The Hidden Dangers of Exposing Your Email on GitHub

When developers share projects, collaborate on open‑source repositories, or simply try to be reachable, it’s tempting to drop a plain mailto: address in a README, profile bio, or static site. On the surface it looks harmless—just a quick way for people to ping you. In reality, publishing your raw email address publicly creates a host of security, privacy, and productivity problems.

Why Public Emails Are a Bad Idea

Risk What Happens Real‑World Impact
Spam Harvesting Web crawlers scrape every mailto: link they find. Your inbox fills with unsolicited newsletters, phishing attempts, and downright junk.
Credential Stuffing Bots pair your email with leaked password lists. Your accounts get locked, or worse, compromised.
Targeted Phishing Attackers craft emails that look like they come from a trusted source. You may click a malicious link, giving an attacker access to your code, tokens, or private repos.
Reputation Damage Spam complaints can blacklist your domain. Future outreach attempts (e.g., newsletters, bug reports) may never reach the intended audience.
Professional Privacy Your personal address becomes searchable. Recruiters, competitors, or anyone with a motive can easily find you.

All of these threats stem from a single, seemingly innocuous choice: exposing a plain email address on a public website.

The Bot Problem: How Scrapers Find Your Email

Bots don’t need sophisticated AI to locate your address. They simply:

  1. Crawl the public internet, parsing HTML for mailto: attributes or plain text that matches an email regex.
  2. Store every match in massive databases that are bought and sold.
  3. Use those lists for spam campaigns or sell them to malicious actors.

Once your email is in those databases, removing it is virtually impossible. The safest approach is not to publish the address at all.

A Better Way: Use a Private Link Instead of a Raw Email

Enter formcrab.com – a lightweight service designed to keep your email invisible to bots while still allowing people to contact you.

Key Benefits

  • Receive Messages, Hide Your Email – Share a single private link anywhere (GitHub README, Twitter bio, static blog) and all messages land directly in your inbox.
  • No Code Required – No need to host a form, write HTML, or manage a backend. Formcrab provides the landing page, form UI, and secure server handling.
  • Anti‑Spam Protection – Built‑in CAPTCHAs and rate limiting keep automated spam at bay.
  • Full Control – You decide what the user sees after submission, which fields are pre‑filled, and even specific subjects for classification.
  • Zero Hosting Costs – The service is free to use for personal links; you only pay if you need advanced features.

How It Works

  1. Create a Private Link – Sign up at formcrab.com and generate a unique token (e.g., https://formcrab.com/f/abcd1234).
  2. Replace Your Email – Swap any mailto: or plain address with the private link.
  3. Receive Direct Emails – When a visitor fills the form, the message is forwarded to the email you set in your Formcrab account.

Customizing the Link: GET Parameters for a Seamless UX

Formcrab allows you to pre‑populate form fields or control the post‑submission flow by appending GET parameters to your private link. Replace {custom-link} with your token in the examples below.

1. Auto‑fill Name

If you already know the visitor’s name, you can pass it via the name parameter.

<a href="https://formcrab.com/f/{custom-link}?name=Hugh" target="_blank">Email us</a>

2. Pre‑set Visitor Email

Great for personalized outreach where you already have the user’s email.

<a href="https://formcrab.com/f/{custom-link}[email protected]" target="_blank">Contact Support</a>

3. Custom Subject

Tag incoming messages with a meaningful subject for quick triage.

<a href="https://formcrab.com/f/{custom-link}?subject=Urgent+Support+Request" target="_blank">Report an Issue</a>

4. Predefined Message

Provide a template to guide the user’s response.

<a href="https://formcrab.com/f/{custom-link}?message=I+would+like+to+request+a+demo" target="_blank">Inquiry</a>

5. Custom Redirect (Next)

After a successful submission the default “Thank You” page can be overridden with next.

<a href="https://formcrab.com/f/{custom-link}?next=https://yoursite.com/success" target="_blank">Send and Return</a>

Real‑World Use Cases

Where to Use Why It Helps
GitHub README Keep contributors’ contact channel open without exposing your personal address.
Twitter / LinkedIn Bio Offer a professional line of communication while avoiding harvesters that target social profiles.
Static Blog Contact Section Provide a clean “Contact Me” button without maintaining a server‑side form.
Open‑Source Project Documentation Direct bug reports or feature requests to a controlled inbox.

Quick Checklist Before You Publish Anything Public

  • [ ] Remove all mailto: links and plain emails from README, docs, and profiles.
  • [ ] Replace them with a Formcrab private link.
  • [ ] Test the link to ensure the form works and messages reach your inbox.
  • [ ] Add optional GET parameters to improve the user experience (pre‑filled fields, custom redirects).
  • [ ] Enable two‑factor authentication on the email that receives Formcrab messages.

Conclusion

Exposing a raw email address on GitHub or any public platform is a low‑effort invitation for spam, phishing, and privacy breaches. By swapping that address for a private Formcrab link, you retain full communication capability while shielding your inbox from bots and malicious actors.

Take the first step today: sign up at formcrab.com, generate your secure link, and replace every mailto: in your public code with a safe, spam‑free alternative. Your inbox (and your sanity) will thank you.

Ready to build your own forms?

Start receiving submissions today without worrying about email exposure or complex backends.

Create Your Private Link
Back to all articles