FrontPage Resources AccessFP Services AccessFP Mall Web Resources
Index About Advanced Search Home

How To Stop Spam Bots from Obtaining Your Email Address from Your Website

by Tina Clarke

After much research I've come to the conclusion that you cannot provide a non-spammable email link on a web page and still meet accessibility guidelines.


If you use encoders to produce an html clickable link which is accessible even by screen readers, your email is still visible to the world. Evil robot harvesters that are advanced can easily do the job. They look for patterns, and since every link contains a mailto: and also uses the layout, the robot only has to search for these, even if the mailto: text is encoded as well. Though bots that can do this are probably not widely in use at this time, they soon will be.

Testing your page as a spambot for visible emails

It is easy it is to determine if your address is available. You can test it yourself by making a page with an html encoded email using the service at the above link. Then save it and upload the page to your server.

Take the url of the test page and insert it into this

Willmaster form

It will show you any and all email links on that page.

JavaScript Email

However when you use JavaScript encoded email, links like the one above cannot read your email address even when you use it as the text to be clicked on.

This site gives you the code and also scrambles it for you, but this does not give you a completely accessible email address because of the use of JavaScript.

I think the best solution, therefore, is one that:

Solution for stoping spam bots from obtaining your email address from your website

Place your cursor where you want the address to appear and go to html view and insert the following:

Contact: name<code>@</code>

Change the name and to your own details.

View your web page and you will see it looks like a normal email address but is not clickable and can't be read by a Bot.

You can leave instructions by using a title tag on the text however, like the following.

<a title="Copy and Paste the email address to your email editor to send me mail or use the contact form on the Contact page.">name<code>@</code></a>

Following these steps in hiding your email address from spam bots, can eventually prevent a data breach on your site.

Other choices are:

1. Use a JavaScript solution

2. Use forms which hide your email address

Why should you use a form? Not everyone has access to pop email and many use web mail services, which won't work with mailto: links, so a form should be provided. However you have to make sure your email address is protected within the form. Using method number 4 (below) is a good idea. Or you can use PHP, Perl or ASP forms, and hard code the address into the PHP, Perl or ASP coding NOT the html.

Here are some free form scripts.


3. Insert something that makes the address undeliverable for a Bot, but humans can still use it. An example is simply to insert nospam into the address which can then be removed by the user.


The address with nospam taken out will then be

You must instruct your site visitors to remove the "nospam" part of the email address or you won't hear from anyone.

4. Use an autoresponder address which you will never have to look at, and the autoresponder will send the user your real email address in an email , which they can then use to email you directly. Bots can't cope with this. Utilise this free autoresponder  

5. Use a graphic which is composed of your email address. Don't link it to your email address though, as that will appear in the html and is available to the bots.

In Business - Querybot

If you're in business, you might want to ensure your contact with your customers. Perhaps something like Querybot might suit your needs.

Fighting back

If you want to fight back, read about Harvesterkiller.

First Published in ABC ~ All 'Bout Computers
Volume 35 , May 2004