Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!
Why shouldn’t I post my email address in a public forum?
Spammers and internet trolls harvest email addresses via a variety of means. One of the most common is to simply surf the web and look for anything that might look like one.
I need to include my email address as part of my comment or question, but I’m told that’s a horrible idea! Why is that, and what should I do?
Anything that will put your email address on to a publicly accessible web page will in all likelihood cause you to start getting more and more and more and more spam.
Why? Because one technique that spammers use is to visit all the web pages and online services that they can and collect anything that looks like an email address to add to their mailing lists.
Here’s an example: muchspam@ask-leo.com. Now that I’ve published that email address on the web on this page, even though it’s the only place that the email address has or will be officially mentioned, it will now start getting spammed.1 Just because it was published on a web page and it looks like a valid email address.
So when you include your email address in an online posting, say in a Facebook post, on a discussion board or even in a comment here on Ask Leo!, you’re almost literally asking for spam.
Don’t do it.
Abuse
Particularly on social media another risk of posting your email address publicly is that … well … people can see it because it’s public.
If there are people that perhaps you don’t want to have your email address, you just gave it to them. That friend of a friend? The person stalking you? The person who takes offense at the comment you posted? They can all now start abusing you via email, if they so choose.
They may not. In fact, most people don’t. But it can happen.
The internet isn’t always a friendly place.
Forms that require an email address
You’ll notice that in order to post a comment on Ask Leo!, you’re required to provide an email address. But notice also, that that email address is not published on the web page (in my case, if you use a valid email address, it’s simply a way for me to follow up with you directly should I have a question about your comment).
But be careful! Not all weblogs and discussion forums hide your email address. Many turn right around and put it on the web page for all to see. Including the spammers. And others simply use it to, you guessed it, start sending you spam.
Before you post anywhere, be sure you know what’s going to happen to your email address when you do.
Mailing list archives and other information leakage
Are you a member of a mailing list? Does that mailing list have a publicly accessible online archive? Then your email address may be available to the spammers for harvesting. Ever post on Usenet? The email you used is probably already in the spammer’s lists.
An early Usenet post “before I knew better” is the reason my wife gets hundreds of spam per day.
So use a fake address – or better yet, don’t use one at all.
Obfuscation is the second best defense
Now, what if you need to post your email address in a publicly accessible place? There are several techniques for obfuscating the address. Here are a couple of my favorites:
askleo at gmail.com
askleo@gmail.seeohem
The first you’ve probably seen already in other places. It simply requires that you, as a human, realize that the ” at ” needs to be replaced with “@”. My fear is that this technique is also fairly easy to decode by computer and the spammers will soon catch on.
The second requires some thought. If you sound out “seeohem”, you’ll realize that it sounds like c, o, m. “com”. Hence, you realize that the “.seeohem” really means “.com” and can make that translation when you type in the email address.
The biggest drawback to these approaches is that the email links are not clickable. Anything you can click on to get an email address, the spammers can use to harvest it. Even copy-paste doesn’t work, for exactly the same reason.
But protecting yourself from spam is important. And not asking for more is even more important.
1: A check in 2014, nine years after the original publication, shows this address is indeed still regularly getting spam, and lots of it. Even though it was mentioned exactly once, only here.
55 comments on “Why shouldn’t I post my email address in a public forum?”
I used to protect my email address, so that I wouldn’t get any spam, but by the time I learned about how spam works it was too late for me to prevent it.
That resulted in me having to install programs that would filter spam away, but it was still client side so I had to download the 100+ spam mails each day. Then I switched to a provider that did the spam filtering for me on their server, and this has resulted in a dramatic drop in spam mails.
I recently did a search on all major people search and record searches and was amazed that not only did my (supposed to be restricted) number and address show up on the people searches but my name, age, and location showed up on the record searches with an offer for whatever price to see all my (non-existant lol) criminal record, possible roomates, and financial records. How did all of this information become visible on the net? I have tried in vain to go to every website possible and remove my listings and although they tell they will they never do, and as well I cannot sit and sift through EVERY SINGLE website because there are hundreds! Is there an easier, more effective way to just remove myself from ALL of these websites?
hello leo i have truble with delete google bar from my computer. when i open google than typing word it show me the old word i had type from befor. now how i can delete it from my Msn Explorer not from internet Explorer. if you can help me please
recently a couple of people added me on msn. i think because i typed my msn addy on yahooanswer to help a person. i asked one of the person hu added me and he said he typed ‘girls msn address’ on google. how do i get rid of it from the web?
Leo, for Newsgroups, I have had some success with http://www.newsdemon.com when it comes to removing posts I accidentally passed out my real contact info. They can obviously only remove it from their own servers, but at least it is something.
If you absolutely need to post an address onto a website, or use it for a verification letter, for example…
A good solution I’ve found is to use a site such as http://spambox.us/ .
This site will give you a temporary email address for as long as you specify. During this time all emails to that address will be forwarded to the address you enter into the site. After the time specified, the address is no longer valid and emails will no longer be forwarded.
You could also block the temp address after you’d received the email you required if you needed to stop the forwarded mails sooner.
A forum administrator has send a private message to all registered people with all their email addresses listed. Is this an offence to the data protection act of 1988? If so as the forum is hosted in United States, is there such a law in that country? Is there anything that people affected can do?
I’m afraid I’m no legal authority, and that’s exactly what it sounds like you need.
This is nice article. Good point on not using your real email address in your newsgroup posts. This can lead to a lot of spam. And Not that I’m aware of.
—————
Muthu
Good points. The freedom to post your email address wherever you want is more important though.
[personal email address removed]
Actually the freedom of site owners to protect you from yourself (or from posting someone else’s email address so as to get them spam) trumps all. (Read the commenting instructions, and you’ll see that it says, clearly, No email addresses.)
Thanks for good advices! To be honest, I had a bad experience. I had good e-mail adress, but then every day I received hundreds of letters from spammers. Unfotunately, I could not save my e-mail at that time and had a lot of problems because of that.
Kolia, thank you a lot for good advice. I really found an application at http://rapid4me.com . Hope, it will help me in the future.
The biggest drawback to these approaches is that the email links are not clickable. Anything you can click on to get an email address, the spammers can use to harvest it. Even copy-paste doesn’t work, for exactly the same reason.
I recently did a search on all major people search and record searches and was amazed that not only did my (supposed to be restricted) number and address show up on the people searches but my name, age, and location showed up on the record searches with an offer for whatever price to see all my (non-existant lol) criminal record, possible roomates, and financial records. How did all of this information become visible on the net? I have tried in vain to go to every website possible and remove my listings and although they tell they will they never do, and as well I cannot sit and sift through EVERY SINGLE website because there are hundreds! Is there an easier, more effective way to just remove myself from ALL of these websites?
The biggest drawback to these approaches is that the email links are not clickable. Anything you can click on to get an email address, the spammers can use to harvest it. Even copy-paste doesn’t work, for exactly the same reason.
I have a domain that gets TONS of emails of job posting. I’d like to just throw the emails to a webpage for others to see without giving them access to my email inbox. How do I forward emails to a public webpage?
It seems that old techniques on obfuscating email addresses don’t work anymore, since spammers have learned these methods and so they can easily decode these addresses. However creative ways like using “seeohem” and anything that requires human thinking to decode might always work.
You’ll still get the emails sent to you but you’ll be able to filter out based on knowing that the sender sent to “shishirmba+this-is-to-prevent-spam@gmail.com”
I signup for some sites with my gmail address with a plus sign and then an abbreviation of that site, if I get spam and it I notice it was sent to that special address then I know what site was responsible for selling the email list.
I have personally used the at and the dot on several of the webpages I have put together. This works pretty well, but as you said, the logic should be pretty easy to automate for spammers. I like the idea you proposed for the seeohem, but I would wager that over 50% of people would have a tough time figuring it out. If its a serious website, that’s not a risk I want to take.
On a side note, how full is that email box for muchspam@ask-leo.com? Any updates?
A few years ago. as a Clipper programmer (and then a Newbie on the Web) I posted too much information on My Windows Live space, The Infornation (with My Mobile telephone Number) went to the Internet along with My Email Address, And it was a Big Mistake…
I have personally used the at and the dot on several of the webpages I have put together. This works pretty well, but as you said, the logic should be pretty easy to automate for spammers. I like the idea you proposed for the seeohem, but I would wager that over 50% of people would have a tough time figuring it out. If its a serious website, that’s not a risk I want to take.
When I personally recommend the blog and forum comments, I do not mean to go out there and find a lot of blogs and leave random comments like, “I found this on Google and I can say, outside the great post!” And then proceed to leave the keyword as your name and link to an inside page.
when i post comments in forums or join websites,i use an email address that created specifically for those reasons,knowing it’ll be flooded with spam. i listed it here as well btw//thusly the name i used for it.random-junkmail.it’s via gmx.com which i reccommend btw//anyway..i empty the inbox and spam folder and trash once a month./that’s the only time i log in to it.once ina while i’ll get email there from one of the sites i joined.but it’s still worth keeping a seperate address for spam.the sites i joined don’t send out any direly important emails anyway/
I receive a lot of mail that is forwarded to me from family and friends and the list of email addresses at the top of the mail is ten yards long. IF i forward the mail I always delete everyone’s details. I told my brother to delete all those addresses before he forwards the mail.
He wrote, “It’s only an email for fxxxxxxxxxxxs sake.”
Leo, Is it only an email for fxxxxxxxxxxxxs sake or is it an email harvester’s dream?
Best wishes
John
Basically John, not deleting all of the previous email addresses from a forwarded email like that is just rude. The previous people, unwittingly or not, probably did not intend their addresses to be sent to random people all over the net. It could be an email harvesters dream , or something much worse.
@John
It’s probably somewhere in between. It can be an email harvester’s dream, but it may not always get to an email harvester if it’s only sent to family and real friends. It’s just plain manners in that case. You wouldn’t include a list of street address or phone numbers to people who the owner of that personal information didn’t specifically authorize. It’s not much different for email addresses.
I use a normal sounding email address that I use for all noncomercial internet purposes (my garbage account – I get 25 to 100 spams a day in my spam folder, and perhaps 2 a week in my in box). I have another one to receive only personal email, I never give out on the internet, and one I use only for on-line shopping and such from trusted sources. A 4th email address is used for purchases from sources I am in any way skeptical of, or are one time sources. The 5th is an email address I created years ago when in a foreign country before it was necessary to use any verifiable identifying information to open an account, that I use on the extremely rare occasion when I want to send an email, but remain anonymous (I also use UltraSurf or UltraVPN when I use it). I have email addresses for other special purposes too.
If you really want to publish an email address you might use a disposable one, such as those provided by Yahoo. Then, if (or when) you start getting too much spam on it, you can simply delete it.
There is another, considerably better alternative if you need to post an email address online. Put the email address behind a CAPTCHA. Google even created a service to do this. For instance test@example.com would become t…@example.com with a link that allows you to view the email address after solving a reCAPTCHA. Lookup Google Mailhide, the first thing you see in the results probably will be about the API, but if you just want to use it to post an email address online you can do so. You might need a google account to view the page, however you can use the utility for any email address. https://www.google.com/recaptcha/admin#mailhide
I wanted to get spam for a test account at {email removed}, and have found that even with registering at tons of shady sites and posting it publicly, I have not gotten a spam message in 3 weeks.
Hiya! Quick question that’s totally off topic. Do you know how to make your site mobile friendly? My site looks weird when browsing from my iphone. I’m trying to find a theme or plugin that might be able to correct this issue. If you have any recommendations, please share. Many thanks!
Hi
I search my mail address in google and i found a lot of result in forums.
what should i do for removing that?!
I read this article in the website in my language but it doesnt work.
