Spamproof Your Site

Share this article

Anyone who operates their own Website knows that you need to provide a way for visitors to contact you by email. The big challenge is to provide easy email access to your visitors, without letting junk mail flood your inbox. The techniques described in this article have enabled me to dramatically reduce the amount of junk mail I receive through all my sites.

Preparing and Preempting

You need a couple things before you can really take effective action against spam. Your email software must be capable of filtering incoming email — all the major email applications (such as Eudora, Outlook, and Pegasus) support this functionality. We’ll use multiple email addresses to allow us to filter out spam and identify the source — you can’t combat spam effectively without filtering.

You’ll also need to use a Web host that provides unlimited email aliases or addresses, and/or a catch-all email address. An "alias" is an email address that forwards to some other address (for example, webmaster@domain.com forwarding to your real email address). A "catch-all" email address will forward any emails sent to unknown addresses in your domain.

For my own Websites I use the catch-all, so that every message goes to my real email address. If you have more than a one-person operation, however, multiple email accounts and aliases are pretty much a necessity.

Fighting Back

The first step in fighting back against spammers is to understand where they found your email address. You must diligently protect your email address if you ever hope to stop them. Once your email address falls into the wrong hands, it will be sold on CD-ROM (via junk mail, of course) to thousands of spammers. And once that happens, you’ve lost the fight.

Spam Source #1: Domain Name Registrations

When you register a domain name, you must provide a contact email address. If you give them your real email address, you’ve just given it to everyone, including the spammers. Instead, use a portable email address (like Hotmail) to set up your domain.

If you have multiple domains, you can also use an alias (domains@yourdomain.com) on your primary domain for all registrations. With an alias, you can use your email software to filter out and save any emails that come to that address from your registrar’s domain.

Spam Source #2: Web Forms & Email Newsletters

If you give your real email address on any Web form, or use it to subscribe to an email newsletter, you’re asking for trouble. Instead, create a unique email address for each Website or newsletter. I just use the Website’s domain name for this.

For example, if you subscribe to the SitePoint Tribune as "sitepoint.com@yourdomain.com" and let your catch-all address route it to you, you will always know where the email came from. If that address ever starts receiving junk mail, you can filter it out using your email software.

If you submit to search engines or free-for-all links pages (FFA’s), use a unique email address every time. FFAs, in particular, are famous for flooding the world with junk mail. Once you’ve given an email address to an FFA, you may as well forget about ever using it again.

Spam Source #3: Your Website

The biggest source of email addresses used by spammers is your Website. Most sites list multiple contact addresses — any time an email address appears on your Website in plain text, even if it’s hidden in a form field, you’re opening yourself up to having that email address captured.

To combat this menace, I’ve developed a set of JavaScript snippets that will meet almost every need you have to display your email address to the public, without allowing spambots to see it.

The Big Battle: Secure Your Website From Spambots

Almost every Website operator wants search engine spiders to visit. After all, search engines are the best source of free traffic on the Web. In the event that you don’t want them to visit, they are easily kept at bay with a properly formatted "robots.txt" file.

Unfortunately, there’s another group of spiders out there crawling the Web with an entirey different purpose. These are the spiders that visit site after site to collect email addresses. You may know them as spambots, email harvesters, or any number of other unpublishable names.

When it comes to controlling these rogue spiders, a robots.txt file simply won’t get the job done. In fact, most spam robots ignore robots.txt. But that doesn’t mean you have to give up and just let them have their way. Here are a few techniques that’ll stop these spiders in their tracks!

Technique #1: Use JavaScript To Mask Email Addresses

One of the weaknesses that spiders of all kinds suffer from is an inability to process scripts. Adding a small snippet of JavaScript in place of an email address effectively renders the address invisible to spiders, while leaving it accessible to your visitors with all but the most primitive Web browsers.

In the three examples below, simply substitute your username (the first half of your email address, everything before the @ symbol) and your hostname (everything after the @ symbol). To use the scripts, just insert them into your page’s HTML wherever you need them to be displayed.

