Shielding Your Email from Automated Harvesters
Every website owner knows the itch that comes after adding an email address to a public page. Spammers, armed with ever‑improving bots, scan the internet for simple patterns - plain text email addresses, hyperlinks that begin with mailto:, and even the occasional hidden characters that escape the eye. The result is a flood of unsolicited mail that clogs inboxes, wastes bandwidth, and erodes trust. The first line of defense is simple: never expose the raw address to any automated script.
Mailto links are the most conspicuous target. They look like this: <a href="mailto:contact@example.com">Email us</a>. When a visitor clicks the link, the browser opens their default mail client with the address pre‑filled. But the same pattern is a goldmine for harvesters. Even the most basic scraper will spot the mailto: string, pull the following characters, and add the address to a spam list. This is why the single, unadorned mailto: tag is a no‑go on any public page, guestbook, or forum signature.
Beyond the obvious, the rule is clear: keep the email invisible to bots. That means removing it from the page’s source, avoiding embedding it in any text that can be parsed, and refraining from hard‑coding it into any public form. Even if you hide it in a comment tag or a CSS rule, savvy harvesters can extract it with a few lines of code. The simplest and most robust solution is to eliminate the direct link entirely.
Next, consider the Robots.txt file. While most spammers ignore this file, it can still deter less sophisticated crawlers. A typical entry might read:
User-agent: *Disallow: /private/
Adding a rule that explicitly blocks paths containing the word “email” or “contact” can keep some bots from even reaching the page where you might inadvertently expose your address. Still, the file is publicly accessible, so an attacker can read it and decide whether to comply. Consequently, Robots.txt is a minor deterrent rather than a primary defense.
No comments yet. Be the first to comment!