Menu Search
Jump to the content X X
Smashing Conf Barcelona 2016

We use ad-blockers as well, you know. We gotta keep those servers running though. Did you know that we publish useful books and run friendly conferences — crafted for pros like yourself? E.g. upcoming SmashingConf Barcelona, dedicated to smart front-end techniques and design patterns.

Preventing Spam: Bulletproof Solutions

Spam is probably one of the most difficult problems we have to deal with. E-Mail-filters, such as those used in GMail, provide accurate results, but not every company is willing to use extern services for its private mails. The problem occurs when web-developers have to display e-mail-addresses on a web-page.

How can you make sure that not a single spam mail will find its path to the inbox1 of your client? Or, speaking in more concrete terms, the question is, how should you display e-mails on a web-page in order to minimize spam attacks? Let’s take a look at some modern and bulletproof solutions and techniques which will help you to prevent spam in your mailbox or the mailbox used by your clients. [Content Care Oct/13 2016]

Avoid stereotypes Link

Sometimes web-developers tend to rewrite the original e-mail, so spam-bots can’t recognize it. This method might solve the problem, but spam-bots might catch on this sooner or later. Besides, many users might have problems decoding it – unless you provide some instructions how to decode the text. Most popular approaches are:

  • Replace dots with “d-o-t”, “@” with [at] and as many spaces as possible.
    Example: -> e-mail [at] office [d-o-t] com
  • Insert some characters before and after the “@”-symbol.
    Example: -> e-mail {!@!}
  • Avoid stereotypes – e-mails like,, are likely to be spammed anyway.

Replace text with images Link

Apparently, most spam-bots don’t scan images on the web (yet?), so it seems reasonable to place the text inside of an image without referring to it as an e-mail-address. There are free web-tools which generate images “on the fly”, so the only thing you have to do is to place them on web-pages.

Replace text with ASCII and Javascript-coded text Link

Another popular approach is to represent e-mail-adresses as ASCII code or Javascript-coded text. Users don’t see any difference in e-mail-presentation, but spam-bots won’t find the e-mail analyzing the source code – well, not yet. Some web-tools to convert e-mail links to ASCII code:

  • Online Email Protector5: to use, simply type you email address below and then click in either of the textboxes. You can use the simple link code, or the more complicated Javascript link.
  • Email Riddler6 is an online tool that encrypts and transform your email address into a series of numbers when displaying it, making it virtually impossible for spam harvesters to crawl and add your email to their list.
  • Advanced Email Link Generator with Anti-Spam Encoder7: this tool will generate mailto: links you can copy and paste into your web pages and emails. The Anti-Spam Encoder is an encoding scheme designed to cloak email addresses from spammer’s email harvesting robots, yet be visible and readable for your site visitors.

Bulletproof Solution Link

A simple solution I’ve been using for my recent project turned out to be the most effective I ever had. The most important rule to avoid spam is never mention it somewhere in the Web. So what I’ve suggested to do is to create two e-mail-accounts – the one for business contacts, which will be used only for communication with partners and serious clients and the second one, which will be decoded and published on the Web for any other purposes.

Once a potential client has written at the e-mail-address mentioned on the Web, the company will continue its communication via the first, “business” e-mail. On the other hand, brief questions or some small remarks will be responded via “open” e-mail, published online. Once the “open” e-mail gets included in spam databases and the company starts to get junk mail, it will be replaced by a new one.

This way your primarily, business contacts will always stay in touch with you via your business account and you reduce the amount of received spam to 0%.

Using GMail spam-filters externally Link

Another useful technique to minimize the amount of spam-mails ending up in your inbox is letting it through gmail-filters. Unfortunately, GMail doesn’t have a function which would enable users to use Google’s filter directly. However, you can forward all the mails coming to your e-mail-box to your GMail account, and set your GMail account to forward the filtered messages to your private “clean” e-mail-account. The results aren’t always accurate, but you’ll see the difference immediately.

