How to Create a mailto: within an HTML Page while Preventing Spambot Address Harvesting

This involves several steps, none of which is very long or complicated.

The first step is to create a simple javascript file which will create the "mailto:".   I call it mmt.js, but you can use any name.   The name may have to end in ".js"

mmt.js is short and contains:

function createMailto(){document.getElementById("smail").innerHTML='<br> <a id="mto" href="mailto:myusername@myemailserver">Click to pop up mailto:</a><br/>';document.getElementById("mto").focus()}

The javascript file, mmt.js, as presented, appears to have a linefeed within it, but in fact, in the actual file the apparent linefeed is a space character.   I believe the javascript file works with or without linefeeds.

Do not forget to place the mmt.js file in the same directory as your html page.

We are now ready to proceed to the second step, modifying our html page.   This requires modifying the head section by including the following line:

<script type="text/javascript" src="mmt.js"></script>

and, in the body of the html page, near where you want the "mailto:" popup to appear, place the following lines:

<p id="smail">
<br><a href="#" onclick="createMailto()">Contact Webmaster</a>

The words "Contact Webmaster" above seemed appropriate to me. You may replace this with anything you want.   Just do not put your actual email address anywhere within the html page or it likely will be harvested by spambots.

There is one step left to ensure that your email address will not be harvested by spambots. You will note that your email address is written in plain text in the javascript file. Initially I thought that javascript files, by default, could not be harvested. But I was persuaded otherwise. The way to prevent javascript files from not being harvested, at least for Adobe webservers, is to include the following lines in a file called .htaccess which is in your top (public_html) directory. Note the filename starts with a "period".

# Prevent Apache from serving .htaccess or .js files:
Order deny, allow
Deny from all
Allow from XXX.YYY.ZZZ.0/12

where XXX.YYY.ZZZ are the first three octets of the IP address of your website.   There are many other suggestions on the Internet for preventing harvesting of javascript files, but only the above worked for me.   If you want to understand why, you can check out this helpful webpage.

If the file .htaccess already exists in your root directory, simply add the above lines.   If it does not exist, create it, copy in the above lines, and place the file in your home (root) directory.   Caution: 1) it may be necessary to change some of the preferences of the file manager, before it will list files beginning with a period, and 2) Changing a .htaccess file can break a website, although, generally this is reversible once the offending entries are removed.

If things are working properly, clicking on the anchor, "Contact Webmaster", should generate another anchor which says "Click to popup mailto:" and clicking on that should bring up your mailto client.   The page,, works for me.   How to designate your mailto client is byond the scope of this article, but there is lots of documentation available elsewhere.

Emmes Technologies
Updated 20 Aug, 2019