When developers share projects, collaborate on open‑source repositories, or simply try to be reachable, it’s tempting to drop a plain mailto: address in a README, profile bio, or static site. On the surface it looks harmless—just a quick way for people to ping you. In reality, publishing your raw email address publicly creates a host of security, privacy, and productivity problems.
Why Public Emails Are a Bad Idea
| Risk | What Happens | Real‑World Impact |
|---|---|---|
| Spam Harvesting | Web crawlers scrape every mailto: link they find. |
Your inbox fills with unsolicited newsletters, phishing attempts, and downright junk. |
| Credential Stuffing | Bots pair your email with leaked password lists. | Your accounts get locked, or worse, compromised. |
| Targeted Phishing | Attackers craft emails that look like they come from a trusted source. | You may click a malicious link, giving an attacker access to your code, tokens, or private repos. |
| Reputation Damage | Spam complaints can blacklist your domain. | Future outreach attempts (e.g., newsletters, bug reports) may never reach the intended audience. |
| Professional Privacy | Your personal address becomes searchable. | Recruiters, competitors, or anyone with a motive can easily find you. |
All of these threats stem from a single, seemingly innocuous choice: exposing a plain email address on a public website.
The Bot Problem: How Scrapers Find Your Email
Bots don’t need sophisticated AI to locate your address. They simply:
- Crawl the public internet, parsing HTML for
mailto:attributes or plain text that matches an email regex. - Store every match in massive databases that are bought and sold.
- Use those lists for spam campaigns or sell them to malicious actors.
Once your email is in those databases, removing it is virtually impossible. The safest approach is not to publish the address at all.
A Better Way: Use a Private Link Instead of a Raw Email
Enter formcrab.com – a lightweight service designed to keep your email invisible to bots while still allowing people to contact you.
Key Benefits
- Receive Messages, Hide Your Email – Share a single private link anywhere (GitHub README, Twitter bio, static blog) and all messages land directly in your inbox.
- No Code Required – No need to host a form, write HTML, or manage a backend. Formcrab provides the landing page, form UI, and secure server handling.
- Anti‑Spam Protection – Built‑in CAPTCHAs and rate limiting keep automated spam at bay.
- Full Control – You decide what the user sees after submission, which fields are pre‑filled, and even specific subjects for classification.
- Zero Hosting Costs – The service is free to use for personal links; you only pay if you need advanced features.
How It Works
- Create a Private Link – Sign up at formcrab.com and generate a unique token (e.g.,
https://formcrab.com/f/abcd1234). - Replace Your Email – Swap any
mailto:or plain address with the private link. - Receive Direct Emails – When a visitor fills the form, the message is forwarded to the email you set in your Formcrab account.
Customizing the Link: GET Parameters for a Seamless UX
Formcrab allows you to pre‑populate form fields or control the post‑submission flow by appending GET parameters to your private link. Replace {custom-link} with your token in the examples below.
1. Auto‑fill Name
If you already know the visitor’s name, you can pass it via the name parameter.
<a href="https://formcrab.com/f/{custom-link}?name=Hugh" target="_blank">Email us</a>
2. Pre‑set Visitor Email
Great for personalized outreach where you already have the user’s email.
<a href="https://formcrab.com/f/{custom-link}[email protected]" target="_blank">Contact Support</a>
3. Custom Subject
Tag incoming messages with a meaningful subject for quick triage.
<a href="https://formcrab.com/f/{custom-link}?subject=Urgent+Support+Request" target="_blank">Report an Issue</a>
4. Predefined Message
Provide a template to guide the user’s response.
<a href="https://formcrab.com/f/{custom-link}?message=I+would+like+to+request+a+demo" target="_blank">Inquiry</a>
5. Custom Redirect (Next)
After a successful submission the default “Thank You” page can be overridden with next.
<a href="https://formcrab.com/f/{custom-link}?next=https://yoursite.com/success" target="_blank">Send and Return</a>
Real‑World Use Cases
| Where to Use | Why It Helps |
|---|---|
| GitHub README | Keep contributors’ contact channel open without exposing your personal address. |
| Twitter / LinkedIn Bio | Offer a professional line of communication while avoiding harvesters that target social profiles. |
| Static Blog Contact Section | Provide a clean “Contact Me” button without maintaining a server‑side form. |
| Open‑Source Project Documentation | Direct bug reports or feature requests to a controlled inbox. |
Quick Checklist Before You Publish Anything Public
- [ ] Remove all
mailto:links and plain emails from README, docs, and profiles. - [ ] Replace them with a Formcrab private link.
- [ ] Test the link to ensure the form works and messages reach your inbox.
- [ ] Add optional GET parameters to improve the user experience (pre‑filled fields, custom redirects).
- [ ] Enable two‑factor authentication on the email that receives Formcrab messages.
Conclusion
Exposing a raw email address on GitHub or any public platform is a low‑effort invitation for spam, phishing, and privacy breaches. By swapping that address for a private Formcrab link, you retain full communication capability while shielding your inbox from bots and malicious actors.
Take the first step today: sign up at formcrab.com, generate your secure link, and replace every mailto: in your public code with a safe, spam‑free alternative. Your inbox (and your sanity) will thank you.