Depends on how hard they're trying. email addresses that are shown strictly as images are probably safest-- but they'll infuriate your human visitors too. Same goes for "reveal this address" captchas.

Years ago there was a wonderful article by a couple of guys who must have gone through hundreds of throwaway addresses trying out all the permutations: how much spam* if I do this, how much if I do that. The bottom line was about what you'd expect: the single most vulnerable form is an e-mail address that's given in visible plain text, like yourname@example.com, right on the page.

Because Robots Are Lazy?


* I'm not kidding about "years ago". I read this back when Spamford Wallace was everywhere. Remember him?

put that in a picture

I've been removing e-mails from websites now for many years as the scrapers can't find an address to harvest.

If you must put the e-mail address on the site, as creeking and Lucy24 suggested, use a picture.

I currently use a simple php contact form, it is a little involved to set up but can be used on plain old html sites. The same guy offers a WP plugin. His name is Mike Challis and the forms have the option of many custom features like autoreplies, Akismet integration and css to alter appearance. He makes a Weather Station UI app for Mac that I use, he's at www .642weather.com/weather/scripts.php

There is also a .js encryption script that does work and I used it for years, never got spam. I moved to the php script because of the bots' evolution, but it is still used on some older sites and does a great job. It was originally offered by Jim Tucek and now adopted by Dan Appleman at danappleman. com/the-email-encryptor-reborn/