Hiding Email Addresses Using Forms

The searches that spammers use to hunt the web looking for email addresses are becoming more and more sophisticated. The suggestions that I make on my page Concealing your Email Address from Internet Spiders used to work very successfully but now some of the spammers have amended their search facilities to take such methods of concealing email addresses into account and can identify email addresses in web pages even when those methods are used.

If you decide that those methods are no longer giving your email addresses sufficient protection then you have two options to make the email addresses more secure. The first option is to use encryption to make the email addresses even harder to read. The other method is to remove the email addresses from your web pages completely and replace them with a form that youir visitors can fill out to send you an email. This second option is most easily done if your site supports a server side scripting language such as PHP so that you can install your own form2mail script but even if your server doesn't support server side scripting you can still achieve the same effect using a third party hosted script such as the one available from Bravenet.

These scripts hide the destination email address completely from all visitors to your site by adding the destination address for the email after the send button has been selected.

This option works well if you have only one destination email address to which you want visitors to your site to send emails. The situation gets slightly more complicated if you want to provide a list of alternate email addresses to which visitors can send emails and still want to hide the various destination addresses from the spammers. We can solve this problem by creating our contacts form as a PHP page and pass an identifier to it that the page can then use to generate the destination email address. If we also add parameters for the subject and thankyou page then we have a very flexible contacts form that we can call from anywhere on our site in place of coding email addresses. To save you the trouble of creating such a contacts script from scratch, I have a sample version that you can download and amend to suit your requirements.

With this scripts you call the script passing an addr parameter that will be used by the page to determine the destination email address and name to specify the name to be displayed on the screen. If either field is not passed then both fields will be assumed to be the same value. In each case you can also optionally add subject and page parameters to preload the email subject and specify a different thankyou page respectively.

Although it is not obvious from the code, the script allows the domain name portion of the destination email address to be passed separately as a dom parameter. This stops the email address appearing as an email address anywhere within either the link to the form or within the form itself. Note that this will only work if you use one of my email scripts or amend the one that you are using to allow the two parts of the address to be passed separately and assembled after the form is submitted.

As both versions of my email script now default the domain portion of the email address to your domain if there is no @ in the destination email address, you don't even have to supply this extra parameter for email addresses on your own domain.


The following is how you would link to the form for sending emails to fred@somewhere.com. You could add subject= and thanks= parameters as well if necessary. The order of the parameters doesn't matter as they will all be assigned by name.

<a href="contact.php?dom=somewhere.com&name=Fred">Fred's Email</a>


This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow