E-Mail Addresses on Web Sites

Why you shouldn’t include a link to your e-mail address on your Web site.

Many people — including me! — use their Web sites as a kind of global calling card, a way to share information about themselves or their companies with others all over the world. It’s common to want to share your contact information with site visitors — particularly potential customers — so they can contact you. This is often done through the use of a mailto tag. For example, e-mail me! which appears as a clickable e-mail link.

Unfortunately there are people out there who want your e-mail address, people who want to scam you into sending money to Nigeria, advertise their online casinos, sell you prescription drugs, show you their porn sites — the list goes on and on. If you have your e-mail address on any Web site, you probably already get a lot of this spam. That’s because of computer programs that crawl through Web sites and harvest e-mail addresses that are included in the otherwise innocent mailto tag. Heck, they even harvest addresses that aren’t part of a mailto tag, so just including your e-mail address on a Web page without a link can get you on a bulk e-mail list.

So what’s the solution? There are a few.

One popular and easy-to-implement solution is to turn your e-mail address into a text phrase that a site visitor must see and manually type in to use. For example, me@domain.com becomes me at domain dot com or meATdomainDOTcom. You get the idea. Someone who wanted to send you an e-mail message, would be able to figure that out — if he couldn’t, he really shouldn’t be surfing the ‘Net anyway — and manually enter the correct translation in his e-mail program. But e-mail harvesters supposedly can’t figure this out (which I find hard to believe) so the e-mail address isn’t harvested.

Another solution is to use an e-mail obfuscation program. These programs take e-mail addresses and change or insert characters to make them impossible to read. The e-mail addresses look okay on the site — to a person viewing them — and work fine in a mailto link — when used from the Web site. WordPress plugins are available to do this. I don’t use any of them, so I can’t comment on how well they work. But they must be at least a little helpful if they’re available. You can find a few here, on the WordPress Codex.

The solution I use is form-based e-mail. I created a Contact Form with fields for the site visitor to fill out. When the form is submitted, a program processes it and sends it to my e-mail address. Because that address is not on the Web page that includes the form — or on any other Web page, for that matter — e-mail harvesters cannot see it. As a result, I’m able to provide a means of contacting me via e-mail that keeps my e-mail address safe from spammers.

The program I use is called NateMail from MindPalette Software. it’s a free PHP tool that’s easy to install and configure. But what I like best about it is that you can set it up with multiple e-mail addresses. Use a corresponding drop-down list in your form to allow the site visitor to choose the person the e-mail should go to. NateMail directs the message to the correct person. You can see this in action on my other WordPress-based site, wickenburg-az.com, in its Contact Form. If you want a few more features, such as the ability to attach files to an e-mail message, MindPalette offers ProcessForm for only $15.

Other WordPress users are likely to have their own favorite methods of protecting their e-mail addresses from spammers. With luck, a few of them who read this will share their thoughts in the Comments for this post.

One more thing…this doesn’t just apply to WordPress-based sites. It applies to all Web sites. And a contact form tool like NateMail will work with any PHP-compatible Web server.

If you’re already getting spam, using one of these methods won’t stop it. It’ll just keep the situation from getting much worse. Your best bet is to change your e-mail address and protect the new one. In my case, that’s a big pain in the butt — so many people I need to be in touch with have my e-mail address and, worse yet, I often use it as a login for Web sites I visit (which does indeed make the spam situation worse). I’m working on a plan to phase out the bad addresses and replace them with ones that I protect. Until then, I have to rely on the spam-catching features of my ISP and my e-mail software to sort out the bad stuff — currently about 20-40 messages a day — so I don’t have to.

What do you think?