How to Prevent Dumb Crawlers from Scraping Your Email Address

2025-08-03

If you’ve ever embedded your email address in a website using a mailto: link, you’ve probably received spam. Why? Because simple bots crawl websites looking for @domain.com or mailto: patterns to harvest for junk.

Luckily, there are effective ways to protect your email address from dumb crawlers while still making it usable for real visitors. Here's how.

❌ Why `mailto:` in plain HTML is bad

<a href="mailto:you@example.com">Email me</a>

This is easy for humans and bots to read. Dumb scrapers look for:

Strings with @ and .com - The mailto: scheme

Once they find it, your inbox becomes a spam magnet.

🧠 What are “dumb” crawlers?

"Dumb" crawlers:

Do not execute JavaScript - Do not parse or decode HTML entities - Just scan raw HTML for recognizable patterns

They're fast, cheap, and widely used by spammers.

✅ Obfuscation Strategies That Work

1. Use HTML Entity Encoding

Instead of writing your email directly, encode each character:

<a href="mailto:&#121;&#111;&#117;&#64;&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#99;&#111;&#109;">
  Email me
</a>

This is still functional in the browser, but harder for dumb bots to read.

2. Set the `href` Dynamically with JavaScript

Here’s a basic approach:

<a id="email-link">Email me</a>

<script>
  const user = 'me' const domain = 'rossyanez.com' const link =
  document.getElementById('email-link') link.href = `mailto:${user}@${domain}`
</script>

Bots won't see the email since they don’t run JS.

3. Use a Custom React Hook (for Next.js / React projects)

// useEmailLink.ts
import { useEffect } from 'react'

export function useEmailLink(linkId = 'email-link') {
  useEffect(() => {
    const email = 'me@rossyanez.com'
    const mailto = `mailto:${email}`
    const link = document.getElementById(linkId) as HTMLAnchorElement | null
    if (link) link.href = mailto
  }, [linkId])
}

Use this inside a component:


export default function SafeEmailLink({ linkId = 'email-link' }) {
  useEmailLink(linkId)

return (

<a id={linkId} className="text-sm text-blue-500 hover:underline">
  Email me
</a>
) }

✅ Bonus: Combine Techniques for Maximum Safety

You can encode the email in HTML as a fallback, then override it with JavaScript:

<a
  id="email-link"
  href="mailto:&#121;&#111;&#117;&#64;&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#99;&#111;&#109;">
  Email me
</a>

This way:

If JS fails, users can still click - Most dumb scrapers won’t decode it - Smart bots will see it, but you’re blocking the majority

❌ What Doesn’t Help Much

Adding rel="nofollow" (for SEO only) - Blocking mailto: in robots.txt (bots don’t care) - Using display: none or off-screen hiding (easily bypassed)

🛡️ TL;DR — Best Practice

Avoid putting your email in visible plain text - Don’t use raw mailto: in HTML - Dynamically inject email links with JavaScript - Use entity encoding as a fallback for robustness.