Working for a busy web development & hosting company exposes me to the sad fact that well over 90% of website owners today do virtually nothing to protect themselves from email spam. Spam filters are good, and they’ve come a long way, but they are not the perfect solution — far from it. Even with a close to perfect spam filtering system in place (which never happens), users will still be inclined to waste time sifting through junk mail just to ensure that nothing was incorrectly filtered.
In this post, I’ll describe a few solid methods to ensure that your email address will not be harvested by “bots” or other automated programs that harvest emails from naive website owners.
The Best Junk Mail Folder is No Junk Mail Folder
Okay, that sub-heading is a little misleading, since I don’t honestly believe it’s possible to eliminate the junk mail folder — even if the methods outlined below are used. But with good solid spam-proofing methods carefully followed, I believe that the junk mail folder can be empty 99% of the time, if not more.
1. Don’t Use Predictable User Names For Your Email Addresses
This is one of the methods that I haven’t really seen promoted much, and I’m listing it first because it really gets to the root of the issue. When I registered a domain name last year, I started out using a very typical email address: firstname.lastname@example.org. Guess what? Within days, even though that email address was not listed on my site, I started getting spam in my inbox and junk mail folder regularly. Spammers know that as soon as a domain is registered, and a site goes up on the web, the “info”, “admin” and “sales” email accounts are likely used first. But don’t fall for this all too common mistake.
It is absolutely not true that potential customers are going to “guess” your email address using one of the “common” email prefixes (info, admin, support, etc). That is quite ridiculous. People don’t guess phone numbers, or bricks and mortar addresses; they look them up. The same applies to email. If they want to know your email address, they’ll look it up on your contact page, or else they’ll ask you directly, if that is an option.
So, choose an email address that is unique and cannot be “guessed”, but is still memorable and is associated with your product or service and the related company department. For example, instead of email@example.com, use firstname.lastname@example.org. Or instead of email@example.com, use firstname.lastname@example.org.
2. Do Not Display Your Email Address on Your Web Site
Also, be sure that the clickable link that appears for the user to see on the page does not contain your actual email address. Instead use a “call to action” phrase inside the anchor tag. For example:
This ensures that the bots will not be able to find your email address in the code or in the web page’s text. Definitely a safer way to go.
3. Use a Contact Form Instead of an Email Address
4. Use a Separate Email Address For Subscriptions, Forums, etc.
I have a hotmail address that I’ve been using for about 7 years, and I have never received a single spam message in it. I have never given out that address to anyone except close friends. But for newsletters, subscriptions, forum registrations, online purchases, etc., I have a completely separate email account. I expect junk in that one, so it’s no big deal. So take the time to register a separate “subscription only” email address that you don’t mind being public. That way, the email you use for business communications will not be made public — except where it appears on your website in the protected manner I’ve listed above.
What About Using an Image, or Spaces, or the Word “AT”?
I personally don’t like methods like making your email address an image, or putting spaces in between the characters in your email address, or using the word “AT” in place of the @ symbol. I think those are amateurish solutions, and don’t belong on professionally developed websites.
What Does This Have to do With Front End Web Development?
Although much of the information I’ve presented here is fairly well known to experienced web developers, I feel it hasn’t been taken seriously as “best practices” in web development. I don’t think web developers should wait for the client to suggest methods to secure their public email addresses. They probably will never suggest such a thing; they probably don’t even know it’s possible.
It’s the web developer’s job to offer the client the best possible web site solution, and this includes taking measures to ensure the client’s email addresses are protected from, or at the very least, minimally affected by, unsolicited email.