I stumbled across this great post by Spencer Mortensen yesterday, which tested different email obfuscation techniques against real spambots to see which ones actually work. It's a fascinating read, and I'd recommend checking it out if you're into that sort of thing.The short version is that spambots scrape your HTML looking for email addresses. If your address is sitting there in plain text, they'll hoover it up. But if you encode each character as a HTML entity, the browser still renders and uses it correctly, while most bots haven't got a clue what they're looking at.From Spencer's testing, this approach blocks around 95% of harvesters, which is good enough for me.Where my email appearsOn this site, my contact email shows up in two places:The Reply by email button at the bottom of every post.My contact page.Both pull from the site_email value in Pure Blog's config, so I only needed to make a couple of changes.The reply buttonThe reply button lives in content/includes/post-meta.php, which is obviously a PHP file. So the fix there was straightforward - I ditched the {{ site_email }} shortcode and used PHP directly to encode the address character by character into HTML entities: