Don't ever display valid individual email addresses or mailto: on a website. Nasty people on the web have created "Email Harvesting" tools. These programs search public areas on the Internet to compile, capture, or otherwise "harvest" lists of email addresses from web pages, newsgroups, and chat rooms. Any email address that is spelled out can be captured and therefore gets attacked with spam.
The best way to avoid it is not to display valid individual email addresses in text format (especially in the form of "mailto:") on your website.
❌ Figure: Bad way - normal email address in text format
<configuration><appSettings>...</appSettings></configuration>
Dim email As String = ConfigurationSettings.AppSettings("SampleEncodedEmailAddress")Application("SampleEncodedEmailAddress") = BitConverter.ToString( _ ASCIIEncoding.ASCII.GetBytes(email)).Replace("-", "")
<aid="linkContact"href="javascript:sendEmail('44617669644073616D706C652E636F6D2E6175')">CONTACT David</a>
We have a program called SSW CodeAuditor to check for this rule.