Webmaster - Protect email addresses against bots

October 2016

You are the webmaster of a website and you need to store the email address of several members/subscribers of your site. These addresses are available in their profile (e.g forum, blog etc ....). However, nowadays there are may harmful bots that have been developed to analyze web pages and extract email addresses from them. These bots can then go to the page containing the list of members of a forum and collect all email addresses.
  • How to protect these the email address of your subscribers/member then?
  • Unfortunately there is no miracle solution. But we can at least limit the damage with a few tweaks.

Limit access to members profiles

Restrict access to the profiles of your members. Anonymous visitors won't have access to these profiles.
  • Advantages: If a bot simply browse sites at random without a particular aim, this method will work. Simple bot won't be able to authenticate on your websites.
  • Disadvantages: Advanced bots may try to create an account on the site for more privileges. For subsctiption on your site, do not hesitate to make use of CAPTCHA (images containing text). The ordering of the letters in the image must be complex but however you must also consider an alternative for the visually impaired users (an audio validation system).

Make use of image files

When a bots search for email addresses on a websites, in most cases it will analyze the data in the text format. If you put the text in an image, then the information will be overlooked by simple bots. This is a simple method that be used to limit the damage. You can make use of a function that will display the email addresses as images in the members profiles, you will limit already a little more damage.
  • Advantages: Simple bots won't be able to recover information from the image files.
  • Disadvantage: An image takes longer to load than text and legit users will not be able to copy and paste an email address. Sophisticated bots may have OCR function.

Make use of applets

You can make use of applets, small programs that run on the browser to display an email address. Examples: Flash and Java.
  • The effectiveness of these methods will depend on how complex the applets are.

Using an internal messaging system

The implementation of a private messaging function on the site (using PhpBB ) will allow users to communicate among themselves without revealing their email address.....).
  • Advantages: In this situation the address remains hidden.
  • Disadvantages: The implementation of such a system requires some technical knowledge and the trust of your subscribers.

Using a script

You can use a scripting language that will be executed by the browser (the most popular one is javascript).The script display the email addresses upon completion of a specific procedure and at the same time make hide the addresses from the source code of your webpage.

For the algorithm, you can do as you like, provided it is a minimum complex.
Example to display "adresse@domaine.prout"
<script language="Javascript">  
 function victor_hugo()  
  maupassant=new String("adresseemileajardomainejeanbaptistepoquelinprout");  

  return maupassant;  
  • Advantage: A simple bot won't be able to retrieve the email address.
  • Disadvantages: Javascript may be disabled from the browser settings and the user won't be able to access the data.

Give the choice to the users

During registration on your website or after registration, your users must be able to choose if they are willing to publicly disclose their personal information or not. If so, they must decide what personal information they are willing to reveal.


There are no fail proof method to hide email addresses from bots, but you can make access to these information more difficult, by implementing the above methods.

Related :

This document entitled « Webmaster - Protect email addresses against bots » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.