: Does it really help against spam to replace the "@" with "(at)" and similar practices? When e-mail addresses are mentioned on the web, I see a lot of: send (dot) me (at) spam (dot) com send

@Murphy175

I strongly advise all sites I work on not to list email addresses in any form at all.

Yes, it helps reduce automated email collection (spam).

Yes, it helps prevent people/bots from determining the pattern your organization uses (firstname.lastname@example.com etc.)

It also might reduce info available to someone trying to do some social engineering (imagine their have a job posting that says to contact careers@mysite.com, any attacker would know that he could send a PDF with malicious code, formatted as a résumé, to that email address and have a very high chance it will be opened).

But even more important is that you can determine where your users/visitors that "convert" come from...that's impossible when people can find/click/see/guess the email address.

Vote Up Vote Down

@Caterina187

Yes, different email obfuscation methods do work with varying degrees
of success.

But each has to be weighed with whether they affect the ability for your customers to communicate easily with you. I wouldn't want to be
losing any business just because a user finds it annoying or time
consuming to contact me. It would be a particularly persistent
customer who would bother emailing again if the initial attempt
failed.


Basic text methods such as email (at) example (dot) com aren't particularly secure but more complex descriptors may work well. But then that means your customer has to type the email address into a mail program. The more complex the harder for an internet-challenged customer it becomes. Not very user-friendly.

An image with an email address on it is a similar method, also potentially insecure, and also not very user friendly. Don't forget, if you want them to be able to click it the code underneath must contain the email address or obfuscation anyway.

CSS text reversal methods are good if the person clicks the link, but not if they copy and paste the link as it can cause the reversal of the email address to be pasted by the user. Potentially troublesome.

ROT13 is currently a fairly secure method of obfuscating an email address on a page, but ROT47 (which incl. number & symbols) takes that to potentially foolproof, and is my choice if I need to have a text email address on a page.


The BEST SOLUTION? A simple contact form with a honeypot or some human checking process such as a simple CAPTCHA ensures that you don't
get too much spam and no-one gets your email address. Period. And it's
easy to create and link to a form from within your site.

Vote Up Vote Down