Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Why Shouldn’t I Post My Email Address in a Public Forum?

Do it only if you want more spam.

Spammers and internet trolls harvest email addresses via a variety of means. One of the most common is to simply surf the web and look for anything that might look like one.

No Spam

Question: I need to include my email address as part of my comment or question, but I’m told that’s a horrible idea! Why is that, and what should I do?

The why is easy.

The what to do? Not so much.

Why is it a bad idea? Simply put: spam.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Posting email addresses publicly

Whenever your email address is posted publicly, such as in a comment form, it’s likely that spammers will discover it and begin sending you more spam. Avoid posting your email address publicly whenever possible.

Spam, spam, and more spam

Anything that puts your email address onto a publicly accessible web page will cause you to start getting more and more spam.

Why? Because one technique spammers use is to visit all the webpages and online services they can and collect anything that looks like an email address to add to their mailing lists.

Here’s an example: muchspam@ask-leo.com. Now that I’ve published that email address on the web on this page, even though it’s the only place that the email address has been or ever will be officially mentioned, it will get spammed just because it was published on a webpage and looks like a valid email address.

So when you include your email address in an online posting, say in a Facebook post, discussion board, or even in a comment here on Ask Leo!, you’re literally asking for spam.

Don’t do it.

Abuse

Another risk of posting your email address publicly, particularly on social media, is that… well… people can see it because it’s public.

If there are people whom you don’t want to have your email address, you just gave it to them. That friend of a friend? The person stalking you? The person who takes offense at the comment you posted? They can all now start abusing you via email if they so choose.

They may not. Most people don’t. But it can happen.

The internet isn’t always a friendly place.

Forms that require an email address

You’ll notice that in order to post a comment on Ask Leo! you’re required to provide an email address. But notice also that that email address is not published on the webpage (in my case, if you use a valid email address, it’s simply a way for me to follow up with you directly should I have a question about your comment).

But be careful! Not all weblogs and discussion forums hide your email address. Many turn right around and put it on the webpage for all to see, including the spammers. Others simply use it to, you guessed it, start sending you spam.

Before you post anywhere, be sure you know what’s going to happen to your email address when you do.

Mailing list archives and other information leakage

Are you a member of a mailing list? Does that mailing list have a publicly accessible online archive? Then your email address may be available to spammers for harvesting.

An early Usenet post, before I knew better, is one reason my wife gets hundreds of spam per day.

Obfuscation is the second-best defense

What if you need to post your email address in a publicly accessible place? There are several techniques for obfuscating the address. Here are a couple of my favorites:

askleo at gmail.com
askleo@gmail.seeohem

The first you’ve probably seen already in other places. It simply requires that you, as a human, realize that the “at” needs to be replaced with “@”. My fear is that this technique is also fairly easy to decode by computers, and the spammers will soon catch on.

The second requires some thought. If you sound out “seeohem”, you’ll realize that it sounds like c, o, m, “com”. Hence, you realize that the .seeohem really means .com, and you can make that translation when you type in the email address.

The biggest drawback to these approaches is that the email links are not clickable. Anything you can click on to get an email address, the spammers can use to harvest it. For exactly the same reason, even copy/paste doesn’t work.

But protecting yourself from spam is important. And not asking for more is even more important.

Do this

To the extent that you can, avoid posting your email address in a public forum. If you must, obfuscate it, or use some other means to make your contact information available.

Here’s one place you can use that email address safely, though: Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

6 comments on “Why Shouldn’t I Post My Email Address in a Public Forum?”

    • I don’t know what you mean by “protect your email via a bump email”. As I understand it, a bump email is a follow-up or reminder email to nudge the recipient of a previous email to take action. The only way to protect your email is to not post it publically.

      If I have to provide an email, I use a throwaway address. When that fills up, I get a new one. I do this far all signups and purchases except for large companies l know wouldn’t sell email addresses.

      Reply
  1. When I post on Usenet, I use…

    “MyEMailDELETE-THIS@MyISP.Com”

    It would work perfectly, except my ISP puts my full and correct E-Mail address in the “Sender:” header, which kinda renders the whole obfuscation thing moot!

    Reply
  2. A free throwaway address provided by many ISP’s or others are the way to go. The message still lands in your regular Inbox after you have set it up and started using it.

    Each entity has an email address we use for them, this can be deleted at the first sign of SPAM, or when an entity has not stopped sending mail even when asked to stop months ago.

    We just do it without a thought, even for trustworthy sites, as you never know if they may be hacked.

    Reply
  3. Leo, to further one of your suggestions, I have used the following format for years and have had NO SPAM as a result so far:
    myname at yahoo dot com

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.