Skip to main content
All CollectionsSecurity
Best Practices for Email Security
Best Practices for Email Security

Why You Should Avoid Publishing Email Addresses on Your Website, and Effective Alternatives for Secure Communication.

Updated over 2 months ago

At New Urban Media, we're committed to keeping your digital world safe. In today’s fast-changing landscape of digital threats, we make sure our clients and agency partners are well-equipped to handle these challenges with confidence. Security goes beyond mere duty; it is a communal quest to ensure our digital realms are both safe and inviting for everyone.

Understanding the Risks

Publishing email addresses on a website might seem harmless, but it can lead to serious problems. Here’s why displaying your email addresses online is a risk you don't want to take:

1: Spam Harvesting

Millions of email addresses are harvested from websites every day and sold to advertisers and hackers around the world. Making email addresses easily accessible on your website will lead to a dramatic increase in spam and attempted cyber attacks.

2: Phishing Attacks

Phishing attacks can be initiated using your company email address by impersonating a legitimate sender from the organization, which can make the email appear trustworthy and increase the chances of the recipient falling for the scam. The attacker can use social engineering techniques to trick the recipient into disclosing sensitive information or performing an action that can compromise their security, such as clicking on a malicious link or downloading a malware-infected attachment. This can lead to data breaches, financial losses, and damage to your company's reputation. See also, How to Recognize and Avoid Phishing Attacks.

3: Personal Security

If a company address is associated with sensitive personal or financial information, it can be used for identity theft or other fraudulent activities. Therefore, it is important to be cautious about sharing email addresses online and take appropriate measures to protect them.

4: Website Security

Exposing company email addresses can give would-be cyber-attackers a head-start for launching a brute force attack on your website, especially if that email address happens to be associated with a user account in the website admin area.

5: Domain Reputation

Once your domain earns a reputation for sending malicious emails, the majority of outgoing messages sent from the domain going forward will end up in junk mail folders (or blocked entirely from many networks). This happens more frequently than you might imagine, and it is very difficult and expensive to recover from.

6: Search Engine Blacklisting

If left unchecked, excessive spam or phishing attacks originating from your web domain or IP address can earn it a spot on Google's blacklist and render it non-existent in search results. Removing a domain from search engine blacklists is also difficult and expensive.

6: Poor User Experience

Email links do not work on many devices and email applications. Those visitors have to copy and paste email addresses into their mail application, which needless to say is a hassle, and it also takes users away from the website (the time visitors spend on your website is a major ranking factor for search engines). Given a choice, web users are more likely to use a contact form over an email address, especially if they have to copy and paste it.

7: Perception

Lastly, publishing email addresses on your website can also give an unprofessional impression to your visitors. It can make your organization look less legitimate and less serious about security and privacy concerns.


Best Practices for Email Security

Protecting your website and users from security risks starts with implementing the right contact options. Here are some best practices you can follow to use email effectively and securely on your website:

Web Forms with Routing

Web forms are the most secure and user-friendly way for visitors to contact you through your website. Most users are familiar with web forms, and from our experience, they prefer this method over sending an email or making a phone call.

Forms also make it possible to route different types of inquiries to different email addresses and track the effectiveness of advertising campaigns.

Email Address Encryption

In the rare instance that email addresses absolutely must be made public, encryption software can be installed on your website, which will reduce the risk of harvesting. While encryption won’t stop every attempt to collect email addresses, it makes it much more difficult for automated systems to harvest them.


Final Thoughts

Providing users with an efficient and secure method of contacting team members through your website is an important step in protecting your organization and your users from spamming, phishing, and other security risks. By using alternative methods like contact forms, you can still allow your visitors to contact you without compromising security or privacy.

Did this answer your question?