Email Address and Web Form Protection

Spammers and hackers are constantly finding new ways to steal data and abuse web sites. They do it by writing programs which scour the web for exposed email addresses and vulnerable web forms. When they find an address, they add it to their databases and you start getting spammed. When they find a vulnerable web form, they can use it to send spam to you or other people, using your address.

How to Protect Your Email Address

There are many ways to protect your email address, but first and foremost, you must hide or remove the addresses on your web pages. Here are several methods of address protection and spam reduction:

  • Switch to a form processing program which hides the recipient address. Our preferred solution is formmail.php from It's secure, flexible and supports CAPTCHA for even more protection.
  • Change your address and then protect the new one so spammers can't get it from your web site. When using this method, you should also offer a protected contact form so people without Javascript can still reach you. We've used two different solutions... a simple yet effective script from Joe Maller and another from Jim Tucek (this one is for the super-paranoid). So far, we've had success with these two scripts, which offer protection from all but the most zealous of spammers (the kind who hire people to gather addresses manually, ugh!).
  • Turn off your web site's "catch-all" email box. Some web hosts have a "feature" which allows any email address to work. For example, let's say I have the domain, and my host has a catch-all box. I can send an email to or or and they will all be delivered, because the email box catches everything, no matter how it's addressed. Some spammers will try to send mail to and if it doesn't come back as undeliverable, they assume it got through and will continue to send junk to that address. So it's best to disable the catch-all box to reduce spam. Contact your web hosting company for details.
  • Discourage spammers by giving them a big heap of spam right back... fill up their databases with junk email addresses!