{link removed}
i want spam so i’m going to publish my email address on this public webpage. don’t judge me for my foolish actions. this is a fun experiment i must perform.
I don’t know what you mean by protect your email via a bump email. As I understand it, a bump email as a followup or reminder email to nudge the recipient of a previous email to take action. The only way to protect your email is to not post it publically.
It would work perfectly, except my ISP puts my full and correct E-Mail address in the “Sender:” header, which kinda renders the whole obfuscation thing moot!
Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.
I want comments to be valuable for everyone, including those who come later and take the time to read.
I used to protect my email address, so that I wouldn’t get any spam, but by the time I learned about how spam works it was too late for me to prevent it.
That resulted in me having to install programs that would filter spam away, but it was still client side so I had to download the 100+ spam mails each day. Then I switched to a provider that did the spam filtering for me on their server, and this has resulted in a dramatic drop in spam mails.
I actually tell people now that they shouldn
I recently did a search on all major people search and record searches and was amazed that not only did my (supposed to be restricted) number and address show up on the people searches but my name, age, and location showed up on the record searches with an offer for whatever price to see all my (non-existant lol) criminal record, possible roomates, and financial records. How did all of this information become visible on the net? I have tried in vain to go to every website possible and remove my listings and although they tell they will they never do, and as well I cannot sit and sift through EVERY SINGLE website because there are hundreds! Is there an easier, more effective way to just remove myself from ALL of these websites?
Not that I’m aware of.
There are places like http://www.addressmunger.com that help you encode your email address so that it’s less visible to spam bots.
hello leo i have truble with delete google bar from my computer. when i open google than typing word it show me the old word i had type from befor. now how i can delete it from my Msn Explorer not from internet Explorer. if you can help me please
thanks
Good point on not using your real email address in your newsgroup posts. This can lead to a lot of spam.
-David
http://www.giganews.com
recently a couple of people added me on msn. i think because i typed my msn addy on yahooanswer to help a person. i asked one of the person hu added me and he said he typed ‘girls msn address’ on google. how do i get rid of it from the web?
I’ve heard about a method, where you can put + sign after @ in gmail.
like shishirmba+this-is-to-prevent-spam@gmail.com
does that really works???
thanks
Shishir
http://www.ausfuhrung.com
Leo, for Newsgroups, I have had some success with http://www.newsdemon.com when it comes to removing posts I accidentally passed out my real contact info. They can obviously only remove it from their own servers, but at least it is something.
If you absolutely need to post an address onto a website, or use it for a verification letter, for example…
A good solution I’ve found is to use a site such as http://spambox.us/ .
This site will give you a temporary email address for as long as you specify. During this time all emails to that address will be forwarded to the address you enter into the site. After the time specified, the address is no longer valid and emails will no longer be forwarded.
You could also block the temp address after you’d received the email you required if you needed to stop the forwarded mails sooner.
A forum administrator has send a private message to all registered people with all their email addresses listed. Is this an offence to the data protection act of 1988? If so as the forum is hosted in United States, is there such a law in that country? Is there anything that people affected can do?
08-Nov-2008
This is nice article. Good point on not using your real email address in your newsgroup posts. This can lead to a lot of spam. And Not that I’m aware of.
—————
Muthu
[link removed]
Good points. The freedom to post your email address wherever you want is more important though.
[personal email address removed]
24-Dec-2008
it’s true, we get email addresses from lots of sources but blogs and message boards are faves.
[email address removed]
Hmm
sometimes I use fake email adress
or use special applications from http://rapid4me.com/
Thanks for good advices! To be honest, I had a bad experience. I had good e-mail adress, but then every day I received hundreds of letters from spammers. Unfotunately, I could not save my e-mail at that time and had a lot of problems because of that.
Kolia, thank you a lot for good advice. I really found an application at http://rapid4me.com . Hope, it will help me in the future.
By the way, now I use the false e-mail (Russian, I think)and I check it ones a week. At least, it will not be so hard to loose it…
You could use a service like classimail.com that gives you a contact form you can post on any site. Here is mine as an example:
http://www.classimail.com/1/posts/2-Craigslist/9-Contact-Link/39-john-bentley.html
Your real email address will never be exposed unless you reply to the person sending a message.