Have your e-mails already been flagged as spam, although you’ve sent a seemingly legitimate proposal to your client? Have you ever wondered why the efficiency of your newsletter campaigns suddenly dropped down? In both cases you deal with a problem which is harder to get done with than you think it is: bulletproof e-mail delivery.

The main problem with undelivered mails is that both sides — sender and recipient — don’t really know what happened. Was the e-mail sent? Is the task done? Was the e-mail delivered? Most recipients will never know that an e-mail flagged as spam was sent to them — they just don’t receive the e-mail. And most senders will never know that an e-mail flagged as spam wasn’t delivered — they just don’t get a response.

This article suggests over 20 bulletproof techniques, best practices and related services you can use to ensure best e-mail and newsletter delivery rates.

Where Do We Stand? Link

E-mail is a primarily mean of communication in the Web. Instant messaging supplements e-mail, however it’s a choice when it comes to communication with people you know well and/or you have a regular contact with. So where do we stand? And what is the main problem with e-mail delivery? And why do we have to deal with it?

  1. Spam-filters calculate “spam score” to detect junk mail.
    To determine whether a given e-mail is spam or not most spam filters consider a number of different attributes, such as content, length, percentage of text, use of images, number of recipients, headers etc. Usually they calculate the so-called “spam score” for every e-mail which passes the server.If the mail’s score exceeds a certain threshold the mail is blocked and lands in the spam folder. The level where the threshold is set is defined by the mail server configuration. By default, this spam filter flags messages with a score greater than 5 as spam.
  2. Spam filters aren’t perfect.
    Over the last years the efficiency of spam filters used by e-mail software clients and web-based e-mail-services has improved dramatically. However, since the strength level of anti-spam-algorithms has increased, it’s inevitable that also more legitimate e-mails don’t get through them. The result is that these filters, in order to block a good percentage of spam mails, block a good percentage of “suspicious” — in reality non-spam — messages as well.
  3. Newsletters remain important, RSS-feeds haven’t made the breakthrough yet.
    In its recent usability study Nielsen Norman Group found out8 that news feeds are definitely not for everybody, and they’re not a replacement for email newsletters. Apparently, “feeds are a cold medium in comparison with email newsletters. Feeds don’t form the same relationship between company and customers that a good newsletter can build.[..] Given that newsletters are a warmer and much more powerful medium, it is probably best for most companies to encourage newsletter subscriptions and promote them over feeds on their website.” Therefore it’s important to be aware of some sound techniques to pass through anti-spam-filters and thus guarantee a good newsletter delivery.
  4. E-mail delivery is tricky.
    The fact is that in most cases you never really know whether your first e-mail adressed to someone who doesn’t know you and/or isn’t expecting your e-mail will come through mail filters. And since the recipient doesn’t expect your mail he/she won’t be able to take it into consideration. Therefore it’s necessary to be aware of some techniques to ensure the delivery of your e-mails.

Best Practices For E-Mail Delivery Link

According to latest studies, your reputation determines your email delivery more than your content9. So if you meet the expectations of your readers / recipients and don’t send irrelevant information you improve the delivery rates of your e-mails. Apparently, “most delivery challenges are due to subscriber feedback; such feedback typically takes the form of complaints by recipients who mark the message as “spam” in their respective email clients and problematic traffic patterns such as bounces and spam trap hits.”

However, it’s not always enough. Let’s take a look at the best practices for optimal e-mail delivery rates.

