How to Protect Your E-Mail Address from Spambots
Web Marketing Today, Issue 120, January 7, 2003
Are you fed up with slimy spammers grabbing up your e-mail address and sending you bags full of unwanted e-mail? I am. For me, it's too late. My primary e-mail addresses have been spammed for years -- and probably appears on several $19.95 CDs. But for you, there may still be hope.
How Spammers Get Your E-Mail Address
Spammers get your e-mail address in several ways, some that you can't defend yourself against. Here are a few of the common methods:
- Buying a CD or joining a service that distributes e-mail address to those willing to pay.
- Hacking into the alias list or POP e-mail list at your ISP.
- Stealing intellectual property from your ISP or listserver.
- Grabbing your e-mail address through unscrupulous policies when you register for free downloads, etc.
- Guessing at your e-mail address by sending random e-mails and keeping those that aren't bounced.
- Using a spambot to prowl the Web looking for unsuspecting e-mail address on webpages to kidnap and take to its lair.
Of course, there are more spammer tricks. But while you can't stop some, you can do something about the last -- spambots, the focus of this article.
What is a Spambot?
Spambots are software "robots" that scour websites looking for e-mail addresses. They're trained to search for the @-sign between two words, characteristic of an e-mail address. When they find one, they add it to their list of e-mail addresses, and look for another. Spambots are lean, hungry programs that will work all day and all night for no pay, looking for innocent e-mail addresses to vacuum and then bombard.
Some novice marketers actually believe that this kind of software will bring e-mail addresses targeted by keywords. And so they purchase software to harvest e-mail addresses. Within a few minutes of searching I found such software selling for $150 to $200.
Disguising Your E-Mail Address
If your e-mail address appears on any website that isn't protected by passwords, or at least buried in a searchable database, your e-mail address can easily be vacuumed up by spambots. If you use mailto hyperlinks on your website, such as mailto:johndoe@domain.com, even if the e-mail address isn't visible to the reader, then you've just invited spambots to suck it up. How can you make your e-mail address available on your website without handing it to spammers?
One way is to use a graphic. Instead of displaying your e-mail address in HTML, write it into a graphic, such as: 
Yes, it's possible for spammers to get it, but very few will bother.
Another simple approach is to put spaces between the @ sign and the other characters, such as, johndoe @ domain.com This may not deter the most determined spammers, but it will greatly cut down on spam while still making your e-mail address available to your friends.
Another approach is to encode your e-mail address. Every HTML character has a corresponding numeric value, known as a character entity. For example, capital "A" is A while lower-case "a" is a. Observe that each of these begin with the characters &# and end with a semicolon. When a visitor's web browser sees a numerical code, it displays the letter it represents. Thus you could encode johndoe@domain.com as
johndoe@
domain.c
&
#111;m
Of course, spambot software won't stay stupid forever, but this trick might fool some. You'll find a number of places on the net that will encode your e-mail address for you, such as http://www.wbwip.com/wbw/emailencoder.html
Assembling Your E-Mail Address
It's also possible to store the username portion of the e-mail address separately from the domain name portion, and then have JavaScript on your visitor's web browser automatically assemble them when they are viewed. For example, see http://www.freewebmastertips.com/php/content.php3?aid=30
Hiding Your E-Mail Address
A common way that spambots harvest your e-mail address is to look at the source code of an HTML form on your site and extract the e-mail address from a field such as a hidden recipient field.
<input name="recipient" type="hidden" value="johndoe@domain.com">
To get around this, you'll probably need to use a CGI forms program exclusive for your webpage that has the recipient e-mail address built into the CGI code, not displayed as a hidden field on your webpage. Talk to your web hosting service or programmer about this relatively simple but effective approach.
Blocking Spambots
Finally, if you're a rabid anti-spammer, you might want to employ some method of identifying and barring spambots from your site altogether. Here are a couple of approaches that might interest techies, but are too much trouble for the average small business person:
- Neil Gunton, "Stopping Spambots: A Spambot Trap," http://www.neilgunton.com/spambot_trap/ Discusses many approaches, including a program that will detect and block spambots.
- Greg Sabino Mullane, Spambots Beware, 12/19/1999. http://www.turnstep.com/Spambot/
None of these methods are absolutely guaranteed to prevent spammers from getting your e-mail address, but they will help you stay clear of the more stupid spammers. And face it, anyone who would go to a lot of trouble to spam you would have to be stupid, wouldn't he?
