Is it pointless trying to prevent email harvesting on my website?
June 9, 2021 1:31 AM   Subscribe

My friend and I are starting a small production company and I thought it would be fun(!) to build our website myself. Even though the site is meant to be just a portfolio of our previous work that we can point prospective clients to, we should definitely have our business contact info on it. Is there an effective way to hinder spambots from harvesting mailto: links on our site? What about social media links? Is it pointless to even bother with this?

A lot of the advice I’m seeing is pretty old. Much of the recent advice suggests not even trying to fool bots and to instead just rely on your mail host to have effective filtering (ours is Google Workspace).

I’d rather not have a contact form because it doesn’t seem appropriate for the type of communication we’d be receiving and I think it would look really out of place on the site. But if using a form is the best practice, I’d reconsider.

We’re using a small-ish website builder/host that specializes in showcasing the work of people in creative industries. Though much of what I’m doing is based on their templates, I’m also free to build pages with custom code using markdown or html. Despite being very much a novice, if there’s some code I could try implementing (read: copy and paste) I’m game.
posted by theory to Computers & Internet (13 answers total) 1 user marked this as a favorite
Best answer: It really isn't worth it. There will be spam. It really isn't that annoying, and these days is pretty minimal.
posted by DarlingBri at 1:33 AM on June 9, 2021

Best answer: I wouldn't bother. There are TONS of libraries on scraping for free. On Python we have beautifulsoup and more. Reads the entire webpage and can filter by DOM elements.

Spam filter have gotten to the point where it's excellent and VERY RARELY would something get past Gmail filters.
posted by kschang at 2:47 AM on June 9, 2021 [2 favorites]

Making a GIF file for your email addresses is a low-tech solution I've used in the past.
posted by Umami Dearest at 3:12 AM on June 9, 2021

Best answer: I suspect some of the solutions for this - like an image file of your address - are going to then become accessibility issues for visually-impaired readers using screenreaders (software which reads aloud the text on the page). Screenreaders can't usually read text that appears as an image, for example. You could put the address in the alt text but that's presumably also scrapable.

But I do feel like this is a battle I gave up on some years ago - spam filters are better and it just doesn't feel like much of a thing any more - most websites I see have at least a generic contact email address somewhere on their site - my organisation has every member of staff's email address fully displayed alongside their name, phone number, photo, job title - what junk I do get is all filtered away (frequently along with some of the useful stuff, but that's another gripe).
posted by penguin pie at 4:12 AM on June 9, 2021 [2 favorites]

My first choice would probably be to use a contact form with a captcha.

Second would be to obfuscate the address using one line of javascript, if the platform you're using allows you to insert a bit of html. No doubt there is someone who's studied how effective that is these days.
posted by dancing leaves at 4:29 AM on June 9, 2021

In ancient times, we'd take steps to make email addresses not look like addresses. So we might replace @ with the word 'at' or a . with the word 'dot'. Another trick was to encode addresses in hexadecimal. I have no idea whether this even helps these days.
posted by Obscure Reference at 5:10 AM on June 9, 2021 [1 favorite]

Best answer: I'd also use a single line if JavaScript if the platform you're hosting on allows it:


< a href="javascript:window.location.href = 'mailto:' + ['info',''].join('@')">info< !---->@< !---->< /a>

(remove the single space after each of the four `<`, and substitute your e-mail parts)
posted by Gomez_in_the_South at 5:13 AM on June 9, 2021

I’m not sure there’s a definitive answer but, fwiw, I used to obscure my email address on sites but at some point over the past 25 years I stopped. It’s out there.

I assume that there are so many other ways for spammers to get addresses these days that going out of my way to obscure my address would (a) be a drop in the ocean and (b) make life harder for anyone using screenreaders, or who don’t/can’t use JavaScript, or who just want to click a simple mailto: link to send me an email.

If you do go the contact form route then you will need a captcha (thus making the procedure slightly more annoying for anyone who might want to get in touch). Any unprotected form will soon attract spam itself.
posted by fabius at 5:30 AM on June 9, 2021

Have you ever used your email for...well, basically anything? If so, it has already been sold and resold a million times. Obfuscating your email on a website is closing the barn door after the horse has escaped, found a new life, and died.
posted by rockindata at 6:06 AM on June 9, 2021 [4 favorites]

Javascript obfuscation, hex encoding, and word substitution techniques are effectively obsolete these days; web scrapers are a lot more advanced than they used to be.
posted by ook at 6:27 AM on June 9, 2021 [2 favorites]

You might try It puts your email behind a CAPTCHA, which is definitely a pain in the ass for someone who wants to email you, but has a decent chance at deterring bots.
posted by BungaDunga at 6:49 AM on June 9, 2021

Another thing you can do is use a different email address to post publicly, and set that account up to forward to your "real" address; that way if the publicly-visible one starts getting clogged up with spam you can close that account and switch to a new one.
posted by ook at 7:00 AM on June 9, 2021 [2 favorites]

A contact form is usually the way that an email address is hidden from the public these days, but that’s more about privacy and anti-phishing than anti-spam. Obfuscation hasn’t been effective for several years now since just about everyone communicates with someone who let some malicious app access their contacts.
posted by michaelh at 7:17 AM on June 9, 2021 [2 favorites]

« Older How do I find a therapist who understands...   |   Free Backpacking in Wyoming/Montana/Anywhere Else Newer »

You are not logged in, either login or create an account to post comments