Plaintext Emails Test
What is it?
Email addresses written in plain text on a public web page are a magnet for spam-harvesting bots, which crawl the open web looking for addresses to add to bulk mailing lists. Once an address lands on a spam list there is no practical way to remove it, so the only protection is keeping addresses off public pages in plaintext form. This test scans your page for plaintext email addresses so you can replace them with contact forms or obfuscated equivalents that defeat simple scrapers.
Why plaintext emails still matter
Email harvesting bots are remarkably effective at scraping plaintext addresses from public web pages, and once an address lands on a spam list there is no practical way to remove it. The only protection is to keep the address off public pages in plaintext form. Several techniques make the address invisible or unusable to simple scrapers while keeping it functional for legitimate users.
The cleanest modern approach is to replace direct email addresses with contact forms, which solve the problem entirely while also adding spam filtering and analytics. When a visible address is genuinely needed (for example, for press contacts or accessibility reasons), HTML entity encoding, JavaScript-built mailto links, or platform-level email obfuscation features all defeat the simplest scrapers, though sophisticated ones decode them.
Effective obfuscation techniques
- Contact forms as the default, since they sidestep the problem entirely.
- HTML entity encoding: writing the address as
co...defeats simple scrapers. - JavaScript-built mailto links assembled client-side from separate parts, which scrapers that read static HTML cannot follow.
- CDN-level email obfuscation available in some CDN platforms (notably Cloudflare).
This test reports plaintext email addresses found on your page. The fix guide below covers contact form alternatives, common obfuscation patterns, and the trade-offs between accessibility and spam protection for visible addresses.
Pass rate:
-
Top 100 websites: 97%This value indicates the percent of top 100 most visited websites in the US that pass this test (in the past 12 months).
-
All websites: 61%This value indicates the percent of all websites analyzed in SEO Site Checkup (500,000+) in the past 12 months.
| 2021 | 93% |
|---|---|
| 2022 | 99% |
| 2023 | 100% |
| 2024 | 97% |
100
75
50
25
0
How do I fix it?
This test fails when the page exposes one or more email addresses in plain text. Spam-harvesting bots scrape pages for plaintext addresses and add them to bulk mailing lists. Fixing this issue means obfuscating contact addresses, using a contact form, or rendering them via JavaScript so simple scrapers cannot read them.
Where to make the change
- Application code or templates: replace plain
contact@example.comtext with one of the obfuscation techniques below. - WordPress: a contact form plugin handles email submissions without exposing the address. Some SEO and security plugins also offer email obfuscation.
- Shopify, Wix, Squarespace: use the platform's built-in contact form blocks rather than displaying the email address directly.
Common causes and how to resolve them
- Plain text address in a paragraph or footer: replace with a contact form, an obfuscated rendering (HTML entities, CSS reversal), or a JavaScript-built mailto link.
- Mailto link with the address visible: the visible text is what bots read. Make the visible text a label like "Email us" while the
hrefstill works. - Address baked into images is fine for SEO but bad for accessibility: screen readers cannot read it. Pair an image with a contact form instead.
Best practices
- Prefer contact forms: they reduce spam and make analytics easier.
- Use HTML entity encoding: writing
co...for the address defeats the simplest scrapers, though sophisticated ones decode it. - Render via JavaScript: building the mailto link client-side blocks scrapers that only read static HTML.
- Consider a Cloudflare-style email obfuscation: some CDNs automatically rewrite plaintext emails to obfuscated equivalents.
