Why you shouldn’t include a link to your email address on your Web site.

Many people — including me! — use their Web sites as a kind of global calling card, a way to share information about themselves or their companies with others all over the world. It’s common to want to share your contact information with site visitors — particularly potential customers — so they can contact you. This is often done through the use of a mailto tag. For example, <a href="mailto:me@domain.com">email me!</a> which appears as a clickable email link.

Unfortunately there are people out there who want your email address, people who want to scam you into sending money to Nigeria, advertise their online casinos, sell you prescription drugs, show you their porn sites — the list goes on and on. If you have your email address on any Web site, you probably already get a lot of this spam. That’s because of computer programs that crawl through Web sites and harvest email addresses that are included in the otherwise innocent mailto tag. Heck, they even harvest addresses that aren’t part of a mailto tag, so just including your email address on a Web page without a link can get you on a bulk email list.

So what’s the solution? There are a few.

One popular and easy-to-implement solution is to turn your email address into a text phrase that a site visitor must see and manually type in to use. For example, me@domain.com becomes me at domain dot com or meATdomainDOTcom. You get the idea. Someone who wanted to send you an email message, would be able to figure that out — if he couldn’t, he really shouldn’t be surfing the ‘Net anyway — and manually enter the correct translation in his email program. But email harvesters supposedly can’t figure this out (which I find hard to believe) so the email address isn’t harvested.

Another solution is to use an email obfuscation program. These programs take email addresses and change or insert characters to make them impossible to read. The email addresses look okay on the site — to a person viewing them — and work fine in a mailto link — when used from the Web site. WordPress plugins are available to do this. I don’t use any of them, so I can’t comment on how well they work. But they must be at least a little helpful if they’re available. You can find a few here, on the WordPress Codex.

The solution I use is form-based email. I created a Contact Form with fields for the site visitor to fill out. When the form is submitted, a program processes it and sends it to my email address. Because that address is not on the Web page that includes the form — or on any other Web page, for that matter — email harvesters cannot see it. As a result, I’m able to provide a means of contacting me via email that keeps my email address safe from spammers.

The program I use is called NateMail from MindPalette Software. it’s a free PHP tool that’s easy to install and configure. But what I like best about it is that you can set it up with multiple email addresses. Use a corresponding drop-down list in your form to allow the site visitor to choose the person the email should go to. NateMail directs the message to the correct person. You can see this in action on my other WordPress-based site, wickenburg-az.com, in its Contact Form. If you want a few more features, such as the ability to attach files to an email message, MindPalette offers ProcessForm for only $15.

Other WordPress users are likely to have their own favorite methods of protecting their email addresses from spammers. With luck, a few of them who read this will share their thoughts in the Comments for this post.

One more thing…this doesn’t just apply to WordPress-based sites. It applies to all Web sites. And a contact form tool like NateMail will work with any PHP-compatible Web server.

If you’re already getting spam, using one of these methods won’t stop it. It’ll just keep the situation from getting much worse. Your best bet is to change your email address and protect the new one. In my case, that’s a big pain in the butt — so many people I need to be in touch with have my email address and, worse yet, I often use it as a login for Web sites I visit (which does indeed make the spam situation worse). I’m working on a plan to phase out the bad addresses and replace them with ones that I protect. Until then, I have to rely on the spam-catching features of my ISP and my email software to sort out the bad stuff — currently about 20-40 messages a day — so I don’t have to.