There's a way to mangle email addresses using javascript so that they display properly and are clickable, but don't read well by spambots. I've stickied you a site where we do this. I'm not sure of the specifics though as a developer set it up for me.

I should clarify that I don't know if spambots will see through the javascript. I just expressed an interest in the solution and that's what the developer came up with. Seems like it should work if for no other reason than I would assume it's too much work for harvesters to get into that...but I don't have any info either way.

It's not impossible for spambots to get around the javascript solution. Whether they do or not will depend on how many webmasters are implementing some sort of blocking. In other words, if there are enough naked email addresses for them, then for the most part they won't bother with the protected addresses.

Security is all a matter of degree, so there are lots of things to do to make emails safer, but none of them are perfect. You can make the addresses visible only to registered users, or only to visitors who accept a cookie. Or you could use a CAPTCHA.

Spambots don't usually identify themselves, so robots.txt is no use. But occasionally you can ban bots by IP address or user agent. This is probably the worst solution though, since the webmaster is left continually playing catch-up with the latest incarnations of all the bots.

Spambots may be able to see through most disguises, but in practice they don't usually bother because it takes up their resources.