The biggest drawback to these approaches is that the email links are not clickable. Anything you can click on to get an email address, the spammers can use to harvest it. Even copy-paste doesn’t work, for exactly the same reason.
I recently did a search on all major people search and record searches and was amazed that not only did my (supposed to be restricted) number and address show up on the people searches but my name, age, and location showed up on the record searches with an offer for whatever price to see all my (non-existant lol) criminal record, possible roomates, and financial records. How did all of this information become visible on the net? I have tried in vain to go to every website possible and remove my listings and although they tell they will they never do, and as well I cannot sit and sift through EVERY SINGLE website because there are hundreds! Is there an easier, more effective way to just remove myself from ALL of these websites?
Mike from http://www.tryingtogetpregnantquickly.net/
The biggest drawback to these approaches is that the email links are not clickable. Anything you can click on to get an email address, the spammers can use to harvest it. Even copy-paste doesn’t work, for exactly the same reason.
http://methoo.com
I have a domain that gets TONS of emails of job posting. I’d like to just throw the emails to a webpage for others to see without giving them access to my email inbox. How do I forward emails to a public webpage?
It seems that old techniques on obfuscating email addresses don’t work anymore, since spammers have learned these methods and so they can easily decode these addresses. However creative ways like using “seeohem” and anything that requires human thinking to decode might always work.
http://www.reverse-email.com
I’ve heard about a method, where you can put + sign after @ in gmail.
like shishirmba+this-is-to-prevent-spam@gmail.com
does that really works???
[links removed]
thanks
Shishir
You’ll still get the emails sent to you but you’ll be able to filter out based on knowing that the sender sent to “shishirmba+this-is-to-prevent-spam@gmail.com”
I signup for some sites with my gmail address with a plus sign and then an abbreviation of that site, if I get spam and it I notice it was sent to that special address then I know what site was responsible for selling the email list.
I have personally used the at and the dot on several of the webpages I have put together. This works pretty well, but as you said, the logic should be pretty easy to automate for spammers. I like the idea you proposed for the seeohem, but I would wager that over 50% of people would have a tough time figuring it out. If its a serious website, that’s not a risk I want to take.
On a side note, how full is that email box for muchspam@ask-leo.com? Any updates?
A few years ago. as a Clipper programmer (and then a Newbie on the Web) I posted too much information on My Windows Live space, The Infornation (with My Mobile telephone Number) went to the Internet along with My Email Address, And it was a Big Mistake…
I have personally used the at and the dot on several of the webpages I have put together. This works pretty well, but as you said, the logic should be pretty easy to automate for spammers. I like the idea you proposed for the seeohem, but I would wager that over 50% of people would have a tough time figuring it out. If its a serious website, that’s not a risk I want to take.
When I personally recommend the blog and forum comments, I do not mean to go out there and find a lot of blogs and leave random comments like, “I found this on Google and I can say, outside the great post!” And then proceed to leave the keyword as your name and link to an inside page.
Here is an elegant trick to stop spam
http://woikr.com/howto/post-an-email-address-on-your-website-without-the-fear-of-spam
The best part is it displays the email address in a proper format :)
31-Jan-2011
You are right about that! But for the forums that do allow it’s great :)
when i post comments in forums or join websites,i use an email address that created specifically for those reasons,knowing it’ll be flooded with spam. i listed it here as well btw//thusly the name i used for it.random-junkmail.it’s via gmx.com which i reccommend btw//anyway..i empty the inbox and spam folder and trash once a month./that’s the only time i log in to it.once ina while i’ll get email there from one of the sites i joined.but it’s still worth keeping a seperate address for spam.the sites i joined don’t send out any direly important emails anyway/
hi…some put post on craiglist about my email adress…i found in google search that post…can remove that from google search?i like remove…tnx
@Ivan
Unfortunately, it’s next to impossible to remove yourself from a search engine.
http://ask-leo.com/how_do_i_remove_myself_from_the_search_engines.html
Next time create a disposable email address for things like that
I receive a lot of mail that is forwarded to me from family and friends and the list of email addresses at the top of the mail is ten yards long. IF i forward the mail I always delete everyone’s details. I told my brother to delete all those addresses before he forwards the mail.
