• Be careful of mailto links

    Redirect any mailto links on your web pages to a page explaining how to contact you without putting the email address in a format that bots can scan and grab for lists. This technique greatly reduced the number of UCEs I received when I was using it. It does make it more difficult for those visiting your site to email you, so if you’re really looking for a lot of email responses from visitors it may be unwise for you.

    Another alternative is to obscure the address using Javascript, but you need to remember that some older browsers do not support Javascript, and some people disable it in their browsers due to security concerns.

    If you can use forms on your site, considering doing so. There are many free CGI or PHP scripts available, most of which can be changed slightly to conceal your address if they aren’t already designed to do so. I like PHPFormMail. There are plenty of contact form plugins for WordPress, Drupal and other content management systems that will let you receive messages while hiding your email address.

  • Expect spam from any address used in a domain registration
    It’s a given, so don’t use an address that you don’t want to have spammed. In the past, I used an address that I had never used anywhere else or for any other purpose, and simply ignored most of the email that went to it. My current registrar, 1&1, allows me to register my domains privately, so my real address is never exposed to strangers.

  • If you do own a domain, do NOT set it up so that messages sent to absolutely any address at the domain reach you.
    That’s the default on some mail servers, and it is a spammer’s delight. Set up just the email addresses that you intend to use, and let anything sent to other addresses bounce.