are transmitted using a POST-form, they do not even appear in the log file of the WWW server.

What encryption algorithm is used?

To encrypt the e-mail address, the Advanced Encryption Standard (AES) is deployed, using a secret 256-bit-key on our server. After encryption the resulting binary string is converted to a string of characters and numbers using the (URL-safe) Base64 encoding scheme.

Isn't it possible to mount chosen plaintext attacks against the encryption algorithm?

Yes, that is indeed possible, but currently AES is believed to be safe against that.

Why wasn't a public-key encryption algorithm used?

To provide a somewhat secure encryption a key length of 512 bit would have been necessary. The length of the encrypted string has to have at least that length too. After converting to base64 the string would have had a length of at least 86 characters, opposed to a minimal length of 22 with the current method.

My encrypted e-mail address is still to long.

First you can try to leave the name out, i.e. only encrypt the e-mail address. If that doesn't help, a service like can be used. As an example look at

How can I encrypt e-mail addresses automatically?

The URL<name>&email=<email>

provides the encrypted e-mail address as the output. This URL can easily and automatically be fetched by using programs like wget or curl. When using the POST-method, no trace of the encrypted e-mail addresses is left in the server logs

XHTML 1.1 compliant A service of Felix Holderied and Sebastian Wilhelmi