SupportRetriever LogoSupportRetrieverAI-Assisted Customer Support

Hide Your Email Address from Bots Without Breaking Contact

Protect your email from spam while keeping contact options accessible to real customers.

The Email Spam Problem

How Harvesting Works

Email Harvesting Bots:

  1. Crawl websites automatically
  2. Scan HTML source code
  3. Extract email addresses using pattern matching
  4. Add addresses to spam databases
  5. Sell lists to spammers

Result: Your inbox floods with spam within weeks of publishing an email address online.

Why This Matters

One published email address leads to:

  • Hundreds of spam emails per day
  • Legitimate messages buried in noise
  • Hours wasted filtering spam
  • Productivity lost
  • Professional email addresses burned
  • Increased security risks (phishing)

Four Protection Approaches

Approach 1: Plain Text Email (No Protection)

What it is:

<p>Contact us: support@example.com</p>
<a href="mailto:support@example.com">Email us</a>

Pros:

  • Simple to implement
  • Easy for users to copy
  • Works everywhere

Cons:

  • ✗ Zero spam protection
  • ✗ Bots find it immediately
  • ✗ Email exposed in source code
  • ✗ Spam guaranteed within days

Spam Reduction: 0%
User Friction: Low
Accessibility: Excellent
Deliverability: Poor (spam overwhelms inbox)

Verdict: Never use this approach unless you plan to change email addresses frequently.

Approach 2: Email Obfuscation

What it is:

Hide the email address using encoding or JavaScript tricks.

Examples:

<!-- HTML entity encoding -->
<p>support&#64;example&#46;com</p>

<!-- JavaScript-based -->
<script>
  var user = "support";
  var domain = "example.com";
  document.write(user + "@" + domain);
</script>

<!-- CSS-based hiding -->
<p>support<span style="display:none">REMOVE</span>@example.com</p>

<!-- Reversed text -->
<p style="direction: rtl; unicode-bidi: bidi-override;">
  moc.elpmaxe@troppus
</p>

Pros:

  • Some spam reduction
  • Email still readable by humans
  • Relatively simple to implement

Cons:

  • ✗ Sophisticated bots can decode
  • ✗ Breaks copy-paste for users
  • ✗ Accessibility issues (screen readers)
  • ✗ Doesn't work for mailto links
  • ✗ Still leaves email somewhat exposed
  • ✗ No way to track or filter

Spam Reduction: 30-50% (temporary)
User Friction: Medium
Accessibility: Poor
Deliverability: Better than plain text, but degrades over time

Verdict: Better than nothing, but bots are getting smarter. Not a long-term solution.

Approach 3: Image of Email Address

What it is:

Replace text email with an image.

Example:

<img src="support-email.png" alt="Our email address">

Pros:

  • Bots can't easily extract text from images
  • Visually similar to text

Cons:

  • ✗ Users can't copy-paste
  • ✗ Terrible accessibility (screen readers)
  • ✗ Requires image creation
  • ✗ Breaks on high-DPI displays
  • ✗ No clickable mailto link
  • ✗ Poor mobile experience
  • ✗ OCR bots can still read it

Spam Reduction: 70-80%
User Friction: High
Accessibility: Very Poor
Deliverability: Medium

Verdict: Accessibility nightmare. Frustrates legitimate users more than it stops bots.

Approach 4: Replace with Contact Form (Recommended)

What it is:

Remove the email address entirely and provide a form link instead.

Example:

<a href="https://supportretriever.com/form/your-form-id">Contact Support</a>

Pros:

  • ✓ Email completely hidden from bots
  • ✓ Built-in spam protection (Turnstile)
  • ✓ Rate limiting prevents abuse
  • ✓ No email client required
  • ✓ Works on all devices
  • ✓ Professional appearance
  • ✓ Centralized management
  • ✓ Analytics and tracking
  • ✓ Excellent accessibility

Cons:

  • Requires form setup (5 minutes)
  • Users can't add you to their contacts directly

Spam Reduction: 99%+
User Friction: Low
Accessibility: Excellent
Deliverability: Excellent

Verdict: The strongest protection while maintaining user experience.

Tradeoff Comparison

Approach Spam Protection User Experience Accessibility Setup Time
Plain Text ✗ None ✓ Best ✓ Perfect 1 min
Obfuscation △ Weak △ Medium ✗ Poor 10 min
Image △ Medium ✗ Poor ✗ Very Poor 15 min
Contact Form ✓ Strong ✓ Good ✓ Excellent 5 min

Recommended Setup: Contact Form with SupportRetriever

Why This Approach Wins

Maximum Spam Protection:

  • Email address never appears in HTML
  • Cloudflare Turnstile blocks bots
  • Rate limiting prevents abuse
  • Email validation filters bad submissions
  • Content filtering catches spam patterns

Great User Experience:

  • Works on all devices (especially mobile)
  • No email client required
  • Instant confirmation
  • Professional appearance
  • Trackable conversations

