Redirect mailto: for Spam Prevention

Summary: Prevent e-mail siphons from harvesting your e-mail addresses by separating the address from the Web page while still providing a way for users to click a link and have it open their local mailer.

If you don't know the problem with mailto: links, read Why no mailto?, by Jakob Nielsen.

This Redirect-mailto: trick reduces spam by separating e-mail addresses from Web pages while still providing a way for the user to click an e-mail address link and have it open their local mailer. Use a script that redirects to a mailto: URI, similar to how you would redirect to a Web page (for more complete protection, combine this trick with the a graphical @ if you need to show the email address itself on the Web page):

  HTML Code Rendered Link
Normal mailto: <a href="">someuser</a> some user
Redirect mailto: <a href="/email/?u=someuser&">someuser</a> some user

Upon a mailto: redirect, IE 5.5+ and Mozilla 5.0+ browsers may change the browser window to a blank page as it opens the e-mail software -- Opera and older versions of Netscape and IE handle the mailto: redirect without drama. Regardless, hitting the back button returns you to the page that you were on.

Here's some example code:


#!/usr/bin/perl -w


use CGI qw(:cgi);

$user = param("u");
$domain = param("d");

print redirect( -URL => "mailto:$user\@$domain" );


  // redirect-mailto.php
  header("Location: mailto:$_GET[u]@$_GET[d]"); 


  response.redirect("mailto:" & Request.QueryString("u") & "@" & Request.QueryString("d"))

Place this script in a directory such as /email, and for extra protection, put the /email path in your robots.txt file to exclude obedient robots from crawling it and grabbing the output of the link. You could even include some code that compares the user agent to those listed in, and if it is a robot, return nothing.

Other references:


Redirect mailto: for Spam Prevention by James Thornton

last updated: