E-mail links, protective solutions against SPAM

If you place your e-mail address somewhere visible on your website, it will be only a matter of time until your e-mail account will get more and more spam messages. There are lots of spam bots checking the Internet for email addresses on regular websites, forums, blog and mailing lists. Once caught by some spam bot your mailbox is in need of a strong spam filter or sometimes it might be better to use a new e-mail address.

In this article we show you different ways, how you’re able to show your e-mail address to human visitors and hide it for spam bots.

Don’t forget, the solutions mentioned in this article are not a total protection against spam. If you share your e-mail address online, the chance that your e-mail address get on a spammer’s list is big. We advice that if you need to share an e-mail address with your websites’s visitor, to not use your personal e-mail address.

With each solution we give a review for:

  • Integration: Is this function easy to integrate even for a less experienced webmaster.
  • Protection: Is the e-mail address protected against spam bots.
  • User friendly: Is the solution easy to use for a website’s visitor

The simple solution, an image from your e-mail address

Just providing image version is very simple and easy. Open your image editor, create a small image from your email address and upload the image to your website.

After this you’re able to place that address in to the HTML, just on that place where you need it. It’s safe for your e-mail address and it’s simple to use that image in your website document or CMS. There is one big issue with this solution: The visitor has to type over your e-mail address to his e-mail program.

Hide the @ symbol

There are different ways to hide the format of an e-mail address. Hoe does this work? Changing the format of some email address or just hiding parts from the e-mail address makes it more difficult for spam bots to find them. For example:

  1. user@email.com
  2. user at email dot com

While the first one is very webmaster friendly, it’s not be the best protection for your e-mail address. The second example is used very often because this “faked” address is easy to add to your content. Both formats are recognized by smarter spam bots.

Hide your e-mail address using PHP

The following example will convert the string of some e-mail adress into unicode values:

function convert_email_adr($email) {
    $pieces = str_split(trim($email));
    $new_mail = '';
    foreach ($pieces as $val) {
        $new_mail .= '&#'.ord($val).';';
    return $new_mail;

Use this function in your web page like:

<?php echo convert_email_adr('user@email.com'); ?>

The output in your html is like:


This way the e-mail address is visible to the visitor like normal. Using this format for a mailto: link will open a new window from the visitor’s e-mail program. There might be a few spam bots which are able to read this format as well.

Some JavaScript solution

The last solution is very similar to the PHP snippet and requires similar handling to add some email link to your website. Place the following function into your HTML document or include the code as an external JS file:

<script type="text/javascript">
function create_mail(naam, domain, tld, label) {
    var mail;
    mail += '<a href="' + 'ma' + 'il' + 'to:' + naam;
    mail += '@' + mail + domain '.' + tld;
    mail += '">' + label + '<' + '/a>';

Use this code inside the website content:

<script type="text/javascript">create_mail("user", "email", "com", "e-mail");</script>

This method is very protective against spam bots, but will not work if JavaScript is disabled in the visitors browser. On the other site this code is very flexible and easy to use.

You see there are many different ways to add your e-mail address to your website without to expose the it to spam bots. If you search Google you will find much more examples, some of them are safe and some of them might have a better usability. If you don’t like to show your email address you should use a contact form on your website. If you know some great and easy function to hide an e-mail address in HTML code, please post it below. If you like this article please share the link on twitter or facebook, thanks.

Published in: PHP Scripts


    1. This link shows an article with some interesting research. According that article is the manipulation using CSS very effective, interesting I will try that as well.

  1. Unfortunately the “unicode” method doesn’t work for some IE browsers. The E-Mail Adress is then rendered wrong.

  2. Yeah, that’s pretty simple idea with HTML entities, any bot will be able to convert these nowadays. The javascript and the mix of both are more advanced, especially if you add some garbage JS code (like viruses do).

    1. Mixing some server side with client side code is the best solution for sure. I think about some Ajax powered function, like: The visitor has to click some “pseudo” link and an Ajax request will show as response the real email link in a virtual window. I think that solution will be very secure and user friendly.

  3. Spam has been world’s worst scenario when you lose your valuable 1% information in 99% junk. The great thing is, we have awesome fighters for this in your form.

  4. There’s better sollutions available. Why not make a form which saves the results in a file or a database. You can open the file/db to view it’s content. However, this make you have to do a bit manual labor.

    You can also save your email in a db and make the “contact form” fetch it every time someone hit the form button.

    The bots wont be able to find your email address if you use these alternatives, but… if you save the content to a file and don’t change the permission the bot will be able to find your users email address if you make the provide it, which you should :-)

    Just some thoughts…

    1. Hi Robbe,
      sure a database for your website contents is possible, but not very effective. You need to create a complete web form and the sender doesn’t have a copy from his mail.
      Actually I don’t understand why I need to store the mail message in database? If I need to create a form, I can forward the message to my email address without to expose the same address to the Internet.

  5. i dont think the above code is effective. as when u use php function it will obscure the letter of e mail address, but the e mail address is visible on web page.
    if somebody simply copies the text he can get our e mail address easily.
    well nice efforts and nice tutorial
    vaseem ansari

    1. Hello Vaseem,
      I think you missed the point all these functions are used to “protect” your e-mail address against spam bots. This is because there are people (mostly companies) need to show their e-mail address instead of using a contact form.

  6. For email addresses, I obfuscate them – a good service for this is at http://www.ianr.unl.edu/email/encode/ . Where a company wants to have a direct email contact, a simple ‘EMAIL’ link can be used (obfuscated in the code, but restored for sending). Any problems with that?
    For forms, I include a good captcha.
    These precautions work fine for me.

    1. Hello Dave,

      They use a similar script as suggested in “Hide your e-mail address using PHP”. If your web host is PHP enabled, you should use the function instead.

  7. Today I found a nice Javascript based solution on the nettica.com contact page.

    They use this function:

    function email( s ) {
    	mail = "mailto:" + s + "@domain.com";
    	window.location = mail;

    inside the HTML source you find this code:

    contact sales

    This function will open the mail client and will add the email address sales@domain.com into “to:” field.

Comments are closed.