Codex tools: Log in / create account
E-mail spammers often use programs, known as e-mail harvesters, that scan pages on the Internet for e-mail addresses to collect and send unsolicited e-mail. If your e-mail address is publicly available through your WordPress installation, it may be vulnerable to these kinds of programs. Below are a few simple ways you can protect yourself from spam while still providing an e-mail address to your readers.
A popular solution to e-mail harvesting is to create a "throwaway" e-mail address at free services such as GMail or Yahoo Mail. Set this as your e-mail address in your profile. WordPress makes it easy to display the address on your blog by providing the template tag the_author_email(). Within The Loop portion of your templates, just add the tag:
<?php the_author_email(); ?>
You will be able to check e-mail that is specifically sent from your readers. If spam becomes too much of a problem, simply delete this account, create a new one, and change the e-mail address in your profile to the new address. Your site will be immediately updated without having to change any template files.
To "fool" e-mail harvesters, a simple method is to convert the symbols in an e-mail address to words (typically parenthesized). For example, steve@mac.com becomes steve (at) mac (dot) com. Since this is not recognized as a valid e-mail format, harvesters tend to ignore it.
A slightly more complicated approach is to transform or encode characters in an address to their HTML character entity, or numeric character reference, equivalent. This means the letter a in an address becomes a, the @ symbol @, and so on. These should appear as gobbledygook to harvesters, while your browser renders them correctly.
You can use a free online encoder to encode your email address or use the antispambot() function built into WordPress:
<?php echo antispambot(get_the_author_email()); ?>
The function antispambot() above parses the e-mail address passed by get_the_author_email() (this is the same as the_author_email(), except it returns rather than displays the author's e-mail address). Use of the echo command displays the output of antispambot(). An interesting feature is it encodes only portions of an address, and does so randomly so the letters encoded are different each time the page loads, adding a little more firepower to the spam protection arsenal.
NOTE: Unfortunately, WordPress does not allow invalidly formatted e-mail addresses to be used in one's profile, so obfuscating your e-mail address there will not work.
Another easy trick for disguising your email is to create an image of your email address using some screen capture software, cropping it to size with an image editor, and inserting it where ever you like :-)