CodeinWP CodeinWP

Must-Use Methods to Spam-Proof Your Email Address

Working for a busy web development & hosting company exposes me to the sad fact that well over 90% of website owners today do virtually nothing to protect themselves from email spam. Spam filters are good, and they’ve come a long way, but they are not the perfect solution — far from it. Even with a close to perfect spam filtering system in place (which never happens), users will still be inclined to waste time sifting through junk mail just to ensure that nothing was incorrectly filtered.

In this post, I’ll describe a few solid methods to ensure that your email address will not be harvested by “bots” or other automated programs that harvest emails from naive website owners.

The Best Junk Mail Folder is No Junk Mail Folder

Okay, that sub-heading is a little misleading, since I don’t honestly believe it’s possible to eliminate the junk mail folder — even if the methods outlined below are used. But with good solid spam-proofing methods carefully followed, I believe that the junk mail folder can be empty 99% of the time, if not more.

1. Don’t Use Predictable User Names For Your Email Addresses

This is one of the methods that I haven’t really seen promoted much, and I’m listing it first because it really gets to the root of the issue. When I registered a domain name last year, I started out using a very typical email address: Guess what? Within days, even though that email address was not listed on my site, I started getting spam in my inbox and junk mail folder regularly. Spammers know that as soon as a domain is registered, and a site goes up on the web, the “info”, “admin” and “sales” email accounts are likely used first. But don’t fall for this all too common mistake.

It is absolutely not true that potential customers are going to “guess” your email address using one of the “common” email prefixes (info, admin, support, etc). That is quite ridiculous. People don’t guess phone numbers, or bricks and mortar addresses; they look them up. The same applies to email. If they want to know your email address, they’ll look it up on your contact page, or else they’ll ask you directly, if that is an option.

So, choose an email address that is unique and cannot be “guessed”, but is still memorable and is associated with your product or service and the related company department. For example, instead of, use Or instead of, use

2. Do Not Display Your Email Address on Your Web Site

This is a tougher one, but it can be done, while still allowing users to send you email. There are tons of Javascript methods available online to “cloak” your email address, many of them are easy to implement. If you are a novice web developer and aren’t familiar with any of these methods, then take the time to become familiar with them. One good one will do, and it will pay off in the end for your own sites, and for any client sites you work on.

There are also similar, simpler methods that involve replacing characters in the email string with HTML character codes. For example, this code & #64; (without the space after the ampersand) is equivalent to the @ symbol. You can also replace the entire email address, or parts of the email address with this kind of code, and so it is less likely that an email harvesting program or spider-like bot will find your address. I personally like to mix up regular letters with HTML character codes to keep it inconsistent, just in case the bot is programmed to sniff out the character codes and interpret them. But the JavaScript methods are much more secure, from my experience.

Also, be sure that the clickable link that appears for the user to see on the page does not contain your actual email address. Instead use a “call to action” phrase inside the anchor tag. For example:

Send Me an Email Now!

This ensures that the bots will not be able to find your email address in the code or in the web page’s text. Definitely a safer way to go.

3. Use a Contact Form Instead of an Email Address

This is a simple one, and is probably the only guaranteed method. The fact is, although the methods above work quite well, a human can still find your email address — it just takes more effort. So, if you want to completely avoid all spam, then I would suggest using a simple contact form. Don’t forget to validate the fields using JavaScript and a server side language, to ensure the fields are filled out correctly, thus reducing form submission spam.

4. Use a Separate Email Address For Subscriptions, Forums, etc.

I have a hotmail address that I’ve been using for about 7 years, and I have never received a single spam message in it. I have never given out that address to anyone except close friends. But for newsletters, subscriptions, forum registrations, online purchases, etc., I have a completely separate email account. I expect junk in that one, so it’s no big deal. So take the time to register a separate “subscription only” email address that you don’t mind being public. That way, the email you use for business communications will not be made public — except where it appears on your website in the protected manner I’ve listed above.

What About Using an Image, or Spaces, or the Word “AT”?

I personally don’t like methods like making your email address an image, or putting spaces in between the characters in your email address, or using the word “AT” in place of the @ symbol. I think those are amateurish solutions, and don’t belong on professionally developed websites.

What Does This Have to do With Front End Web Development?

Although much of the information I’ve presented here is fairly well known to experienced web developers, I feel it hasn’t been taken seriously as “best practices” in web development. I don’t think web developers should wait for the client to suggest methods to secure their public email addresses. They probably will never suggest such a thing; they probably don’t even know it’s possible.

It’s the web developer’s job to offer the client the best possible web site solution, and this includes taking measures to ensure the client’s email addresses are protected from, or at the very least, minimally affected by, unsolicited email.

3 Responses

  1. Great post, I like the javascript stuff, but needs to be used sparingly so that you don’t get any cloak flags raised with Google for SEO purposes.

  2. Thank you, Andromeda. And thanks for the tip on SEO with relation to JavaScript. I’ll have to do some research on that, but your comment will definitely serve as a useful footnote to the article.

  3. mr_azri says:

    wow!!! thanks for the info! its a very good info!

Leave a Reply

Comment Rules: Please use a real name or alias. Keywords are not allowed in the "name" field and deep URLs are not allowed in the "Website" field. If you use keywords or deep URLs, your comment or URL will be removed. No foul language, please. Thank you for cooperating.

Markdown in use! Use `backticks` for inline code snippets and triple backticks at start and end for code blocks. You can also indent a code block four spaces. And no need to escape HTML, just type it correctly but make sure it's inside code delimeters (backticks or triple backticks).