Providing contact information on websites is convenient and allows your audience the ability to communicate with your department. But websites also provide spammers a source of e-mail addresses to target. Your department’s needs should be evaluated against the pros and cons of the various solutions.
Avoid Displaying Personal Email Addresses
Avoid displaying personal e-mail addresses (e.g., “firstname.lastname@example.org”) on web pages. Instead, use contact forms that allow the user to send an e-mail by submitting a form or an e-mail alias that forwards to another account.
Contact Forms and Aliases
A contact form or e-mail alias provides a number of benefits, including:
- Protecting an individual department member’s email address from being vulnerable to spam or other unwanted email
- Routing general enquiries to a specific person or multiple people within the department
- Keeping a web site updated. For example, if John Smith leaves his position, the contact form or email alias can be directed to the next person who fills his position
Contact Forms and Security
Keep in mind that your website’s contact form could be used as a vehicle for spam or as a weapon for targeting recipients with malicious content. Constraints should be implemented to mitigate these risks, including:
- Only allowing the form to send to a select group of e-mail addresses
- Restricting the body content of the e-mail or stripping malicious content
- Detecting bot behavior by preventing the form from being used excessively or submitted too quickly
Avoid E-mail Obfuscation Techniques
A common technique to protect e-mail addresses is to obfuscate or “munge” the e-mail address so that the actual e-mail address is no longer stored within the HTML but is still visible to the user.
These techniques often hamper the accessibility of the page by making it less accessible to screen readers and reduce usability by making it more difficult for users to select the address.
Given their detrimental impacts on user experience and accessibility, these approaches should be avoided.