Having used reCAPTCHA’s (now deprecated) Mailhide service in the past, I was curious about how CloudFlare was so seamlessly protecting emails. After some investigation I was disappointed to find that CloudFlare’s email obfuscation technique is significantly inferior to reCAPTCHA, so much so that I’m struggling to even understand the purpose of it.
The technique that’s used would only be effective if it were deployed on a small number of sites and relatively unknown. Since CloudFlare is used by a large percentage of websites, I think it’s safe to assume at this point that anyone who’s serious about scraping emails would be aware CloudFlare and easily able to figure out how to circumvent the obfuscation.
Are there any plans to improve email protection? Ideally there would be another level of protection offered similar to reCAPTCHA where an email would not be unmasked until a user clicks on it. Then CloudFlare’s data could be leveraged to require “suspicious” users to solve a CAPTCHA while still allowing most users to unmask emails without any additional prompts.