Protecting email address with .htaccess

I hate spam, i received since i created my first email account and i am always interested in web development tricks and techniques for protecting email accounts. Recently i read book about email security and found there very interesting technique which allows users to send email to you while proveiding email harvester with completely false email address, i created variation of this trick which i will share here as well.

First method requires, to create a new fail let’s call it my_false_email@not_exisiting.com, if you are unsure then: YES, file should be named like a valid email address, any UNIX system should handle such file. Next thing we need to do is add following lines in .htaccess file:

<filesMatch "my_false_email@not_exisiting.com">
ForceType application/x-httpd-php
</filesMatch>

Now our file will be executed as a PHP script, so open it and put there following script:

<?php
header('Location: mailto:my_real_email@my_real_domain.com');
?>

When someone tries to access file my_false_email@not_exisiting.com default email software will open with your real email address. Such solution will never expose your email address to email harvester, however there are also few downsides of this method. First it requires to create additional file, second if someone wants to copy your email from the website and then use it, then obviously he will get the fake email and won’t be able to contact you.

First problem can be resolved by using my modification to this method, instead of creating additional file, we can use redirection, put in .htaccess following line:

RedirectMatch my_false_email@not_exisiting.com mailto:my_real_email@my_real_domain.com

Now whenever in the URL my_false_email@not_exisiting.com will be found, email application will open, just like when you would click link mailto:my_real_email@my_real_domain.com

The second problem is a bit more complicated because you can’t do much about, the safest way to avoid copying email from website is using such or similar anchors:
click to get my real email address

Also note that if you will use “mailto:” in href parameter, both of this techniques will NOT work at all, well i guess it is another downside of this method isn’t it?


One Comment

Leave a Reply