How To Stop Spam Bots from Obtaining Your Email Address from Your Website
by Tina Clarke
After much research I've come to the conclusion that you cannot provide a non-spammable email link on a web page and still meet accessibility guidelines.
EncodersIf you use encoders to produce an html clickable link which is accessible even by screen readers, your email is still visible to the world. Evil robot harvesters that are advanced can easily do the job. They look for patterns, and since every link contains a mailto: and also uses the firstname.lastname@example.org layout, the robot only has to search for these, even if the mailto: text is encoded as well. Though bots that can do this are probably not widely in use at this time, they soon will be.
Testing your page as a spambot for visible emails
It is easy it is to determine if your address is available. You can test it yourself by making a page with an html encoded email using the service at the above link. Then save it and upload the page to your server.
Take the url of the test page and insert it into this
It will show you any and all email links on that page.
I think the best solution, therefore, is one that:
- Is accessible, in as far as the text can be read by a screen reader.
- Is not clickable but will cut down on the amount of people contacting you that really have nothing to say that you want to hear. (If they can't take an extra ten seconds to copy and paste to an email 'To' line, then you are better off if they do not contact you.)
- Won't let the evil harvester Bot have it's wicked way with your address, and therefore your precious time, when you have to deal with numerous unwanted emails.
- Is very simple to do.
Solution for stoping spam bots from obtaining your email address from your website
Place your cursor where you want the address to appear and go to html view and insert the following:
Change the name and domain.com to your own details.
View your web page and you will see it looks like a normal email address but is not clickable and can't be read by a Bot.
You can leave instructions by using a title tag on the text however, like the following.
<a title="Copy and Paste the email address to your email editor to send me mail or use the contact form on the Contact page.">name<code>@</code>mydomain.com</a>
Following these steps in hiding your email address from spam bots, can eventually prevent a data breach on your site.
Other choices are:
2. Use forms which hide your email address
Why should you use a form? Not everyone has access to pop email and many use web mail services, which won't work with mailto: links, so a form should be provided. However you have to make sure your email address is protected within the form. Using method number 4 (below) is a good idea. Or you can use PHP, Perl or ASP forms, and hard code the address into the PHP, Perl or ASP coding NOT the html.
Here are some free form scripts.
3. Insert something that makes the address undeliverable for a Bot, but humans can still use it. An example is simply to insert nospam into the address which can then be removed by the user.
The address with nospam taken out will then be
You must instruct your site visitors to remove the "nospam" part of the email address or you won't hear from anyone.
4. Use an autoresponder address which you will never have to look at, and the autoresponder will send the user your real email address in an email , which they can then use to email you directly. Bots can't cope with this. Utilise this free autoresponder
5. Use a graphic which is composed of your email address. Don't link it to your email address though, as that will appear in the html and is available to the bots.
In Business - Querybot
If you're in business, you might want to ensure your contact with your customers. Perhaps something like Querybot might suit your needs.
If you want to fight back, read about Harvesterkiller.
First Published in ABC ~ All 'Bout Computers
Volume 35 , May 2004