DEV Community

Cover image for TIP: Never leave your email address raw in the mailto link! Here's what to do instead

TIP: Never leave your email address raw in the mailto link! Here's what to do instead

Thalita G. on April 14, 2021

Usually, when you leave your email address on your website for people to click on, you may do something like this: <a href="mailto:name@examp...
Collapse
 
darkain profile image
Vincent Milum Jr

This is an example of Security through obscurity: en.wikipedia.org/wiki/Security_thr...

"Most email harvesters are advanced enough to detect common patterns"
The obfuscation technique used here is actually easier for bots to decode than adding things like [at] instead of @ in the text.

Common web scarping language, like PHP, have a built in method to decode HTML encoded entities, and the bots use these.

Collapse
 
thalitadev profile image
Thalita G.

As noted in my article, this solution is meant for mailto links themselves, where you can't obscure your email with things like [AT]. That's when the next best solution is to encode your email when you insist to use a mailto link at all.

Solutions like this one are never going to solve everything due to security through obscurity, but it at least gets rid of the scraping bots that can't decode these entities.

Of course, a more effective solution would be not to use mailto links at all and obscure your email effectively as you said. However, the article was about when you do have a mailto link. :p

Collapse
 
val09865 profile image
val09865

or you could hide the email link behind a captcha check which would do a better job at fighting bots

Collapse
 
ahri profile image
Adam Piper

HTML encoding is a system aimed at letting programs decode those patterns into characters. Trying to hide readable characters behind a system aimed at being more readable by programs than by humans is utterly pointless.

Collapse
 
l4znet profile image
Charly Escalona

Thx for this article, very interesting and useful, bookmarked :)

Collapse
 
pracoon profile image
Prasham Ashesh

This was witty made me smirk 😄

Collapse
 
thalitadev profile image
Thalita G.

Haha that's awesome! No problem 😉

Collapse
 
andrewbaisden profile image
Andrew Baisden

Cool good info shared here.

Collapse
 
juanfrank77 profile image
Juan F Gonzalez

Awesome article! short and to point. If you'll excuse me, I have some updates to do on my website....

Collapse
 
polymathsomnath profile image
Somnath Singh

Succinct! 👏👌

Collapse
 
pr332y profile image
Priya S

Would this work with a WordPress site? I'm using a theme which has fields to fill in with this info. Do I have to use the encoding for that?

Collapse
 
thalitadev profile image
Thalita G.

Wordpress has a page about this: codex.wordpress.org/Protection_Fro...