While it is extremely common to see email addresses published on a website, it is a practice that can have very costly consequences. Here are a few reasons you should avoid publishing email addresses on your website:
Millions of email addresses are harvested from websites every day and sold to advertisers and hackers around the world. Making email addresses easily accessible on your website will lead to a dramatic increase in spam and attempted cyber attacks.
Phishing attacks can be initiated using your company email address by impersonating a legitimate sender from the organization, which can make the email appear trustworthy and increase the chances of the recipient falling for the scam. The attacker can use social engineering techniques to trick the recipient into disclosing sensitive information or performing an action that can compromise their security, such as clicking on a malicious link or downloading a malware-infected attachment. This can lead to data breaches, financial losses, and damage to your company's reputation.
If a company address is associated with sensitive personal or financial information, it can be used for identity theft or other fraudulent activities. Therefore, it is important to be cautious about sharing email addresses online and take appropriate measures to protect them.
Exposing company email addresses can give would-be cyber-attackers a head-start for launching a brute force attack on your website, especially if that email address happens to be associated with a user account in the website admin area.
Once your domain earns a reputation for sending malicious emails, the majority of outgoing messages sent from the domain going forward will end up in junk mail folders (or blocked entirely from many networks). This happens more frequently than you might imagine, and it is very difficult and expensive to recover from.
Search Engine Blacklisting
If left unchecked, excessive spam or phishing attacks originating from your web domain or IP address can earn it a spot on Google's blacklist and render it non-existent in search results. Removing a domain from search engine blacklists is also difficult and expensive.
Poor User Experience
Email links do not work on many devices and email applications. Those visitors have to copy and paste email addresses into their mail application, which needless to say is a hassle, and it also takes users away from the website (the time visitors spend on your website is a major ranking factor for search engines). Given a choice, web users are more likely to use a contact form over an email address, especially if they have to copy and paste it.
Lastly, publishing email addresses on your website can also give an unprofessional impression to your visitors. It can make your organization look less legitimate and less serious about security and privacy concerns.
Best Practices for Email Security
It is important to follow best practices when providing contact options on your website to ensure that you protect yourself and your users from these risks. Below are some of the best practices that you can implement to use email effectively and securely on your website.
Web forms are the most common and secure method for allowing users to contact you through your website. Users are familiar with web forms and based on our experience, it seems to be their preferred method of contact. Website visitors are more likely to submit a form than they are to send an email or even dial a phone number.
Forms also make it possible to route different types of inquiries to different email addresses and track the effectiveness of advertising campaigns.
Email Address Encryption
In the rare instance that email addresses absolutely must be made public, encryption software can be installed on your website, which will reduce the risk of harvesting. While encryption does not prevent your email addresses from being harvested by humans, it can make it more difficult for bots.
Providing users with an efficient and secure method of contacting team members through your website is an important step in protecting your organization and your users from spamming, phishing, and other security risks. By using alternative methods like contact forms, you can still allow your visitors to contact you without compromising security or privacy.