Lewisham Online Resources

   home | communities | directory | resources | forum | faq | objectives

Whitepaper: Email Addresses on Websites

Whitepapers are occasional discussions on topics relevant to community webmasters. The views are solely those of the author. If you have something to add or wish to argue a point - please use the <forum>

Think twice before you put an email address on a website. Why? - the answer is simple, SPAM!

Most email is spam and spammers try and send it to every existing email address. How do they find your email address? Simple - they send 'spambots' to search your webpages sniffing for email addresses. Anything that looks like me@domain is added to their spamming lists and CDs of email addresses sold to other spammers. A few months you may start receiving spam in ever increasing quantities. So putting an email address on a website is not usually a good idea.

But I want people to email me from my website!

There are some devices to get email and avoid getting spammed. Here are three:

  • Use a disposable address. You can get free email addresses at places like gmail.com, yahoo.com & lycos.co.uk. Put these on your website and when they get compromised abandon them and get another!
  • Do as I do at the bottom of this page. You think you can see my email address - but it is really a graphic image. You can't cut'n'paste it like the rest of the words on this page. It makes it hard (but not impossible) for any automated spam harvester to grab it.
  • Use a form like the one below. These use scripts. You need a webserver that supports a 'cgi-bin'. But beware old scripts are dangerous (they can be hacked) and most modern scripts still have the complete email address where the spambots can find it. This website uses a script that munges the email address so it cannot be traced. Not to be attempted unless you understand PHP or Perl. See 'tips' below.
 

TIPS

Check your email address: Use Google to search for your email address. If Google can find it then so will the spambots. You may find someone else has helpfully listed your email on their website. You may wish to share this advice with them ;-)

Avoid obvious addresses: Spammers guess at usernames and send speculative email to, say, webmaster@yourdomain.com. If you open it and it has a downloadable image you may have signalled to the spammers that it is a live email address and your email is now a valuable commodity in spamworld. Point these addresses straight at a trash can.

Email verification & contact lists: Be very careful of using third party organisations to verify, filter email or hold your contact lists. Many are genuine but offering this service is an obvious ploy for spammers to get their hands on the most used email addresses. Allowing non-EU based organisations to share your contacts' personal details is now illegal if they have not agreed to 'safe harbour' conditions. Even large genuine companies are a risk. An AOL employee has recently been charged with selling off a large chunk of the customer base.

Checking 'Form' pages: If you use a form like the one below (or use a scripted page provided by your hoster) you should check your email address not only does not appear on the page but in the hidden code. Open the page in your browser and check the source (usually under the 'View' menu). If you can find @yourdomain - you are heading for trouble.

 

Send a message using a form

Message

Your name

Your website

Your email