I got an email last week in response to my recent post “The Email Address vs. Contact Form Debate” with a question:
What is your opinion on using brackets for @ and dot to prevent spam for email addresses? (like info[@]example[dot]com) I know originally brackets were used to hide detection from spiders, but now I think it is somewhat common so I am wondering if the spiders figured them out and how effective it is.
It’s a good questions and one I used to fret over quite a bit. However, it got to the point where I threw up my hands, stopped caring, and haven’t regretted it since.
Concerns Over “Exposed” Emails
There are three concerns when it comes to showing emails addresses.
- Bot Spam
- Human Spam
I list those in order of frequency I hear them, and I’ll address them in reverse order.
I mentioned privacy in the first post. True privacy concerns are rare but very valid. The only way to address them is never posting an email anywhere online.
The second reason that I dub “human spam,” is whether posting an email address makes it “too easy” to contact the site owner. I don’t put much weight in this concern as I’ve rarely seen it happen, and I think it’s more appropriate to handle this in other ways like form email responses. You never know when and why someone will need to contact you. ((Once, I tracked down a person’s email address on their business website to return a lost book .))
Finally, “bot spam” is the fear that computer programs will find your address and start spamming it. In this case, people look for ways to show their email address to humans but hide it from machines. Sound complicated? It kind of is.
Ways to “Hide” Emails
There are lots of ways to hide an email address from computers but not humans. Probably the most familiar to people and the one mentioned at the start is the “spell it out” technique:
- info AT MRWweb DOT com
- info [@] MRWweb [.] com
- info @ this website’s domain.
There are lots of other more-technical solutions:
- Turn the email address into an image.
- Write the email backwards and use code to flip it: moc.bewWRM@ofni (Copy and paste this to see that it’s backwards!)
- Put in hidden content in the middle of an email address and use code to hide it: info@Hello World!MRWweb.com (Copy and paste for a secret message. ((It seems worth noting that I’m using a bad version of this technique to make the copy-and-paste capture the hidden text. At least in Chrome, it seems that “display: none;” content is not copied. I address the copy and paste issue in the next section.)) ) ((Facebook uses a weird variant of this technique.))
- “Encode” the email so that it uses weird characters in the HTML that are then translated into human-readable ones.
- WordPress provides an antispambot function for this purpose.
- And more!
There was a great experiment testing nine techniques but it’s now eight years old. There’s another even longer list of techniques but it’s also from 2006. I suspect that the bots trawling the internet for email addresses have gotten smarter, though I don’t know how much. To be honest, there’s not much recent information I’ve seen to go off.
As shown by that experiment, some of these techniques work really well (or at least used to). However, whether they work is only part of the question.
Disadvantages to Most Obfuscation Techniques
Many people swear by one of those techniques above, but they all come with some type of disadvantage.
- The “spelled out,” image, backwards, and hidden content (sometimes) techniques can’t be copied and pasted into a “To” field without additional human work. Those techniques are also probably not very accessible to screen readers.
- Plugins that automatically modify email addresses on your site can slow down the page load time and may not catch every instance of the email anyway.
- If part of the page fails some of these technique may fail and display a bunch of garbage text to visitors. ((Making sure that the failure was either hidden or displayed in some other way is a great example of “graceful degradation.” I’ve seen some techniques that take the spelled out version of an email and convert it to a normal email with the correct symbols. If it fails, the address is still human-readable!))
- A lot of these techniques require using them every time you display your email. That’s extra work and hard to remember for less-technical users.
Whether that disadvantages outweighs the potential benefits is the most important questions, and one I can’t answer for every site.
I’m sure there are large sites where obfuscating emails makes a difference. However, I’ve never had a problem on my site nor on client sites that have their emails out in the open. Spam filters have gotten better and seem to catch most spam. ((I’m on Gmail which probably catches 90% of spam now that I’ve “trained” it and has very few false positives.))
Caveat: Where Else Do You Use Your Email?
It’s also important to remember that this is all for naught if your email address is exposed elsewhere. For example, here’s my email address for all to see on Google+ and in my 501 Commons Directory Profile. Unless you can control every place your email appears, ((And if you’re thinking about trying to use a spelled-out version of the email on other sites, many forms will “helpfully” force you to use an “@” symbol and no spaces to make sure you’re entering a real email. This is of course useful to make sure your account is linked to a real email address, but not useful for avoiding spam.)) it’s likely that at some point it will be exposed on another site or accidentally on your own.
What Do You Think?
I’d love to hear other opinions on this. I’ve done my best to inform myself of this issue since it affects my clients as well as me, but the issue can still feel like a bit of a black box at times. I’ve been lax with my own email and haven’t had problems. What about you?