Telling People Your Email Address

One of the benefits of having a web site is that people may read what you have written and want to contact you. So you need to give them your email address. That does not sound too difficult does it? The simplest way is just to tell them. So for example you might include the paragraph:

<P>
        This is my email address:   my@emailaddress    Please send me an email.
</P>
	

<P>
        Click <A href="mailto:my@emailaddress">here</A> to send me an email.
</P>
	

When I first started this web site, I had something like this at the bottom of every page. It made life very easy for the viewer to contact me and caused no problems. Nowadays however there is a snag. There are some annoying people on the internet who want to send spam. ("Spam" is the name that has been given to unsolicited emails, usually trying to induce the recipient to part with their money by buying something, or by revealing their bank or credit card details.) Email addresses included in either of the above ways are very easy for a spammer to "harvest" from your web site. In the same way that the search engine robots crawl the web automatically collecting key words and phrases to index your pages, so the spammers can collect email addresses from your web pages. Email addresses are particularly easy to spot, because they always contain the @ symbol.

So nowadays, if you are going to put an email address on your site, you need to find ways of reducing the chances of a spammer finding it. I say "reducing" because you can never make it impossible for one group of people to discover your email address, whilst revealing it to a different group. However there are ways to improve the odds in your favour.

1. The first obvious move is only to have one page on your web site that contains your email address. In itself, this reduces the odds of a spammer finding it and it also means that any other cunning means you devise to obfuscate the address, have only to be applied in one place. You can still make it fairly easy for viewers to find the address by having links to this "contact me" page on as many other pages as you want. It also makes it easier to update your site if you change your email address. So it makes good sense anyway.

2. A next step is to get rid of the tell-tale @ symbol. When displaying text for your viewer to read, this can be done by replacing it by the equivalent character entity @ which displays as an @ symbol on the viewer's screen but is not so obviously spotted in the raw text, read by the spammer's robot. Fairly obviously, this method will not work for a clickable "send me an email" hyperlink. Just as the spammer's robot will not recognise the hidden @ symbol, nor will the email system, so the link will no longer work when you click it. That is unfortunately a price that has to be paid, unless a more complicated approach is used, which would be out of place in this "Beginner's Guide".

   There is an argument that it is not much more effort for the spammer to program his robot to seek out the @ entity pattern as well as the @ symbol. This is true, but will he bother? For a start, he now has to pattern-match a string of six characters, rather than a single character. This will significantly slow the rate of scanning, and like all businessmen, spammers play the percentage game. It makes good economic sense to miss one hidden email address if you can catch two or more un-hidden ones with the same effort. Remember that despite the way it seems, the spammer's objective is not to annoy you. He is aiming to make money. Emailing is so cheap that it is worth while to send out 999 emails that are ignored in order to catch the 1 person who is gullible enough to respond. This makes it even more sensible for him not to bother with "hidden" email addresses, since someone who has bothered to hide their address is is unlikely to be that gullible, one-in-a-thousand person, who will respond to the spam. I have used this technique on websites for some time, and so far it seems to work.

3. An even simpler technique that some web sites use for a displayed email address, is to display it incorrectly, by adding some spurious characters, such as an extra letter Z for example. Then some explanatory text below tells the viewer to omit the Z when typing the address into his email program. This looks less elegant but avoids the need to understand entity characters and the like. (Since you already know about entity characters, you are allowed to look smug at this point!)

4. If you want an easy-to-read email address that is better hidden from robots than the methods described above, a good alternative is to display the email address not as text, but as an image. So you use your favourite paint program to create an image of your email address, and include that on your page in the usual way with an <IMG> tag. Thus:

   <P align="center">
           This is my email address, please send me an email:<BR>
           <IMG src="email.gif" width="159" height="22">
   </P>
   	

   which would look like this:

   This is my email address, please send me an email:
   

   You will find this technique in use for my contact address on the main section of my web site by clicking here. There are people who would claim that even this is not sufficient, and that optical character recognition techniques can be used to detect the address from the image. They therefore advise heavily distorting the shapes of the letters, and placing them on a multicoloured background. Certainly OCR techniques can be used in this way and if the information you are trying to protect is sufficiently important, these optical ruses may help. However the remarks made above apply even more forcefully here. It is unlikely any spammer is going to go to these lengths just to harvest your email address. Suffice it to say I have now used this image technique for more than a year and not had a single item of spam attributable to it.

   There is even a cybermyth that spammers employ teams of low-paid workers to view web sites by eye and copy any email addresses found. Were this to be the case, there would be no solution, since anything that lets your intended viewer contact you, would also allow a human spammer to do so. Such techniques may well be used in attempts to compromise a high-profile web site. Fortunately (or perhaps sadly?) your website and mine are never likely to be famous enough to warrant such a heavy-weight attack.

5. The techniques described so far achieve their "spam-proofing" by sacrificing the ability to provide a simple clickable email link. There are ways to get around this by using a scripting language such as JavaScript to generate the email link on the user's browser as the page is displayed. As with the techniques described above, whilst a spammer could in principle reproduce this process to discover the email address, it would not be cost effective to do so. However since such techniques require a level of programming skill to implement, it would not be appropriate to describe them in detail in this beginner's guide.

6. Last but not least, you have the option of displaying a "throw-away" email address. You make no attempt to hide this from spammers but when you find it is attracting spam you simply abandon it and start using a new one. It is in any case a good idea to use a different email address on your web site from the one you normally use and give to your friends. This means if you do start to receive spam, you can tell whether it has come from the address displayed on your web site or by some other means. My experience is that people tend to blame their web site but that in practice only a small fraction of spam comes via that route. The majority of addresses are harvested directly from unsuspecting email user's address books, by inducing them to run a trojan program sent within an innocent looking email. Again it is a matter of percentages. Perhaps 10% of all internet users have their own web site. The other 90% will probably never have their email addresses displayed on a web page but they will all be stored in the email address books of their friends. So these are a source of rich pickings for the spammers.

Whichever method you use to display your email address, I hope it brings you many useful and interesting contacts. Remember if you want to contact me, you have only to click here to find my email address.