How to protect email addresses from being harvested by spambots

From time to time, we are being asked how to be contacted online. Our answer is: “Please use our website online ‘contact us’ form.” To which, the reply is: “But we cannot see your email address.”

Our readers, and sometimes prospective clients, do not realise that is exactly the main purpose of our online “contact us” form – to hide our email address from public view and more importantly, to avoid email spambots from harvesting email addresses in our websites.

Email spambots are web crawlers that can gather e-mail addresses from Web sites, newsgroups, special-interest group (SIG) postings, and chat-room conversations for inclusion in mailing list. Because e-mail addresses have a distinctive format, spambots are easy to write. The formats or keyphrases that email spambots normally recognise are “@”, “mailto”, top level domains like “.com .net .info”, and the single “.”

The online “contact us” forms are coded such that the mailing codes that run them are in a different file which is out-of-reach to web crawlers or even to human eyes.

We have also adopted the practice of not displaying the email addresses of our readers and members which are easy prey to web crawlers.

If our readers or members or contributing writers would insist that they show their email addresses to the public, (1) they are made to understand that they are running the risk of having their email addresses harvested by web crawlers, and (2) their email addresses are masked or “munged” to minimise the risk.

There are many ways of masking or “munging” (a deliberate alteration of an email address on a web page to hide the address from spambot programs) an email address.

We utilise the simplest way, which I call the “phonetic mask.” This is simply substituting “[dot]” for “.” and “[at]” for “@”. The address is then followed by a note notifying the readers to substitute back the normal email protocol for the masked formats. Example: info [at] spamwatchers [dot] com

Will this not inconvenience those who wanted to contact the writer or reader? Perhaps, it will. But we noted that many our readers use non-Microsoft Outlook default mail serve. They use free service email providers like Gmail, Yahoo, AOL and the like which do not automatically open with the “mailto:” code.

How effective are our online “contact us” form and masking /munging techniques in protecting email addresses? We have been using these techniques for a number of years (and these techniques are part of our online security and privacy policy) and we found them effective.

Of course, our email addresses or those email addresses in our webpages may still be found in the mailing list of spammers. But we like to believe, that these were manually entered in the spammers database.

Or perhaps, they were displayed in the To: or Cc: fields in “friends” email messages which were grabbed by spammers and manually entered in their own mailing list for spamming or for sale.

But not by email spambots!


  1. violi says

    Thanks for all the tips Romy. I guess we can not be too careful these days where there are ways and means that email addresses are “harvested”.