I have installed and am testing the Antispam plugin.
I’ve added a link to the page like this:
Email Us
When you hover over it you can see the email address; likewise when you Inspect the page with developer tools.
I thought this plugin would “hide” the email address from the user? Or am I misunderstanding what it does?
What’s the syntax for adding a “mailto” link that would hide the actual email address?
Thanks!
Hi @jmsstuff , I’ve not used that one but I’ve had great success with the SafeMail Shortcode for this situation:
@jmsstuff, The plugin seems to be working fine in my installation.
I thought this plugin would “hide” the email address from the user? Or am I misunderstanding what it does?
This kind of plugins try to hide the email address from bots/crawlers, not from the user.
How does it work?
The plugin replaces the email address with some javascript which injects the email address into the DOM of the page when run inside a browser.
Which means:
As a side note:
The Shortcode plugin mentioned by @paulhibbitts, works in a different way. When it finds an email address marked with a shortcode, it replaces the individual characters of the email address with HTML entities in the generated HTML. The browser in turn shows entities as plain (readable) text without the need of javascript.
HTML entities could easily be reversed to plain text by a bot which is a bit more cleaver.
Apart from other differences, from the perspective of a page author, the disadvantage of the Shortcode plugin is that you have to mark an email address in the page manually: [safe-email]user@domain.com[/safe-email]. The Antispam plugin automatically searches for email addresses in the page.
Try checking the source itself (Ctrl + U on Chrome) and you will see the difference 
Thank you, I didn’t know about the shortcodes! I’m trying to use the safe-mail shortcode in combination with the mailto, but unfortunately, it’s not working how I want. When you click on the link, it opens my email client but doesn’t decrypt the email address to send to. Makes sense but I’ll need to try something else. Appreciate your help.
Thanks for the explanations, still learning Grav (slowly but surely)…
My end goal is to reduce spam, so I was going to use a mailto link but was hoping to hide the email address it should send to.
I had created a contact form with 2 honeypot fields and a “math check” field, hoping that bots will not answer correctly. I also have the DNS Blacklist plugin enabled, but I’m still getting spam that looks like this:
Name: TrcMokCAzNqanex
Email: a_legitimate_looking_email_address@gmail.com
Message: CfPBvaIwiyd
What is five times four?: 20
Given the random characters, it seems like automated spam. Unsure how to stop them.
@jmsstuff, If fighting spam would be easy, it would have been solved…
You can protect your contact form as much as you like (and you should), but:
curl -X POST \
-F 'name=TrcMokCAzNqanex' \
-F 'email=a_legitimate_looking_email_address@gmail.com' \
-F 'message=CfPBvaIwiyd' \
https://domain.com/contact
When the first line of defense gets passed, you will need to filter the POST at server side:
Btw. Stop Forum Spam offers a free API that can be embedded in a plugin, to check if IP, username and email address are known to be used by spammers.