  1. Avoid follow-ups, ask for a brief feedback — one word “soon” is enough.
    Since you don’t know whether your e-mail is delivered or not, don’t assume that it is delivered. However, don’t send a follow-up in doubt; follow-ups which usually include the copy of an original e-mail aren’t effective and get on recipients’ nerves. Instead ask the recipient in the first message to send you a brief note that your e-mail was received. For instance, ask to write back “soon”, “got it” etc. once they’ve received the e-mail — indicate that no further comment or instant reply to your mail is necessary.
  2. Don’t attach large files to your first e-mail (unless specified by the employer).
    Instead provide the detailed information on where the your CV and portfolio can be found on your personal web-site. Or simply copy and paste your resume in your e-mail. Compressed files (.zip, .tar etc.) and images are still strong signals for spam detection algorithms.
  3. Use a consistent senders’ name and email.
    Make it easier for your recipient to recognize you. Don’t change from “Max Mutermann” to “Developer’s team”. Don’t change your e-mail suddenly. Once your recipient has mistakenly considered and reported your message as spam you are likely to never be able to contact them again.
  4. Never put a link before important information.
    Once the recipient has clicked upon the link you’ve provided and landed on some page he/she has no information about, you’re lost. Many recipients might not get back to your message and report you as spam.
  5. Snail mail is bulletproof.
    If possible, follow-up on your e-mail with a “snail mail” version sent to the real postal address. This is a great way to establish contact and stay in touch with a person! Reference the e-mailed version you sent (including the date, time, and subject if possible). [Source10]
  6. Avoid fictional or irrelevant sender’s name.
    Communicate with your recipient personally. Instead of nicknames or company titles use your first and last name. Notice that spam-filters award e-mails without sender’s name (or with an empty name) with spam score points. The sender’s name shouldn’t include numbers or symbols rather than your actual name. Instead of “no-reply@yourdomain” or “admin@yourdomain” provide your readers with concrete and short contact information, e.g. “Max Mustermann” <>. The “reply-to” field shouldn’t be empty.

Best Principles For Bulletproof Newsletter Delivery Link

Since newsletters are still an important part of marketing campaigns, to achieve the highest response rate you’d like to ensure the highest delivery rate. The principles and rules listed below might help you to increase the delivery rate of your newsletters.

  1. Send newsletters regularly.
    Let your subscribers know when your emails are coming. If you offer a subscription to your newsletter from your web site then tell each and every subscriber exactly when to expect your newsletter.
  2. Tuesday / Wednesday 2-3pm = Increased Response.
    Your subscribers will come to “expect” your email to arrive in their inbox on the same day at the same time every week, meaning that they want to read your content and are generally more receptive to any special offers or promotions you may include. This means that they are less likely to misunderstand your newsletter and report it as spam.
  3. Slow down your newsletter delivery.
    Instead of using tools which boost your newsletter through mail servers to achieve “instant delivery” prefer “slow” delivery tools. Avoid sending mails to multiple (dozens or even hundreds) recipients using CC:-attribute. Use professional newsletter software or professional e-mail-delivery services. “When ISPs detect a flood of email, it looks like the work of a virus or a spammer.” [Source11]
  4. Use a tag line at the beginning of the subject line.
    Mark your newsletters as such. Make it easier for your readers to recognize your newsletter. E.g. ‘[SM Newsletter] Nr. 297, 16.10.2007 — Usability Glossary — Splash Pages — Big Typography’. Remain consistent. Otherwise your readers might consider your e-mails as spam and report it.
  5. Always insert the current date in the content.
    A correct date which indicates when the newsletter was sent is more important than you probably think it is. If the date isn’t mentioned or is provided incorrectly, the newsletter is given spam score points.
  6. HTML is OK, but only if MIME-Multipart is used.
    When sending newsletters as HTML make sure that also the plain text version is attached. Messages sent in MIME-Multipart-Format are automatically sent in a way that subscribers without active HTML-Viewer still get a decently formatted e-mail. It is important that both plain text and the HTML-version have the same or very similar content. The percentage of text should be higher than the percentage of HTML or images. Keep your message size between 20 and 40 Kb.
  7. Use CSS sparingly.
    In most cases it is better to use inline CSS-styling in HTML instead of referring to CSS-file in HTML. However, referring to external CSS-files is better than sending them with newsletter.
  8. Avoid graphics and complex HTML-elements.
    Spam-filters consider a number issues related to HTML. For instance, if the newsletter has too many closed tags, too many graphic (images) or structural (tables) elements it gets just as many spam score points. Besides, many readers use software (e.g. Outlook) which automatically blocks images; if users don’t understand what the mail is about they’ll report is as spam. Complex HTML (particularly if more than 50% of HTML-code are HTML-tags) is generously awarded with many spam score points — keep it simple. Colorful backgrounds, tables, JavaScripts and web forms shouldn’t be in newsletters.
  9. Motivate your users to add you to their whitelists.
    To ensure the bulletproof e-mail-delivery ask your readers to add you to whitelists. You can create Email whitelist instructions in seconds12 — for a number of e-mail applications.
  10. Screen your advertisers and partners.
    If your newsletter includes a link to a blacklisted web site you might get a whole bunch of spam score points. Verify the sites and e-mails you are linking to; check if they are already blacklisted or were reported as spam (or spam sources) before placing their advertisements in your newsletter. Even if the company is legitimate, it is possible that spammers have used their accounts for sending out spam mails.
  11. Monitor new subscribers.
    Monitor new subscribers in your lists. Set suspicious “spamflag” addresses such as “abuse@”, “nospam@”, “postmaster@”, “marketerspam@” as inactive subscribers. [Source]
  12. Verify your subscribers with signup confirmation.
    Always make your mailing lists double opt-in. This means that when a user subscribes to your mailing list, they will be sent an email with a link that they must click on to confirm their subscription. This is very important because many people can accidentally enter an incorrect email address, or even the email address of someone else on purpose. When that person receives a newsletter they did not subscribe to, they will assume they have been spammed, and your newsletter (and possibly your web server) will be reported as spam.It also keeps invalid email addresses off of your list, which reduces the volume and percentage of undeliverable messages that you send. Since undeliverable rates also factor into filtering rules, keeping invalid email addresses from being subscribed to your list will help you to avoid content filtering. [Source13]
  13. Test your newsletters before sending them out.
    Always check the “spam score” of your newsletters with SpamCheck14 and further tools (most of them are listed below).

