Spam bots scrape email addresses from websites. The easiest fix? Base64 encoding.
Instead of publishing your email plaintext:
<a href="mailto:[email protected]">[email protected]</a>
Encode it:
<a class="email" href="bWFpbHRvOnNpbmFuQHNpbmFuaXNsZXIuY29t">c2luYW5Ac2luYW5pc2xlci5jb20=</a>
Remember to encode the full mailto: link, not just the email.
Decode with JavaScript
Add this to your page footer:
<script>
window.addEventListener("load", (event) => {
let emails = document.querySelectorAll(".email");
for (let email of emails) {
email.setAttribute("href", atob(email.getAttribute("href")));
email.innerText = atob(email.innerText);
}
});
</script>
The script waits for the page to load, then decodes all .email links. Adjust the selector to .email a if needed for your HTML structure.
That’s It
Bots can’t read Base64 (usualy). Real visitors get a working email link. Done.
If you want to make it even more secure to avoid even the smart bots you can create a custom base64 encoding and decoding instead. If you dont know what Iam talking about just ask to AI 😉