One of the primary ways spammers get email addresses is by stealing them from websites. They do this by using “spambots,” computer programs which automatically troll web pages and harvest email addresses.
“Munging” Your Address
There are two basic strategies for address munging. The first is to modify the addresses on your site in such a way that they are invalid but easily fixed by human beings, the second is to hide addresses on your pages so spambots cannot find them. Both strategies are discussed below.
You can make your address technically invalid by inserting random text that spambots won’t be able to recognize as not being part of the address, but most human beings will understand they need to remove before sending to you. For example, examine the same addresses expressed in three different ways:
carol@REMOVETHISexample.com
carolDELETEBEFORESENDING@example.com
Zarol@example.Zom (replace Zs with Cs)
Spambots will still harvest these addresses, but when spammers send to them their messages will bounce. Unfortunately, this continues to create traffic on the network and your mail server. More troubling, many legitimate visitors to your website will incorrectly demung your address and therefore be unable to send messages to you.
The second strategy is to hide addresses from spambots so they are never even harvested. If you want to hide your addresses from spambots, you must understand how they work. Most spambots find addresses by looking for patterns of text that look like an email address. For example, email addresses always contain an @. Spambots therefore scan the text of a webpage to find any @s. If you eliminate the @ from addresses then most spambots won’t be able to recognize that your addresses:
carol-at-example.com
carol(at)example.com
carol AT example DOT com
While this hides your address from spambots, visitors to your site will often still incorrectly demung your address, or not even recognize it is an email address, and therefore be unable to contact you.
A more sophisticated version of hiding your address, which still allows human users to see the addresses without any apparent munging, involves using ASCII character codes. ASCII character codes are like machine language for representing characters on a web page. For example, if you want to represent an @ you can either use the character itself, or you can use it’s ASCII character code: @ (ampersand number-sign six four semi-colon).
If you use the ASCII code then human visitors to your site will see an @ because their browsers automatically translate the character code. However, most spambots currently do not recognize the codes and therefore ignore addresses created with them. The following addresses will all appear the same if they are included in the HTML of your site:
carol@example.com
carol@example.com
carol@example.com
Notice that the last address above uses an ASCII code not only to replace the @, but also the period (.).