Footnotes Link

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
SmashingConf Barcelona 2016

Hold on, Tiger! Thank you for reading the article. Did you know that we also publish printed books and run friendly conferences – crafted for pros like you? Like SmashingConf Barcelona, on October 25–26, with smart design patterns and front-end techniques.

↑ Back to top Tweet itShare on Facebook


Vitaly Friedman loves beautiful content and doesn’t like to give in easily. Vitaly is writer, speaker, author and editor-in-chief of Smashing Magazine. He runs responsive Web design workshops, online workshops and loves solving complex UX, front-end and performance problems in large companies. Get in touch.

  1. 1

    Great Resources.
    In the CMS I’ve built all the e-mail addresses which will be shown on the web are converted automatically to small clickable objects.

    And those who don’t have flash. Well they see a automatically generated gif image. But it’s not clickable, maybe with the resources you’ve given me, I’ll also make them clickable. If I find the time.

  2. 2

    Carlos Eduardo

    December 14, 2006 7:22 pm

    Nice tips!

    Until now, I thought that “email[at]something[dot]com” was only a different way to display email address, but now I know that it helps to prevent spams…

    Thank you for help :)

  3. 3

    Harmen Janssen

    December 14, 2006 8:54 pm

    Nice resources, thank you very much!
    Personally I think converting the address to ASCII code is the best way to obfuscate an email address. That way the address stays accessible to a wider public (say, users with Javascript disabled, users using a screen readers, etc.)

  4. 4

    I think that showing the “@” character with its name in your own language is nice too. or simply writing the email with spaces along:

    someemail [at ]domain [dot] com

    I use this in my projects, with my language (Brazillian Portuguese) it look like:

    someemail [arroba] domain [ponto] com

    Nice article!!

  5. 5

    it’s funny but without knowing the language, “arroba” and “ponto” in that context still keeps the suggestion that that’s an email for me. I would doubt the majority of users would be able to put two and two together though.

  6. 6

    alternative : -> e-mail |at| office |d-o-t| com :-)

  7. 7

    Obfuscating your email address is all well but it doesn’t really help with the accessability of your site. In the footer of this site you have an email link with an obfuscated address, if I hadn’t just read your article on that very subject then I doubt I’d actually have looked at the email address I was sending my email to.

