Static Site Email Protection
For static sites (Hugo, Jekyll, 11ty) without backend, obfuscation is the main email protection option.
HTML entities (recommended)
Each character becomes a numeric HTML entity. Browsers render it as the original email, but most simple scrapers reading the raw HTML see gibberish.
<a href="mailto:hello@example.com">hello@example.com</a>
How it renders in a browser:
💡 Modern spam bots are sophisticated. Obfuscation slows them down but isn’t bulletproof. For maximum protection, combine with: server-side rate limiting on contact forms, honeypot fields, and reCAPTCHA-equivalent. For low-stakes use (a contact page on a small site), HTML entity obfuscation cuts scraper hits by ~60-80%.
Static Sites tips
Static sites can't easily integrate contact-form backends. Email obfuscation is the practical anti-spam approach.
For Jamstack with serverless, use a serverless contact form instead. For pure static, stick with obfuscation.
In Hugo/Jekyll templates, include a shortcode/include that wraps the obfuscation — DRY across all pages.
כיצד זה עובד
למה לבחור בנו?
Also check out…
Hide Your Email on a Personal Site
For personal portfolios and blogs, obfuscation cut
Public Email for Authors / Speakers
Public-facing professionals (authors, speakers, jo
Professor and Research Email
University faculty pages with public emails get he
Business Contact Page Email
For small businesses, obfuscating customer-facing