How to protect your email address from bots | Heart Internet Blog – Focusing on all aspects of the web

A key element of running an online business is making it as easy as possible for your customers to contact you. The most convenient way to do this is often email. But, putting your email address on your website leaves you open to predation from spambots and hackers.

At best, this can result in an annoying number of spam emails; at worst it can be dangerous to your security, especially if your details get into the hands of malicious web criminals.

Wired magazine estimates that more than 90 per cent of hack attacks begin with a phishing email; that is an email of malicious intent which contains a link or an attachment which will imperil your security if you click on it.

But, if you’re running a business, you want and need your customers to email you. So, how do you ensure that the business emails you receive are legitimate and not a phishing scam or spam?

Here are the pros and cons of a few approaches you can take:

Contact forms

Spambots can be successfully avoided, if you employ a contact form instead of displaying your email address.

You can use a free WordPress plugin, such as Contact Form 7, which is one of the simplest and most popular plugins, with more than 5 million active users.

Alternatively, you can create your own contact form using very simple HTML and CSS. w3schools’ tutorial is effective and easy-to-follow.

Or, Mozilla offers a highly detailed series of tutorials which can teach you everything you need to know about creating a range of forms.

The pros:
You can customise your form to ask supplementary questions and learn more about what your potential customer wants from your business.

You can also add extra features, such as a newsletter subscription checkbox.

You can set your form so that it will automatically be returned to the right person in your organisation.

The cons:
Potential customers may not have the patience to fill-in a contact form, so this may be a barrier to their purchase.

Also, a contact form can feel less personal than an email address, which might also be a barrier to customers responding.


reCAPTCHA is a way of adding additional security to your contact form by ensuring that the person trying to contact you is a genuine human being and not a robot.

The pros:
reCAPTCHA is operated by Google, so it has the support of one of the biggest players in global IT.

They are a commonly-used form of authentication, so your customers will be familiar with them.

They can be customised to suit your requirements.

The cons:
This may feel like another hurdle to overcome and, as such, may be a barrier to your customers continuing with their purchase.

The text-based images can be difficult to read and can result in real humans being turned away.

The image-based puzzles typically use photos of American highways and neighbourhoods, which are unfamiliar to British customers. So, again, this could result in a human customer being turned away by the automatic barrier.

Obfuscation via CSS

An e-mail address can also be disguised by cleverly reversing the order of the characters in the CSS and only bringing them back into the correct order when they are displayed in the browser.

Using the bidi-override value reorders the Unicode character sequence. In English, we read left-to-right (ltr), so you change the direction to right-to-left (rtl).

Take this piece of code, for example:

<p>Contact us at

<span style=”unicode-bidi:bidi-override;

direction: rtl;”> emanruoy@sserddaruoy.moc</span>.</p>

Here, ‘’ will appear normally on screen but, behind the scenes, the spambots will be reading ‘emanruoy@sserddaruoy.moc’, which is meaningless and will send their spamming emails nowhere.

The pros:
This is an invisible bit of software that your customers don’t need to be bothered by. They can send an email to you in the normal fashion.

The cons:
You need to have some basic coding knowledge to be able to execute this.

The more sophisticated spambots can see through this, by recognising the pattern and decoding your email address.

Replace your email link with an image.

Instead of displaying your email address as an active link, you can present customers with an image of your address – such as a jpeg or an SVG (Scalable Vector Graphic).

So, on screen, your customer will read something like:

‘Contact us at’, but the code will read something like:

<p>Contact us at <img src=”youraddress.jpg” width=”150″ height=”20″ alt=”Email address”></p>

The pros:
This will look like text to the human eye and be perfectly readable, but the spambots won’t recognise it as your address and therefore, won’t be able to add you to their database.

The cons:
The downside to this is that customers have to manually type your email address into their mail provider and this may be a barrier to them contacting you.

Also, screen readers for partially-sighted people can’t read images, so you may be reducing accessibility to your business. You can put your actual address in the alt-text for the image, so the screen readers can access that; but some spambots can read alt-text, so you’re back at square one.

Great business email from Heart Internet

None of these solutions are, by themselves, perfect. As with any aspect of online security, you’re safest if you use a range of defences. Heart Internet can help you with that, since all of our business email packages have spam and anti-virus filters built-in as standard.

The first step in using email for business is to claim your name. Every time you tell a customer your email address ends in ‘gmail’ or ‘yahoo’ or something similar, you’re advertising a company other than your own. So, check out business email from Heart Internet.


Please remember that all comments are moderated and any links you paste in your comment will remain as plain text. If your comment looks like spam it will be deleted. We're looking forward to answering your questions and hearing your comments and opinions!

Got a question? Explore our Support Database. Start a live chat*.
Or log in to raise a ticket for support.
*Please note: you will need to accept cookies to see and use our live chat service