With more and more aggressive spam attacks, and the ever-present need to submit some sort of personal data to just about any website you visit, protecting your contact information is more crucial than ever. We expect this need will only grow larger, too. It’s a small step from a clean, safe email, to a mess of an inbox. A step most would rather not take. So what can we actually do to protect email addresses and phone numbers from the less than noble (and often automated) dwellers of the Internet? And, at the same time, how can we still give our clients and friends a chance to get in touch as easily as possible?

Protect email referencing image shows a mailbox with a "private" sign

Image courtesy Dayne Topkin

The bad news is – there is no one definitive way to do it, to protect email address or phone number using just one method. The good news? There are plenty of means to choose from that you, personally, may find to be most convenient. So don’t despair and keep on reading!

How Emails are Found

Due to very specific formatting requirements, email addresses are fairly easy to recognize for online parsing bots and harvester software. The frequent inclusion of mailto tags only helps the matters further. It makes discerning email address from all the textual information on a webpage an absolute doddle.

An image illustrating search

Image courtesy Caleb Jones

For example, if we were to use PHP to find email addresses on a particular page, a few simple lines of code such as the following would already give us a pretty decent result. Not that we think you should go on and do this:

// variable $html contains the source code of a webpage
// array $arr contains all the strings separated by space
$arr = explode (' ', $html);

// let's find all the strings inside array $arr that contain the @ symbol
foreach ($arr as $str)
if (strpos ($str, '@') !== false)
// if @ symbol present in the string, add string to array $emails
$emails [] = $str;

This can be considered as a very primitive approach and it will, of course, give false results. There are also much faster ways to go through the contents of a web-page. It matters when you’re parsing hundreds of thousands of them. But the first step is, in essence, correct for simpler pages. It gives way for further refinement in search. More than that, it’s well within the skill set of a beginner programmer. Writing an immensely more sophisticated script is all too easy for someone truly experienced.

This may sound damning, but knowing how to recognize an email address also points us towards solutions on how to hide it. As is ever the case, the more complex ways tend to be more reliable and vice versa. But none are too much of a struggle when trying to protect email (and thus your privacy), so let’s get to it.

Protect Email Address!

1. Protect Email Address by Converting to an Image File

One of the best ways to protect email address from being harvested is to turn it into graphic, rather than textual, information. In other words, to replace „[email protected]“ with an image file (commonly, .PNG format) containing the address. While a real person can still read the address and enter it into the „To“ field when, say, wanting to send you an email, an automated parsing script will see nothing but the image file name in the HTML code. Text recognition software can decipher the address, of course, but that’s a slow, tedious process to go through and few harvesters bother, especially since there are ways to render the address in ways the said software will struggle to recognize (think Captcha and the like).

We are confident in saying that converting email address to an image file is perhaps the best way to protect contact information that does not require a lot of effort. Still, it’s not all rosy, as there is a downside to displaying images on a website – visually-impaired visitors will not be able to see them, and thus easily contact you. Definitely something to think about and solve.

There are plenty of online tools that can help with the text-to-image conversion, such as Safe Mail. Webmasters have access to plugins that enable the same functionality site-wide, and even a simple PHP function can help here.

2. Use a Throwaway Email

This is a very simple solution. Instead of fighting the spam and trying to protect your personal email, why don’t you just… not use your personal email? This is a very common practice and it really does work – one email for the serious, the people you know, friends and family, business partners and such. The other – for all the less important registrations that may result in possible spam. Keep the first one clean, use the other one more freely (up to a point, of course), and just ignore the spammy messages.

Image illustrating a garbage can being used

Image courtesy Gary Chan

There are plenty of free services that allow email registration (think mail.com, Google mail and even Yahoo). If the throwaway email inbox gets too clogged up, delete it and register a new one!

3. Protect Email Address using Encoding or Entities

Entities are characters reserved for HTML code. Basically, certain symbols can be input using appropriate keys, but also using entity name or number. For example, your browser will recognize the less than sign as either < (simple symbol), &lt; (entity name) or &#60; (entity number).

Most harvesting/parsing scripts will recognize symbols, but entity names or numbers less often. For the user, however, there is no difference, as the browser will show the symbol itself either way. So encoding an email address with the help of entities (your@email.here rather than [email protected] ) is a very simple way to protect contact information.

It’s not entirely fool-proof, mind – better-written scripts will look for both symbols and entities, and so will be able to find and decode such email addresses. But it still adds an extra layer of protection and will deter a portion of harvesters.

Alternatively, you can use less predictable encoding. Writing (at) instead of the symbol @ has now become quite a common practice, but a person will recognize (att) as @ just as well, while a parsing script might not.

For site-wide WordPress email protection – including of emails posted by viewers rather than the webmaster – there are numerous plugins available, too, that do the encoding for everyone else. Email Address Encoder springs immediately to mind

4. Webmaster? Use Contact Forms and Captcha

If you’re a webmaster and securing your contact email address means allowing your visitors to contact you, consider using Contact Forms. It’s especially easy with content management systems such as WordPress. The CM systems have plenty of plugins available to do the job. WPForms is a particular highlight with incredibly rich functionality for most major form types. There are also built-in templates available to get you started quickly.

Just make sure there is a good captcha-type puzzle that the email sender needs to solve before being able to contact you! Most of the form tools out there will have captcha. If the plugin does not have such functionality built in, there are plenty of em available on WordPress.org, too.

5. WordPress? Use Antispambot!

Using plugins is not the only way for WordPress webmasters to secure their contact information. WordPress developers have another suggestion – using the anstispambot function, which basically encodes your contact email address and makes it that much harder for bots to find.

Image showcasing a MacBook laptop with coding software

Image courtesy Christopher Gower

Let’s first create a shortcode that uses the antispambot function. To do that, first open the functions.php file, which is located on your website server, in the /public_html/wp-includes folder. Then, add the following code:

function safe_email ( $atts, $content )
return '<a href="mailto:'.antispambot ( $content ).'">'.antispambot ( $content ).'</a>';
add_shortcode ( 'email', 'safe_email' );

Now, save the file. Done! Whenever and wherever you now choose to display your contact email address on your website, just put it inside the [email] shortcode (for example, [email][email protected][email]). Any human visitors will be able to see and use it without issue, but spam bots will have a much harder time finding the link.

A huge thanks to Mr. Marco Mijatovic of First Site Guide for this tip – we would have missed it for sure!

Final Words

We all want to be safe, don’t we? As the decades pass, the definition of “safety” changes and broadens. Where we once wanted to be safe from physical and mental harm, it’s now almost as important to protect your online presence and personal information. Hopefully, this article has helped you to both grasp the importance of taking steps to protect email addresses, and help achieve some peace of mind regarding the matter, too.

Have something to share or add? We would love to hear from you in the comments section below!