Excellent Accessibility:

  • Screen reader compatible
  • Keyboard navigable
  • Clear focus indicators
  • Proper ARIA labels
  • Works with assistive technology

Setup Steps

1. Create Your Form

  1. Sign up at SupportRetriever
  2. Complete onboarding (5 minutes)
  3. Configure form settings:
    • Set recipient email (stays hidden)
    • Customize appearance
    • Add branding
    • Configure fields

2. Get Your Form Link

  1. Navigate to Form Management
  2. Click Embed tab
  3. Copy public form URL
  4. Save for next step

3. Replace Email Addresses

Remove email addresses from:

  • Website footer
  • Contact page
  • About page
  • Team pages
  • Blog posts
  • Email signatures

Replace with form links:

<!-- Old -->
<p>Email: support@example.com</p>

<!-- New -->
<p><a href="https://supportretriever.com/form/your-form-id">Contact Support</a></p>

4. Add Context with URL Parameters

Track where messages come from:

<!-- Footer -->
<a href="https://supportretriever.com/form/your-form-id?source=footer">Contact</a>

<!-- About page -->
<a href="https://supportretriever.com/form/your-form-id?source=about">Get in Touch</a>

<!-- Support page -->
<a href="https://supportretriever.com/form/your-form-id?type=support">Need Help?</a>

Frequently Asked Questions

Will bots still spam my form?

Significantly less. Forms include:

  • Cloudflare Turnstile: Blocks automated submissions
  • Rate Limiting: Prevents rapid-fire spam
  • Email Validation: Filters fake addresses
  • Content Filtering: Catches spam patterns

Spam reduction: 99%+ compared to exposed email addresses.

Is obfuscation enough?

Short answer: No.

Long answer: Obfuscation provides temporary relief, but:

  • Sophisticated bots decode common obfuscation
  • Breaks accessibility (screen readers)
  • Creates user friction
  • Degrades over time as bots improve
  • Doesn't protect mailto links

Forms provide permanent, comprehensive protection.

What if users need my actual email?

When users submit through your form:

  1. Message arrives in your dashboard
  2. You get email notification
  3. You reply through SupportRetriever
  4. Your reply comes from your actual email
  5. Customer can reply directly to your email
  6. Conversation continues via email

Your real email is revealed only to legitimate contacts who submit through the form.

Does this hurt SEO?

No—it helps.

Search engines reward:

  • Better user experience (forms work on mobile)
  • Lower bounce rates (forms are reliable)
  • Faster page loads (no email client launch)
  • Professional presentation

Contact forms improve these signals.

What about team member emails on About pages?

Replace individual emails with:

Option 1: Shared form with routing

<a href="https://supportretriever.com/form/your-form-id?team=john">Contact John</a>
<a href="https://supportretriever.com/form/your-form-id?team=sarah">Contact Sarah</a>

Use the team parameter to route internally.

Option 2: Social links instead

<a href="https://linkedin.com/in/john-smith">John on LinkedIn</a>
<a href="https://twitter.com/sarahdev">Sarah on Twitter</a>

Is this free?

SupportRetriever's free plan includes:

  • Unlimited forms
  • Spam protection
  • Conversation management
  • Email notifications

Perfect for most websites. See pricing for team features.

What to Do If You Already Get Spam

Immediate Actions

  1. Stop publishing your email address

    • Remove from all web pages
    • Replace with form links
    • Update email signatures

  2. Create a new email address

    • Set up fresh address
    • Keep old address for existing contacts
    • Gradually migrate contacts to new address

  3. Use aggressive spam filtering

    • Enable spam filters
    • Create block lists
    • Mark spam consistently
    • Consider new email provider

  4. Implement form-based contact

    • Set up SupportRetriever form
    • Point form to new email address
    • Never publish new address

Long-term Strategy

Old email (compromised):

  • Keep active for existing contacts
  • Don't publish anywhere new
  • Set aggressive spam filters
  • Plan to retire in 6-12 months

New email (protected):

  • Never publish in plain text
  • Only reveal through forms
  • Share only with legitimate contacts
  • Keep private and spam-free

Quick Action Checklist

5-Minute Protection Setup

  • Sign up for SupportRetriever
  • Create contact form
  • Get form URL
  • Replace email in website footer
  • Replace email on contact page
  • Test form submission
  • Verify email notification works

30-Minute Complete Audit

  • Find all email addresses on your site
  • Replace with form links
  • Update email signatures
  • Remove from social media bios
  • Update team pages
  • Replace in blog posts
  • Test all new form links
  • Monitor for remaining exposure

Ongoing Maintenance

  • Never publish email in plain text
  • Use form links for all contact points
  • Monitor spam levels
  • Review form submissions
  • Update spam filters as needed

Related Topics

Ready to simplify your support?
Join thousands using SupportRetriever to manage customer conversations.
Try Free

Explore More

Browse All Articles