Create A Spam-Proof Mailto Link

This snippet of JavaScript creates a clickable link that launches the visitor’s email application, assuming that their system is configured to work with "mailto:" hyperlinks. You can replace the link text with your own message, but see example 2 if you want to display your email address as the link text.

<script language=javascript>  
<!--  
var username = "username";  
var hostname = "yourdomain.com";  
var linktext = "Click Here To Send Me Email";  
document.write("<a href=" + "mail" + "to:" + username +  
"@" + hostname + ">" + linktext + "</a>")  
//-->  
</script>

A Spam-Proof Mailto Link That Shows Your eMail Address

Some visitors won’t be able to use a mailto link. This snippet shows your email address in the link so they can copy and paste, or type it by hand:

<script language=javascript>  
 
<!--  
var username = "username";  
var hostname = "yourdomain.com";  
var linktext = username + "@" + hostname;  
document.write("<a href=" + "mail" + "to:" + username +  
"@" + hostname + ">" + linktext + "</a>")  
//-->  
</script>

Display Your Email Address Without A Mailto Link

Here’s a snippet that displays your email address without a clickable link:

<script language=javascript>  
<!--  
var username = "username";  
var hostname = "yourdomain.com";  
var linktext = username + "@" + hostname;  
document.write(username + "@" + hostname)  
//-->  
</script>

Technique #2: Use A Contact Form

Sometimes, the sheer volume of legitimate email from real visitors can become a burden. In this case, a simple solution is to remove your email address from your site entirely, and use a contact form. There are dozens of free ASP, Perl, and PHP scripts available online that will allow your users to fill in a form, and send you an email. Most hosting providers now offer this service for free to their customers.

A contact form can enable you to deal with a higher volume of mail, by allowing you to pre-sort different types of message. This is easily accomplished by creating a drop-down menu with different options (e.g. customer service, billing, tech support, etc.) that will populate the subject line of the email message, and/or change the email address to which the form is sent.

As many spambots simply read the entire HTML source of the page in search of anything that looks like an email address, your contact form may not protect you, if you include your email address in the form’s HTML (for example, as a hidden field). You can use JavaScript, as shown in the example below, to mask the address, or if you have the skill, you can embed the email address in your form processing script, where nobody can find it.

Masking The Email Address In A Form Field

Instead of simply listing your email address in a form field, use the snippet below to replace the form field that contains your email address.

<script language=javascript>  
<!--  
var username = "username";  
var hostname = "yourdomain.com";  
var linktext = username + "@" + hostname;  
document.write("<input type=hidden name=email  
value=" +username + "@" + hostname" + ">";  
document.write(username + "@" + hostname);  
//-->  
</script>
Advanced Techniques: URL Rewriting

Both the Apache and IIS Web servers have plug-in URL-rewriting modules that can be used to provide additional protection to your site, redirecting queries from known spambots to a blank page, or to another Website. These techniques are beyond the scope of this article, and using them will slow your server down, if only a little.

I hope that this tutorial has given you a clear understanding of how to protect your Website, and your email address, from spammers and spambots.

