This is a simple tip that will save you a lot of pain down the track – don’t publish your email address!
What do I mean by that? I mean, don’t put your email address in clear text anywhere on the web. Not on your web pages, not on someone else’s and never in any long term resource. The reason for this is simply that, if you do, the spambots will harvest it into their evil spam databases and over time you’ll see more and more spam coming in, until the email address becomes unusable because of a torrent of spam. While anti-spam systems will help, a heavily spammed account will still receive so much email that even highly effective filtering systems such as Google Apps will not sufficiently protect you.
Tim, a long term user (not his real name!) came to us recently. He was receiving literally hundreds of spam emails per day and it was becoming exhausting, and this was despite good filtering being available. We were able to work out some solutions for him, but it served only to reduce the spam to a manageable amount (5 a day at the time) rather than totally eliminate it.
“But I need to put my email address up so people can email me!”, I hear you saying.
There are several solutions you can use to keep your email address from getting destroyed.
Publish an alias or forwarder, not your main email address
This is simple – instead of publishing your email@example.com email address, publish one like firstname.lastname@example.org. Then when it starts receiving a lot of spam, delete it and replace it with email@example.com. These can be easily set up in cPanel’s Email Forwarder menu.
If you use Google Apps for your email, you don’t need to setup anything as you can already use syntax like firstname.lastname@example.org. If it starts getting a lot of spam, you can delete it.
Please note that while this method works nicely, you may not want to make it too obvious to guess the “real” email address behind it. The Google Apps method above does suffer from this, as it’s easy to guess the main email account name.
Use a contact form
Contact forms are the “gold standard” recommendation. Most contact form systems allow the use of dropdowns to select various departments, which then can be routed through to particular email addresses without exposing those email addresses in clear text.
This solution is the best possible, as it exposes nothing and will always be secure. You may though, want to include a “human” test on the form so you don’t get spam from it, and all the good contact form solutions do include these.
The two leading WordPress contact form solutions are Gravity Forms and Contact Form 7 and if you’re a do-it-yourselfer there are many good video tutorials. One important factor here is to choose a well-supported contact form system – look for good reviews, number of reviews, good documentation, and some reasonable ongoing program of releases.
Email address obfuscators
Obfuscation (in this case) means to alter your email address so it isn’t recognizable to a spambot, but still works when you click on it in a web browser. There are a number of methods used:
- Converting the email address letters into encoded characters (ie &37; etc)
- Using PHP code to generate the email mailto: link
While all of these methods appear to “work” at this point, they rely on spammers not having caught onto them. Surprisingly, as money is involved, spammers can be quite switched on and while you may be safe in the short term they will eventually catch up and grab your email address, and once they’ve grabbed it, you’ll start getting increasing amounts of spam.
The best and simplest summary here is that we recommend the use of contact forms rather than the other solutions. While the use of temporary email addresses is reliable, it does require changeover and contact forms will just keep working.
Oh – and by the way, our spam filtering does work – it’s just that nothing can cope in the long term with huge amounts of spam involved in this situation.