Opinion: Alternative to “mailto” to avoid spam bots


Is there a reason to use or not use mailto over forms for contact with people? I thought hiding the email from bots was ideal.


Personally I have never seen or implemented an alternative to “mailto” that hasn’t impacted the visitor’s experience. I have seen some slick forms that people have made instead of mailto’s but then they come with their own set of challenges because bots continue to take advantage of them.

It is pretty hard to mask an email completely from bots without impacting the user experience negatively. From my point of view I have always leaned to making sure the user experience the best and dealing with the spam through good spam filters or some other means like passing forms through Akismet before actually sending email.

On the flip side if the user doesn’t have their default email client set clicking on a mailto link can be problematic. Since a lot of users use a web based email client it is likely. I would say it depends on your audience and how they use your site. There is no standard rule but if most of your users wouldn’t have their client set then a form is probably your best option.

I haven’t found anything that is fool proof and the spam filters on email clients have been getting better and better. I think masking an address is just a bandaid on a larger problem that you as one person can’t fix. It just takes one “unmasked” reference to a certain email address and all your hard work to keep that address secret has been wasted. I say let the spam bots find natural addresses and think they are getting through and reduce the annoyance with something they can’t immediately see, your email spam filters.

Your Turn:

Have you seen or implemented an alternative to “mailto” that you have actually been happy with?

5 replies on “Opinion: Alternative to “mailto” to avoid spam bots”

In many places on the Stephen F. Austin State University website, we use “mailto.” When a mailto link is clicked (assuming Javascript is enabled), the user is presented a modal dialog that asks if they want to use their email client or use our contact form. I think this is the best way to accommodate users.

We have a spam filter that does a pretty good job keeping the garbage out. Since implementing this over a 1.5 years ago, I haven’t heard one complaint about an increase in spam.

Mailto example at:

My experience isn’t as detailed, but I have to agree that mailto is here to stay. Forms are great for when people want to email you right then and there and have no special needs (i.e CC/BCC) and have no desire to record your address for future reference.

I’ve been told there is a way to write the email address in the HTML so that it is not readable by spambots – but I don’t see them being tricked for very long.

I use a separate email address for when I’m publicly displaying my email/signing up for services – which gives me the option of killing it if it ever gets overwhelmed by spam. You also have the option of running it through stricter spam filtering – so that you normal email still allows most to get through, but the higher risk email has higher protection.

We use recaptcha on our forms at Ivey. But most departments have us take it off – making it as easy as possible to connect seems to outweigh the inconvenience of spam submissions.

Hi Nick,

I’ve been thinking a lot on this problem as of late and we’re going to be implementing a more complex solution on our next redesign.

For our public sites we will use a form instead of the mailto links. This is for 2 reasons. First, it removes the security implications of the email address on the site and 2nd, as our university is on Google Apps and nearly all our users use web-based email clients, it removes the usability problems caused by not having mailto links default to your email service.

For our private intranet and registered users we will display our links using mailto as well as give users the ability to use the form. This allows those who actually need the email address access to it while still providing the usability both demographics require.

Regardless of the solution anyone takes however this is a rather large usability issue that I am happy to see come to light in more and more discussions.

Wow, this is awesome information. I really like your approach Jason, I hope it can be difficult to please everyone but I think this functionally does it.

@Melissa You are right, serious emailers will need the full functionality of their email clients. There has been an effort by the reCaptcha group to hide email addresses but I haven’t seen it widely adopted. I would love to see an example of a site using their API throughout.

@Chris Do you also include the actual email address in the text of the site so they can copy/paste it?

Comments are closed.