Dan ThiesDan Thies
View Author
Share this article
Read Next
How to Deploy Apache Airflow on Vultr Using Anaconda
How to Deploy Apache Airflow on Vultr Using Anaconda
Vultr
Cloud Native: How Ampere Is Improving Nightly Arm64 Builds
Cloud Native: How Ampere Is Improving Nightly Arm64 Builds
Dave NearyAaron Williams
How to Create Content in WordPress with AI
How to Create Content in WordPress with AI
Çağdaş Dağ
A Beginner’s Guide to Setting Up a Project in Laravel
A Beginner’s Guide to Setting Up a Project in Laravel
Claudio Ribeiro
Enhancing DevSecOps Workflows with Generative AI: A Comprehensive Guide
Enhancing DevSecOps Workflows with Generative AI: A Comprehensive Guide
Gitlab
Creating Fluid Typography with the CSS clamp() Function
Creating Fluid Typography with the CSS clamp() Function
Daine Mawer
Comparing Full Stack and Headless CMS Platforms
Comparing Full Stack and Headless CMS Platforms
Vultr
7 Easy Ways to Make a Magento 2 Website Faster
7 Easy Ways to Make a Magento 2 Website Faster
Konstantin Gerasimov
Powerful React Form Builders to Consider in 2024
Powerful React Form Builders to Consider in 2024
Femi Akinyemi
Quick Tip: How to Animate Text Gradients and Patterns in CSS
Quick Tip: How to Animate Text Gradients and Patterns in CSS
Ralph Mason
Sending Email Using Node.js
Sending Email Using Node.js
Craig Buckler
Creating a Navbar in React
Creating a Navbar in React
Vidura Senevirathne
A Complete Guide to CSS Logical Properties, with Cheat Sheet
A Complete Guide to CSS Logical Properties, with Cheat Sheet
Ralph Mason
Using JSON Web Tokens with Node.js
Using JSON Web Tokens with Node.js
Lakindu Hewawasam
How to Build a Simple Web Server with Node.js
How to Build a Simple Web Server with Node.js
Chameera Dulanga
Building a Digital Fortress: How to Strengthen DNS Against DDoS Attacks?
Building a Digital Fortress: How to Strengthen DNS Against DDoS Attacks?
Beloslava Petrova
Crafting Interactive Scatter Plots with Plotly
Crafting Interactive Scatter Plots with Plotly
Binara Prabhanga
GenAI: How to Reduce Cost with Prompt Compression Techniques
GenAI: How to Reduce Cost with Prompt Compression Techniques
Suvoraj Biswas
How to Use jQuery’s ajax() Function for Asynchronous HTTP Requests
How to Use jQuery’s ajax() Function for Asynchronous HTTP Requests
Aurelio De RosaMaria Antonietta Perna
Quick Tip: How to Align Column Rows with CSS Subgrid
Quick Tip: How to Align Column Rows with CSS Subgrid
Ralph Mason
15 Top Web Design Tools & Resources To Try in 2024
15 Top Web Design Tools & Resources To Try in 2024
SitePoint Sponsors
7 Simple Rules for Better Data Visualization
7 Simple Rules for Better Data Visualization
Mariia Merkulova
Cloudways Autonomous: Fully-Managed Scalable WordPress Hosting
Cloudways Autonomous: Fully-Managed Scalable WordPress Hosting
SitePoint Team
Best Programming Language for AI
Best Programming Language for AI
Lucero del Alba
Quick Tip: How to Add Gradient Effects and Patterns to Text
Quick Tip: How to Add Gradient Effects and Patterns to Text
Ralph Mason
Logging Made Easy: A Beginner’s Guide to Winston in Node.js
Logging Made Easy: A Beginner’s Guide to Winston in Node.js
Vultr
How to Optimize Website Content for Featured Snippets
How to Optimize Website Content for Featured Snippets
Dipen Visavadiya
Psychology and UX: Decoding the Science Behind User Clicks
Psychology and UX: Decoding the Science Behind User Clicks
Tanya Kumari
Build a Full-stack App with Node.js and htmx
Build a Full-stack App with Node.js and htmx
James Hibbard
Digital Transformation with AI: The Benefits and Challenges
Digital Transformation with AI: The Benefits and Challenges
Priyanka Prajapat
Quick Tip: Creating a Date Picker in React
Quick Tip: Creating a Date Picker in React
Dianne Pena
How to Create Interactive Animations Using React Spring
How to Create Interactive Animations Using React Spring
Yemi Ojedapo
10 Reasons to Love Google Docs
10 Reasons to Love Google Docs
Joshua KrausZain Zaidi
How to Use Magento 2 for International Ecommerce Success
How to Use Magento 2 for International Ecommerce Success
Mitul Patel
5 Exciting New JavaScript Features in 2024
5 Exciting New JavaScript Features in 2024
Olivia GibsonDarren Jones
Tools and Strategies for Efficient Web Project Management
Tools and Strategies for Efficient Web Project Management
Juliet Ofoegbu
Choosing the Best WordPress CRM Plugin for Your Business
Choosing the Best WordPress CRM Plugin for Your Business
Neve Wilkinson
ChatGPT Plugins for Marketing Success
ChatGPT Plugins for Marketing Success
Neil Jordan
Managing Static Files in Django: A Comprehensive Guide
Managing Static Files in Django: A Comprehensive Guide
Kabaki Antony
The Ultimate Guide to Choosing the Best React Website Builder
The Ultimate Guide to Choosing the Best React Website Builder
Dianne Pena
Exploring the Creative Power of CSS Filters and Blending
Exploring the Creative Power of CSS Filters and Blending
Joan Ayebola
How to Use WebSockets in Node.js to Create Real-time Apps
How to Use WebSockets in Node.js to Create Real-time Apps
Craig Buckler
Best Node.js Framework Choices for Modern App Development
Best Node.js Framework Choices for Modern App Development
Dianne Pena
SaaS Boilerplates: What They Are, And 10 of the Best
SaaS Boilerplates: What They Are, And 10 of the Best
Zain Zaidi
Understanding Cookies and Sessions in React
Understanding Cookies and Sessions in React
Blessing Ene Anyebe
Enhanced Internationalization (i18n) in Next.js 14
Enhanced Internationalization (i18n) in Next.js 14
Emmanuel Onyeyaforo
Essential React Native Performance Tips and Tricks
Essential React Native Performance Tips and Tricks
Shaik Mukthahar
How to Use Server-sent Events in Node.js
How to Use Server-sent Events in Node.js
Craig Buckler
Five Simple Ways to Boost a WooCommerce Site’s Performance
Five Simple Ways to Boost a WooCommerce Site’s Performance
Palash Ghosh
Elevate Your Online Store with Top WooCommerce Plugins
Elevate Your Online Store with Top WooCommerce Plugins
Dianne Pena
Unleash Your Website’s Potential: Top 5 SEO Tools of 2024
Unleash Your Website’s Potential: Top 5 SEO Tools of 2024
Dianne Pena
How to Build a Chat Interface using Gradio & Vultr Cloud GPU
How to Build a Chat Interface using Gradio & Vultr Cloud GPU
Vultr
Enhance Your React Apps with ShadCn Utilities and Components
Enhance Your React Apps with ShadCn Utilities and Components
David Jaja
10 Best Create React App Alternatives for Different Use Cases
10 Best Create React App Alternatives for Different Use Cases
Zain Zaidi
Control Lazy Load, Infinite Scroll and Animations in React
Control Lazy Load, Infinite Scroll and Animations in React
Blessing Ene Anyebe
Building a Research Assistant Tool with AI and JavaScript
Building a Research Assistant Tool with AI and JavaScript
Mahmud Adeleye
Understanding React useEffect
Understanding React useEffect
Dianne Pena
Web Design Trends to Watch in 2024
Web Design Trends to Watch in 2024
Juliet Ofoegbu
Building a 3D Card Flip Animation with CSS Houdini
Building a 3D Card Flip Animation with CSS Houdini
Fred Zugs
How to Use ChatGPT in an Unavailable Country
How to Use ChatGPT in an Unavailable Country
Dianne Pena
An Introduction to Node.js Multithreading
An Introduction to Node.js Multithreading
Craig Buckler
How to Boost WordPress Security and Protect Your SEO Ranking
How to Boost WordPress Security and Protect Your SEO Ranking
Jaya Iyer
Understanding How ChatGPT Maintains Context
Understanding How ChatGPT Maintains Context
Dianne Pena
Building Interactive Data Visualizations with D3.js and React
Building Interactive Data Visualizations with D3.js and React
Oluwabusayo Jacobs
JavaScript vs Python: Which One Should You Learn First?
JavaScript vs Python: Which One Should You Learn First?
Olivia GibsonDarren Jones
13 Best Books, Courses and Communities for Learning React
