Readit News logoReadit News
Posted by u/filipo 5 years ago
Ask HN: What is the safest way to put an Email address on my website in 2021?
actionowl · 5 years ago
Using a contact form that sends you an email server-side is a good one, that way they never have your email (unless you respond).

I also had a static website at one point where I didn't want to add server-side processing for a contact form so I stored the email address obfuscated in javascript like:

  ["m","o","c",".","l","i","a","m","e","@","e","m"].reverse().join('')
and injected it into the page. It seems that most scraper bots don't execute javascript and with it split into an array they likely won't find it by scraping the js files either.

LinuxBender · 5 years ago
Assuming this is your personal website, a form with a captcha should suffice. Ensure the form limits the input to printable text and limit how often the form may be used by IP and globally. Captcha doesn't need to be a third party. It can be a simple math problem or a simple logic question or even "What is in the picture below?" and have a picture of a horse. Why a form? So people don't get your real email address and you have the option to only view the messages on your website at your leisure. Legit users will leak their contacts when they get malware on their system.
soulchild37 · 5 years ago
I am assuming you want to deter bots from scrapping your website to get your email address and spam you.

I suggest using something like “you can reach me at filipo [at] this domain name.”

valarauko · 5 years ago
Honest Q: isn't it trivial to scrape the "filipo [at] domain" email address either? I see lots of websites use something like this, and it seems an easy enough task to write a RE that can figure out a valid address from it.
fariss · 5 years ago
Base64 encode it.

If someone wants to send you email, he should be able to decode your address.

dyingkneepad · 5 years ago
Well, if a programmer wants to send you email... Everybody else will have no idea what to do with it.
fariss · 5 years ago
You can mention that it's base64 encoded, heck you can even link an online decoder for them.
catacombs · 5 years ago
Normies don't know how to decode Base64.
jitendrac · 5 years ago
I will do following

   mailid<img src='at.png' alt="@"/>mydomain.com
then just skip creating at.png

DarrenDev · 5 years ago
Is this still an issue in 2021?

10-15 years ago I used to use all sorts of methods to prevent email addresses from being scraped, and I had 100s of spam emails a day to content with.

Nowadays I get maybe 2-3 spam emails a day and they're never to the 'info' or 'support' emails that I occasionally post on websites.

I don't think that this is a problem that needs fixing or requires any drastic preventative measures any more.

speedgoose · 5 years ago
I recently went with an SVG of the email address, with vectors and not text of course.
postit · 5 years ago
Is anyone still crawling emails in 2021?
fractionalhare · 5 years ago
Oh yeah.