Protecting email address with .htaccess

I hate spam, i received since i created my first email account and i am always interested in web development tricks and techniques for protecting email accounts. Recently i read book about email security and found there very interesting technique which allows users to send email to you while proveiding email harvester with completely false email address, i created variation of this trick which i will share here as well.

First method requires, to create a new fail let’s call it [email protected]_exisiting.com, if you are unsure then: YES, file should be named like a valid email address, any UNIX system should handle such file. Next thing we need to do is add following lines in .htaccess file:

<filesMatch "[email protected]_exisiting.com">
ForceType application/x-httpd-php
</filesMatch>

Now our file will be executed as a PHP script, so open it and put there following script:

<?php
header('Location: mailto:[email protected]_real_domain.com');
?>

When someone tries to access file [email protected]_exisiting.com default email software will open with your real email address. Such solution will never expose your email address to email harvester, however there are also few downsides of this method. First it requires to create additional file, second if someone wants to copy your email from the website and then use it, then obviously he will get the fake email and won’t be able to contact you.

First problem can be resolved by using my modification to this method, instead of creating additional file, we can use redirection, put in .htaccess following line:

RedirectMatch [email protected]_exisiting.com mailto:[email protected]_real_domain.com

Now whenever in the URL [email protected]_exisiting.com will be found, email application will open, just like when you would click link mailto:[email protected]_real_domain.com

The second problem is a bit more complicated because you can’t do much about, the safest way to avoid copying email from website is using such or similar anchors:
click to get my real email address

Also note that if you will use “mailto:” in href parameter, both of this techniques will NOT work at all, well i guess it is another downside of this method isn’t it?


One Comment

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.