Your email (or any of your key personnel’s emails) should never be as direct as text on your website. When you list your email directly on your website, you instantly become a target for sales and marketing people, spam bots, and phishers.
- Bad bots are everywhere. There are good and bad bots that scan the internet on a daily basis, some looking for new information to index and relay to the search engines, others looking for information to index and sell. The ones that sell your information are bad bots that clutter your inbox with spam emails, adding one more chore to your daily task list. By having your email listed on your website, you’re making it easy for these bots to fill your inbox with emails you don’t want or need.
- A phishing campaign is just around the corner. Listing your email on your company website also makes it easy for security hackers access to otherwise protected information. If your email is on your website, a hacker can easily assume that the rest of your company’s emails follow the same structure. For example, if your email is email@example.com, one can assume that your partner Jack Doe’s email is firstname.lastname@example.org. Hackers can easily buy web domains similar to yours (ex. website.net) and attempt to have money or confidential information sent to them without anyone from your company ever noticing. It’s easy to miss a fraudulent email coming through when the structure is so similar to that of your own.
As internet security experts, we’re advising you to never list your email on your website. Instead, try:
- A generic email. Something like email@example.com or firstname.lastname@example.org. This account will have to be monitored and emails will have to be forwarded to the right party, but your email structure will remain protected.
- A contact form. You can have the forms sent to that generic email we mentioned, or incorporate a drop down menu that allows the user to choose who they’d like to contact, sending the form safely to their inbox.