Today I was reading a post on a message list and someone mentioned they were using a function to generate their mailto: links using HTML entities instead of the ASCII characters in order to prevent spam harvesters from snagging the e-mail address. The problem with this method, is it would be pretty easy for a harvester to re-encode the HTML entities back into the correct ASCII characters.
This got me think that the best method would involve using JavaScript to write out the link. In order for a spam harvester bot to parse out the e-mail address, they'd have to understand the context of the page. This means they'd either have to actually parse the page into a DOM object and parse the DOM, or they'd have to specifically knowledge of the function and reverse engineer the links to the function. Either method is probably more than what most harvesting bots are going to use (although this could always change.)
So, I spent a few minutes and whipped up the following code. The spamProtector() JS function takes in an array of ASCII character codes, which will be used to generate the mailto: links. I obfuscated the document.write() statement by breaking the string into chunks in order to throw off any parsers looking for certain strings.