You need to protect the email addresses listed on your site so they don't fall prey to spammers.
Employ one or more of these techniques:
Don't list any unprotected email addresses on your site.
Disguise addresses you must list on your site, without sacrificing your visitors' ability to click or copy them for legitimate use.
Create a script that sends web site messages to your mail server using logic that hides the actual addresses.
Block known harvesting agents—or spambots—from accessing your site.
Set up a spambot trap.
Taken all together, these methods are not guaranteed to stop spammers from getting addresses from your site. The only way to do that is to keep all email addresses—disguised or otherwise—off your site. But that's not practical for most web sites. And let's face it, the day when that becomes the only viable option will be the day the spammers have won.
One of the many ways that spammers get new addresses is with
spambots, which crawl the web day and night to scrape web pages for
email addresses. Spambots also scour Usenet and online forum postings,
domain registrant information in
whois databases, and poorly protected
web-based mailing lists for new recipients their masters can barrage
with junk. If you're not getting spam on at least one of your email
accounts, you might want to check your pulse.
If you have unprotected email addresses in your web page code, remove them and consider ditching them altogether. ...