He wrote, “It’s only an email for fxxxxxxxxxxxs sake.”
Leo, Is it only an email for fxxxxxxxxxxxxs sake or is it an email harvester’s dream?
Best wishes
John
Basically John, not deleting all of the previous email addresses from a forwarded email like that is just rude. The previous people, unwittingly or not, probably did not intend their addresses to be sent to random people all over the net. It could be an email harvesters dream , or something much worse.
@John
It’s probably somewhere in between. It can be an email harvester’s dream, but it may not always get to an email harvester if it’s only sent to family and real friends. It’s just plain manners in that case. You wouldn’t include a list of street address or phone numbers to people who the owner of that personal information didn’t specifically authorize. It’s not much different for email addresses.
I use a normal sounding email address that I use for all noncomercial internet purposes (my garbage account – I get 25 to 100 spams a day in my spam folder, and perhaps 2 a week in my in box). I have another one to receive only personal email, I never give out on the internet, and one I use only for on-line shopping and such from trusted sources. A 4th email address is used for purchases from sources I am in any way skeptical of, or are one time sources. The 5th is an email address I created years ago when in a foreign country before it was necessary to use any verifiable identifying information to open an account, that I use on the extremely rare occasion when I want to send an email, but remain anonymous (I also use UltraSurf or UltraVPN when I use it). I have email addresses for other special purposes too.
If you really want to publish an email address you might use a disposable one, such as those provided by Yahoo. Then, if (or when) you start getting too much spam on it, you can simply delete it.
There is another, considerably better alternative if you need to post an email address online. Put the email address behind a CAPTCHA. Google even created a service to do this. For instance test@example.com would become t…@example.com with a link that allows you to view the email address after solving a reCAPTCHA. Lookup Google Mailhide, the first thing you see in the results probably will be about the API, but if you just want to use it to post an email address online you can do so. You might need a google account to view the page, however you can use the utility for any email address. https://www.google.com/recaptcha/admin#mailhide
I wanted to get spam for a test account at {email removed}, and have found that even with registering at tons of shady sites and posting it publicly, I have not gotten a spam message in 3 weeks.
Apparently, those sites weren’t shady enough. :-)
Hiya! Quick question that’s totally off topic. Do you know how to make your site mobile friendly? My site looks weird when browsing from my iphone. I’m trying to find a theme or plugin that might be able to correct this issue. If you have any recommendations, please share. Many thanks!
That’s something Leo is working on.
Good day,your writing style is great and i love it,
Hi
I search my mail address in google and i found a lot of result in forums.
what should i do for removing that?!
I read this article in the website in my language but it doesnt work.
{link removed}
The article has your options. You may not be able to do anything.
The only thing you can do is contact the forum moderator and ask them to remove it. There’s no guarantee they will do it.
i want spam so i’m going to publish my email address on this public webpage. don’t judge me for my foolish actions. this is a fun experiment i must perform.
{email address removed}
Asl Leo! doesn’t allow email addresses to be published on its site, so you’ll have to carry out your experiment somewhere else.
I think there is an option to protect your email. Try to Google bump email
I don’t know what you mean by protect your email via a bump email. As I understand it, a bump email as a followup or reminder email to nudge the recipient of a previous email to take action. The only way to protect your email is to not post it publically.
When I post on Usenet, I use…
“MyEMailDELETE-THIS@MyISP.Com”
It would work perfectly, except my ISP puts my full and correct E-Mail address in the “Sender:” header, which kinda renders the whole obfuscation thing moot!
Depends on what software you’re using to post. Often it’s not your ISP, but the software you happen to be using. Frequently it’s configurable as well.