I usually print it like myname(@)domain(dot)com and also put that into the mailto: link. It's a bit more work for people to have to remove that stuff, but it works.
Also, mailto:nospam.email@domain.com works.

I may be missing something here .. but installing mailto links which dont work on clicking them does seem a bit too much.

There is no point in adding a mailto link at all unless it works ... and you cannot assume real users will realise that parts need to be chopped out before using the link you provided.

If you don't want a functional mailto link yet want to display an address people can type into an email client and will get through - then create it as an image (and dont include the text as alt of course)

Unless harvesters install OCR on their screens it will only be humans that will be able to convert the pixel data on the image into a working textual email address they can use.

Otherwise surely hiding email addresses off page and allowing people to send mail via forms could work unless you really dont want people to be able to contact you.

Here is what I do:

1. Encrypt Mail with JavaScript

<script TYPE="text/javascript">
emailE=('name'+'@'+'widgets'+'.'+'com')
document.write('<A href="mai'+'lto:'+emailE+'">'+emailE+'</a>')
</script>

or..

2. Use Decimal NCRs

looks like this:

&#109;&#97;&#105;&#108;&#64;&#119;&#105;&#100;&#103;&#101;&#116;&#46;&#99;&#111;&#109;

... here is a good converter:
[people.w3.org...]

or..

3. Use a combination of 1 and 2 for the very paranoid ;-)

I use method 2 mentioned above... Works for now, but we know it's not a great longterm solution. However it's more usability friendly than method 1. In the end, it's a battle of usability vs protecting your mail from harvesters.

Using an image of your address with no alt tag would be the safest tool against harvesters, but that will kill your usability. On the other hand it's going to have to be in plain text to be completely usable. It's a no win situation.

Using the hex Unicode instead of the decimal has so far worked for me-- don't know how long that will last.

<a href="&#x006D;ailt&#x006F;&#x003A;me&#x0040;mysite.com">me&#x0040;mysite.com</a>

Displays and works fine in current browsers but it doesn't "look" like an e-mail address, so the siphons seem to ignore it-- at least for now.

The decimal method mentioned above is no longer safe. The preferred way to cloak your e-mail address in public is JavaScript.

The safest way to get contact from the web would be a form...but if you have to put up an address, then something like the Hiveware Enkoder is a good start.

Thanks guys, great response.
Think I'll create an image and link it to a form :)

document.write('<A href="mai'+'lto:'+emailE+'">'+emailE+'</a>')

will not validate in the W3C HTML validator. The backslash in the closing tag needs to be escaped like this: '<\/a>'.

Alternatively:
document.write(emailE.link('mai'+'lto:'+emailE))

Cheating, I know, but I just have a contact form on my websites...

A contact form may put some users off, since they don't have a copy of the message that they sent. I think you need to be a little careful about the use of these.

There was a discussion aboout this a little while back, but I'm afraid I can't find it now.

TheDoctor has a valid point
although one might add to the form a txt that reads
we use...for your privacy...
please save in word a copy of...
etc..

if not, we are back to the same question
what will be the best protection?

I use contact forms, and encrypt the send-to email address in ascii ... works well.

If I do display an email address I encrypt it in ascii and use me at mysite dot com.

It depends upon the reason for the link on your page. If you are selling something, or offering your services, you want people to contact you. Use the mailto link without any change in your address. Sure, you will get spam, but you are going to get it no matter what--the harvesters have programs to decode almost everything, except perhaps graphics with an unusual font.

On the other hand, if the only reason for the link is for complaints, make it as difficult as you want. ;-}

If you wanted users to be able to retain a copy of the message they send you, then options are: (1) Include it in your reply to them or (2) make your script email them a copy of the message as well, or (3) include their email address as a .cc or .bcc.

isorg thats when the problems of abuse can easly start.

How will you know that the email address they give is theirs? if it is not you are sanctioning someone unknown sending possibly abusive messages from your domain with the consequences that may bring. Make sure at least that it is not machine exploitable because if it is you will have a flood of mails though there in no time at all.

Yes you could handshake with the email address for confirmation but its an extra pain.

I think most people understand that forms are one way of communicating and are ideal for users browsing on machines where they dont have acccess to an email client. I dont think you should use forms without there also being a static email address or mailto link people could choose to use nearby.

I use a contact-form on my site in combination with a mysql table wich holds all the email adresses.

Most of the time I hide an emailadres on the site when it is from a visitor; while still giving the opertunity to sent an email to that person. The sender simply doesn't know where it is heading :).

When it has to be displayed because it is a sales-adress or something like that I allways use the format:
"user . name # domain . tld"
(including the spaces)

Links to the contact-page contain a reference to the database where it has to fetch the adress.
The sender has the ability to sent a copy to himself.
And when the adres is exposed (in the above format) he also has the ability to type that into his own mail application.

I never received any spam on those adresses :)

I use a snippet of javascript:

<script language="JavaScript">
document.write('<a href="mailto:sales' + '@' + 'domain.com">' + 'sales' + '@' + 'domain.com</a>');
</script>

sem4U
I tried your JS
however only the last part works
and the first address does not show

EDIT
<<
Sorry I was thing this demonstrated a CC and a primary address,
so yes as is it works
How will you add a CC?
>>
I am not much of a JS person :)

thanks

Henry

[edited by: henry0 at 11:54 am (utc) on April 13, 2004]

If Sem4U script works
Is it possible to store in a DB mail address fragment
and then bring it back together via an PHP include or DB query
another word could you mix a JS script with php snippets? if so how?
thank

another word could you mix a JS script with php snippets? if so how?

Not really much benefit to this as the server would present it as HTML to the browser/crawler.

Unless I am wrong that is?