Seven Ways to Protect Email from Spam Harvesters

Here are seven actions you can take to prevent spam harvesters from collecting your email address.

1. Don't post email addresses on your website

Do not list important addresses in plain text on your web site. Spammers harvest email addresses by “screenscraping” web sites. This is all spammers need to know that you value a particular address.

2. Don't try to obfuscate email addresses

There are several effective ways to use email addresses on web sites without allowing spammers to abuse them. One popular tactic that you should NOT use is obfuscating addresses with javascript. Unforetunately, it has been known since Roman timesm that obfuscation is a very weak form of security. See for more information on why this is a bad idea.

3. Do use contact forms

A better idea is to use a contact form that delivers the message to you while hiding the email address from prying eyes. Here's an example.

4. Don't share your information on dubious websites

Educate all your staff about the risk of visiting certain sites, or entering their email addresses into certain sites. Many enticing sites exist primarily to collect contact information for sale to others. For example, Facebook is a legalized version of the same business model, but that’s another story.

5. Don't open suspicious email messages

Avoid opening spam messages. If the title or sender looks suspicious, simply delete it. Never view the images in a spam message. Turn auto image viewing off in your email application. Never click on a link in a spam message. Through the use of hidden links and other tricks, such actions can be identified by the spammer, in which case you will likely receive even more spam soon.

6. Try to avoid generic email addresses

Avoid using obvious email addresses that anyone can guess, such as <>. Spammers use automated scripts to attack such addresses. If they ever get a response, into their database you go. If a particular email address is heavily targeted, it might make sense to simply stop using it and create a new address that is not yet in spam databases. That’s clearly an inconvenience, but it is sometimes the best way to side-step the spammers once they have identified you.

7. Consider using GoogleApps

GoogleDocs is free for qualified non-profits. Given Google’s uniquely deep view of realtime Internet activity, they are well-positioned to block new spam attacks as they emerge. Setting your email to use GoogleApps requires reconfiguring your MX records and email application settings, but your email addresses do not need to change.