Support » Miscellaneous » How to shroud an email address to prevent spam

How to shroud an email address to prevent spam

  • I would like to add a few email addresses around the site which are clickable (so I would like to avoid the Mary[at]yahoo[dot]com format] and am wondering about the easiest way to do this.

    I have read that there is a way to use JavaScript to shroud the address so that it is clickable AND protected from spam, but I don’t understand how to do this. Can anyone provide super simple instructions, or another easy way to do this? I am very new to this stuff, thanks!

    The blog I need help with is buffalopeacehouse.us.

Viewing 15 replies - 1 through 15 (of 34 total)
  • esmi


    Forum Moderator

    Please do not try to obfuscate email addresses. It doesn’t work to deter spam bots and the only people it hurts are those trying to contact you. Try using a contact forum plugin instead.

    Thanks esmi. Are you suggesting putting in a page where people have to email us through the site? I wouldn’t mind doing that for certain things, but I would also like to list, for example, email addresses to contact certain individuals. Personally, I dislike having to submit my inquiry to a contact us page (don’t know if this is the best way to refer to it) and would rather just find an email address or phone number.


    Moderator Andrew Nevins


    Forum moderator

    @esmi, just wondering what your opinion is on displaying the email address in an image instead, does that work?



    Forum Moderator

    No. In order to make it accessible, you need to add the “real” text as an alt attribute – which would pretty much defeat the object of the exercise.

    If you still need to put obfuscated but clickable email on your site, use this native WP function:

    <a class="email" href="mailto:<?php echo antispambot( get_bloginfo('admin_email', 'raw'), 1 ); ?>?subject=Hello" target="blank"><?php _e('Contact me', 'your_text_domain'); ?></a>

    Personally I hate contact forms and prefer to write emails. That’s why I always have a “send me an email” link on any website. And I don’t receive tons of spam. 10-50 spam messages a day, sometimes a bit more. I use my Gmail account from the first days of Gmail service existense and use it everywhere on the forums, blog, promotion websites etc. For such an old and populated email even 100 spam messages a day isn’t much.

    Any function like antispambot() will make it look to you like it’s obfuscated, but almost every email harvester out there knows that trick and is smart enough to translate the HTML entities to their actual characters before it scrapes the page.

    As far as SPAM goes, 50-100 a day is pretty big. I have one site that I have an email address on and that gets 20-50 a day – but as a comparison I’ve got another site that has been live for 5-6 years with a contact form and no email address displayed and that gets exactly 0 SPAM messages a day and always has. I guess this all depends on how much SPAM you want to get rid of.

    As esmi said way back at the start, obfuscating the email address will never work. Any method that can be reversed by a browser of a script can be reversed by a harvester bot. The only way to stop your email address being harvested is to not have it anywhere on the site.

    Yes, I’ve heard a lot of horror stories about super smart harvesters. In our company we did a test. Created a site, created 2 brand new emails, published them on tthat website. 1st email was obfuscated, 2nd one – plain text. After 6 months we checked inboxes and spam folders. 2nd one was full of spam – more then 14000 letters. 1st one had less then 800. Conclusion: obfuscation helps. Not a 100% protection, definitely, but makes huge difference.

    And one more thing to consider – emails on your custom domains are getting spammed automatically. There’s no need to harvest emails, just prepend domain name with a list of popular/standard names like admin, info, support, sales, office etc and you got it. And many standard cPanel setups on shared hosting accounts by default enable collecting emails sent to unknown address on the domain to primary account. In this case send email to any_combination_of_characters@domain.com and it will be delivered to primary account.

    Use Gmail. Obfuscate email address on the website. Stop worrying about spam. Works for years.

    catacaustic, seems like contact form on your website is completely broken. See the screenshot: http://snag.gy/sQuB1.jpg

    This NEVER happens to mailto: links 🙂

    I know… Trust me I know.

    That’s a relic of the past that hasn’t been fixed yet (clients projects take precendece over anything internal).

    But that still doesn’t take away from my points. I also don’t get SPAM from that email address because it’s not visible on the site anywhere, which is the entire arguement. Like I said, if you’re happy with the amount of SPAM you get then great, but it’s not for all of us. 🙂

    I completely agree with you. Same with contact forms. There are some people who just don’t like to submit them. Personally I’m trying to keep a minimalistic and ‘lazy’ approach – the less actions needed from user and the more straightforward they are – the higher conversion we get. Even 100 spam emails daily (and they are automatically filtered by Gmail anyway) is a small price for that.



    Forum Moderator

    Please be aware that, if your obfuscated email address is not accessible to disabled users using a range of software and equal access is mandated by law in your country, you may be placing your site on the wrong side of the law.

    esmi, thanks for pointing it out, didn’t knew that. Anyway, in my country (Ukraine) there’s no such laws, so I’m safe. And I use descriptive alt attributes for screen readers. I suppose it will read ‘Send an email to blog author’ instead of reading the email address itself. Am I right?



    Forum Moderator

    Yes but not all disabled users will be using screen readers. What about braille readers etc?

    It may be a problem, but again – not in my country. I have access to visitor stats for more than 150 websites, some of them are number 1-3 in my country in their niche (large news sites). We did a small research once, looking for any non-standard content readers. We were able to identify few screen reader visitors (few among millions) but no braille or of other type. Seems like in my country, unfortunately, blind people don’t use internet or special tools. But I have some websites in english as well, they are oriented on worldwide auditory, will do a research on this topic and look for some solutions. Thanks for pointing me out.

    BTW, checked some top local websites for proper use of alt attributes. No one is using them properly… I usually spend a lot of time writing proper alts and translating them. I develop all themes originally in english and then translate them to russian or ukrainian with POEdit, even for commercial projects for local markets. This way if they decide to add another language to their site they are ready to go right out of the box.

    And, for example, what about taking care of blind users for portfolio website? I think it just makes no sense. The core part of the site content is visual, it’s impossible to show photography or graphic design portfolio with words.

Viewing 15 replies - 1 through 15 (of 34 total)
  • The topic ‘How to shroud an email address to prevent spam’ is closed to new replies.
Skip to toolbar