How are most of you adding 'mailto' links these days?

https://forums.adobe.com/people/Under+S.  wrote The simplest form I could find to implement is this one : Tryit Editor v3.5 - Show PHP

Simple is right.  It doesn't do anything.  It's merely an example of PHP form field validation & sanitizing. 

I already posted a contact form above.  Have you tried it yet?

Contact form issue and question.

Energize  a écrit We've had some clients insist  on both email links and web form.

Don't see my question as an attack, I'm just curious, what are the reasons, or advantages, that are given when your customers ask to have a direct mail link?

Energize  wrote Here's a simple PHP obfuscation solution: <?php function protectMail($s) {     $result = '';     $s = 'mailto:' . $s;     for ($i = 0; $i < strlen($s); $i++) {       $result .= '&#' . ord(substr($s, $i, 1)) .         ';';     }     return $result;   } ?>   Then use the function like this: <a href="<?php echo protectMail('someone@somewhere.com'); ?>">email me</a>

Does this provide more protection than the solution provided by BenPleysier at the top of this thread, which everyone else discouraged me from using?

https://forums.adobe.com/people/Nancy+OShea  wrote I don't use Mailto links, ever.  A while back, spammers got hold of my e-mail address and used it inside the return headers of their spam mail campaigns.   Eventually, my e-mail was blocked for spamming and I had to shut it down.  The only way to protect yourself is to use a scripted contact form.  If you can't create one yourself, use a 3rd party service like Wufoo.com or MailChimp.  Then embed their code inside your HTML document.

My hosting service openly recommends using Formspree in their knowledge base. I figure they must have some kind of deal with them for such a targeted recommendation.

I would, however, feel more secure using a local script, than one that has its contents verified by a 3rd party at every process. I realize that almost everything that goes through the internet is a privacy risk, but isn't this just asking for trouble long-term? If you pros tell me there is virtually no downside to using Formspree for a low-traffic website, I'll probably do it just for the convenience.

But if a local script is better, I would appreciate any recommendation you may have (especially if the installation instructions are simple).

(I more or less finished the website since this thread was active, saving the contact form for last, ie now.)

It's an easy solution sure, but there's no way that hasn't been defeated, many, many times over, since it was created in 2003. It still uses mailto: in the source code and then converts each letter of the address to another set of "known entities". It may be better than nothing, but only just.

@Under S.,

The best way to protect your email address is to never allow the user's browser (or a email harvesting bot) to see it. Use a server-side "Form to Email Script". That way, the email address is safely stored on the server and completely unknown to the browser or bot. The user fills in a small form, hits send and the server processes the data then sends it to the correct email address. You can put additional security of Captcha or equivalent for real person verification steps in if you like, but even if you don't, and you get a few spam submissions, the actual email address is still unknown to bad actors.