Jono wrote: > I have used <noscript> but, as you know, if I put > <noscript>name at domain.com</noscript> SPAM bots will take that just as > easily as they will take just the plain address. I am using a > not-so-useful backup — <noscript>name(at)domain(dot)com</noscript> — > which I am willing to bet, is not safe from all bots. I was trying to > avoid graphics, but it looks like that is the safest way. Well, if you want to have low level visitors to do that anyway then there is no need to muck around with noscript, as that would be a pickle in xhtml anyways. Simply use the DOM to remove the unwanted elements onload: http://www.onlinetools.org/tests/emailobfuscate.html The script (http://www.onlinetools.org/tests/deobfuscate.js) turns every <span class="mail">Joe.User-spamprotect- at -please-domain-remove-com.</span> into the plain email. Just tweak the script for other "protection" options.