Spam bots and web crawlers search on random websites for plain-text email addresses to send unsolicited emails or spam. If you publicly post email addresses on a website, there's a risk they'll be harvested and used for spamming purposes. To reduce this risk, you can follow these techniques to hide email addresses effectively while maintaining communication accessibility.

Please note that as these techniques have improved over time, so have the spam bots and their capabilities. Some spam bots are able to recognise and circumvent the techniques described below, so this is not a 100% bot-proof protection.

Techniques to Hide Email Addresses

  1. Obfuscate the Email Address:

    • HTML Entity Encoding: Convert characters in the email address into HTML entities. For example, instead of writing "name@yourdomain.tld", use name@yourdomain.tld or name@yourdomain.tld. This renders as a visible email address in browsers, but is slightly less likely to be parsed by spam bots.

      Example:
      <p>Contact: &#110;&#097;&#109;&#101;&#064;&#121;&#111;&#117;&#114;&#100;&#111;&#109;&#097;&#105;&#110;&#046;&#116;&#108;&#100;</p>
      This code snippet shows the email address "name@yourdomain.tld" in a way that looks normal to humans, but uses HTML entities to obfuscate it from bots.

      You can use the Email Address Encoder from wbwip.com to encode your own email address.

    • JavaScript Obfuscation: Use JavaScript to construct the email address dynamically. This method is more complex for bots to understand, but ensures that users see a clickable email link.

      Example:
      <script>
      const emailName = "name";
      const emailDomain = "yourdomain.tld";
      const fullEmail = emailName + "@" + emailDomain;
      document.write('<a href="mailto:' + fullEmail + '">' + fullEmail + '</a>');
      </script>
      This code uses JavaScript to construct the email address dynamically. It makes it harder for bots to read the email while providing a clickable mailto link for users.

      Alternatively, you can also use the Email Encoder (email-encoder.com) tool that generates a more complex and possibly more effective code.

    • Use Words Instead of Symbols: Instead of writing "name@yourdomain.tld", you could write "name [at] yourdomain [dot] tld"

    • Reverse the Email Address: Write the email address backward and use JavaScript or CSS to reverse it for display. For example, display "moc.elpmaxe@eman", but use JavaScript to correct it.

      Example with JavaScript:
      <script>
      const reversedEmail = "dlt.niamodruoy@eman".split('').reverse().join('');
      document.write('<a href="mailto:' + reversedEmail + '">' + reversedEmail + '</a>');
      </script>
      In this example, the email address is written backward and reversed with JavaScript to display correctly. It hides the actual email address from bots.
  2. Use WordPress Plugins:

    • CleanTalk: An advanced anti-spam protection for WordPress that includes an email address encoder, among many other features.
    • Email Address Encoder: This is a light-weight plugin that protects plain-text email addresses and mailto links by encoding them into decimal and hexadecimal entities. These are the same techniques as described above, but much easier to implement for WordPress sites, without programming experience.
  3. Use Contact Forms:

    • Form-Based Communication: Instead of displaying an email address, create a contact form where users can submit inquiries. This method completely hides email addresses from public view.
    • Captcha Integration: Integrate CAPTCHA into the form to prevent automated submissions by bots.
  4. Image-Based Email Addresses:

    • Convert Email to an Image: Instead of text, display the email address as an image. This approach is almost bot-proof, but requires manual transcription for users.
    • Use ALT Text for Accessibility: If using images, include descriptive ALT text for accessibility purposes.
  5. Add Bot Detection Techniques:

    • Honeypot Fields: Include hidden fields in forms that only bots would interact with. If a bot fills these fields, you can block or flag the submission.
    • Rate Limiting and Throttling: Limit the number of form submissions or email address interactions from a single IP address within a specific timeframe.
  6. Email Address Validation:

    • Verify User Email Addresses: If you must share email addresses for communication, consider requiring users to register and validate their email before they gain access to a page where email addresses are listed.

Implementing Secure Email Communication

Implementing these techniques requires careful planning and technical understanding. If you're unsure, seek assistance from a web developer or security expert. Always test your methods to ensure they do not impede user accessibility or usability. While these techniques help minimize the risk of spam bot harvesting, no method is entirely optimal. Regularly monitor your website for unusual activity or spam-related issues to maintain a secure environment.

Updated by SP on 22/04/2024

Was this answer helpful? 1 Users Found This Useful (1 Votes)