13 Best Books, Courses and Communities for Learning React
Zain Zaidi
5 jQuery.each() Function Examples
5 jQuery.each() Function Examples
Florian RapplJames Hibbard
Implementing User Authentication in React Apps with Appwrite
Implementing User Authentication in React Apps with Appwrite
Yemi Ojedapo
AI-Powered Search Engine With Milvus Vector Database on Vultr
AI-Powered Search Engine With Milvus Vector Database on Vultr
Vultr
Understanding Signals in Django
Understanding Signals in Django
Kabaki Antony
Why React Icons May Be the Only Icon Library You Need
Why React Icons May Be the Only Icon Library You Need
Zain Zaidi
View Transitions in Astro
View Transitions in Astro
Tamas Piros
Getting Started with Content Collections in Astro
Getting Started with Content Collections in Astro
Tamas Piros
What Does the Java Virtual Machine Do All Day?
What Does the Java Virtual Machine Do All Day?
Peter Kessler
Become a Freelance Web Developer on Fiverr: Ultimate Guide
Become a Freelance Web Developer on Fiverr: Ultimate Guide
Mayank Singh
Layouts in Astro
Layouts in Astro
Tamas Piros
.NET 8: Blazor Render Modes Explained
.NET 8: Blazor Render Modes Explained
Peter De Tender
Mastering Node CSV
Mastering Node CSV
Dianne Pena
A Beginner’s Guide to SvelteKit
A Beginner’s Guide to SvelteKit
Erik KückelheimSimon Holthausen
Brighten Up Your Astro Site with KwesForms and Rive
Brighten Up Your Astro Site with KwesForms and Rive
Paul Scanlon
Which Programming Language Should I Learn First in 2024?
Which Programming Language Should I Learn First in 2024?
Joel Falconer
Managing PHP Versions with Laravel Herd
Managing PHP Versions with Laravel Herd
Dianne Pena
Accelerating the Cloud: The Final Steps
Accelerating the Cloud: The Final Steps
Dave Neary
An Alphebetized List of MIME Types
An Alphebetized List of MIME Types
Dianne Pena
The Best PHP Frameworks for 2024
The Best PHP Frameworks for 2024
Claudio Ribeiro
11 Best WordPress Themes for Developers & Designers in 2024
11 Best WordPress Themes for Developers & Designers in 2024
SitePoint Sponsors
Top 10 Best WordPress AI Plugins of 2024
Top 10 Best WordPress AI Plugins of 2024
Dianne Pena
20+ Tools for Node.js Development in 2024
20+ Tools for Node.js Development in 2024
Dianne Pena
The Best Figma Plugins to Enhance Your Design Workflow in 2024
The Best Figma Plugins to Enhance Your Design Workflow in 2024
Dianne Pena
Harnessing the Power of Zenserp for Advanced Search Engine Parsing
Harnessing the Power of Zenserp for Advanced Search Engine Parsing
Christopher Collins
Build Your Own AI Tools in Python Using the OpenAI API
Build Your Own AI Tools in Python Using the OpenAI API
Zain Zaidi
The Best React Chart Libraries for Data Visualization in 2024
The Best React Chart Libraries for Data Visualization in 2024
Dianne Pena
7 Free AI Logo Generators to Get Started
7 Free AI Logo Generators to Get Started
Zain Zaidi
Turn Your Vue App into an Offline-ready Progressive Web App
Turn Your Vue App into an Offline-ready Progressive Web App
Imran Alam
Clean Architecture: Theming with Tailwind and CSS Variables
Clean Architecture: Theming with Tailwind and CSS Variables
Emmanuel Onyeyaforo
How to Analyze Large Text Datasets with LangChain and Python
How to Analyze Large Text Datasets with LangChain and Python
Matt Nikonorov
6 Techniques for Conditional Rendering in React, with Examples
6 Techniques for Conditional Rendering in React, with Examples
Yemi Ojedapo
Introducing STRICH: Barcode Scanning for Web Apps
Introducing STRICH: Barcode Scanning for Web Apps
Alex Suzuki
Using Nodemon and Watch in Node.js for Live Restarts
Using Nodemon and Watch in Node.js for Live Restarts
Craig Buckler
Task Automation and Debugging with AI-Powered Tools
Task Automation and Debugging with AI-Powered Tools
Timi Omoyeni
Get the freshest news and resources for developers, designers and digital creators in your inbox each week