4

We built a website with all our team members and their email addresses displayed on our About page. Now the question arose if bots will be able get their email addresses and send spam using those.

What is the best way to prevent this in 2021? Is protecting email addresses using JavaScript obfuscation still valid in 2021?

dan
  • 15,153
  • 11
  • 46
  • 52
public9nf
  • 289
  • 2
  • 7

2 Answers2

2

It depends on the bot. JavaScript certainly still makes a difference (I'd say the majority of bots don't parse JavaScript), but there are no doubt some bots that can parse it.

dan
  • 15,153
  • 11
  • 46
  • 52
davidgo
  • 8,560
  • 1
  • 21
  • 30
2

It is still somewhat effective. I have one page on my website that has my email address on it. That email address is unique to that page and I don't use it elsewhere. That page:

  • Uses JavaScript and HTML entity obfuscation for the email address
  • Doesn't use a mailto: link (you have to copy and paste the email address from text on the page)
  • Is disallowed by robots.txt
  • Isn't linked from my other pages (although it does have at least one external link after 15 years)

I still get zero spam at that address. How much of that can be attributed to the JS obfuscation compared to the other protection measures is impossible for me to know.

I would not recommend putting all your team members email addresses on your website with obfuscation. Even if bots can't read the emails, you don't want anybody to be able to copy all the email addresses by hand and email your entire office.

I'd recommend installing contact form software on your website that allows email to be sent to any of your team. I wrote a free, open-source, contact form that you can use. There are also good contact plugins for most content management system such as Contact Form 7 for WordPress or the Contact module for Drupal.

Stephen Ostermiller
  • 99,822
  • 18
  • 143
  • 364