    Personally I think that you should be making it as easy as possible for your users to contact you with valid email links, contact forms etc and then deal with the spam either on your server or your mail client. Half the time it’s hard enough finding someones email address on a website, then I have to figure out how to decode it just so that they don’t get any spam?

  8. 8

    Sorry, that should have been “combined with a [ noscript ] element… the noscript element has a link…”

  9. 9

    Well for me i uses the simple method of having two emails address – one for official stuffs and one open address for the world at large (spammers include:P)

  10. 10

    I use a custom, one-off JavaScript function that I change up a little each time I use it. It’s not foolproof, but it seems to be working so far.

  11. 11

    I put up a contact form with a challenge question.

  12. 12

    All of you have mentioned.
    I use Gmail as home e-mail and another e-mail (my business e-mail) to communicate to my customer.
    But I also use “10 minute mail” when I need an e-mail to register on web site.

    (sorry for my english)

  13. 13

    An interesting article, and I can agree that these techniques would be effective at preventing spiders from capturing email addresses, but from what I have been told, and what I have seen, alot of spammers are now simply using sequencial string generators to send out emails (ie systems which try “”, “”, “”, etc.

    As such, whilst these techniques may have been essential to reduce spam exposure maybe 5 years ago, now, you will still get hit with spam regardless.

    You are far better off focusing your energy on an effective spam filter in your email client/server (like that included in Thunderbird) than these techniques.

    But, that’s just my opinion.

  14. 14

    Angus McIntyre

    December 21, 2006 2:17 am

    Eventually, some spammer will add one of the available open-source Javascript engines to their crawler and then Javascript obfuscation will offer less protection.

    The public/private address solution is one that I currently recommend, but your private address can still be exposed if one of your correspondents allows a virus to infect their machine; I’ve seen confidential ‘never-posted-anywhere’ addresses get spam, apparently because a virus or trojan found them in the browser cache or address book of an infected machine and reported back to its masters.

    So I think the title of your otherwise useful article is misleading: all these suggestions are good, but none of them are probably bulletproof.

    One other thing that you don’t mention is the possibility of using a mail form rather than displaying your address on a web page. Mailforms have their own disadvantages and they’re not bulletproof either (comment-spamming bots can just as easily spam mailforms), but they’re worth considering.

  15. 15

    One technique, which came about by accident, is having addresses that purposely get harvested. I found that a lot of spammers spoof headers to show the emails are from one of those fake addresses, or will cc one of the harvested addresses as well as your own (or it will be in the to field). While this doesn’t prevent spam, you can easily program filters to block out any that contain the harvested addresses.

    I learned this the hard way by having addresses that did get harvested back in the early days of the web. I had to retain my personal one, but cancelled a lot of the others. Now, whenever a spam comes in with one of the old addresses in the cc or to fields, it’ll get filtered.

    The other trick, if you have been harvested, is to include various words in the filters: ever noticed how spammers are usually the first to say ‘not spam’?

    By having a combination of these, I manage to knock out around 60 to 70 per cent of my spams, with a tiny handful of false positives.

    I must say that the latest McAfee SpamKiller is far better than the old clunker it used to retail though, and this has been rather effective.

  16. 16

    Spam bots are using my ordering form to send me crap, but the thing is that it isn’t filling out all the boxes. All the boxes have to be filled before it can be sent, so how in the heck are they bypassing them???



  17. 17

    Its interesting.. Thanks for sharing

  18. 18

    Hello, I have tried just about all of these ideas to stop the spam. One thing that I can’t seem to avoid is other people not doing the right thing with my email address. I have used the yahoo throw away domains and I have even donated MX records to the Honeypot project in an effort to be more proactive about it. About the only service this I have found that is easy, integrated, doesn’t require me to create a new email address every time I need a new disposable email address is wumber. It’s has a free subscription (and a paid one) but it’s just easy to use and this is the kicker, an email address can only be used by the person that you give it to. So even if they pass it around, it is of no value. I love it. Well worth a look wumber. com Anything that reduces spam is great, but this just eradicates it before it can start.


↑ Back to top