One of the sacred oaths webmasters must hold is to protect their contributors’ email addresses. It’s easy for static web sites. Just don’t use the mailto: tag. However, it’s not so easy when you have a message board or a blog. Message boards and blogs generate feeds. One of the more popular feed types is RSS2 which features the optional ‘author’ tag. The RSS 2.0 Specification (RSS 2.0 at Harvard Law) requires the author’s email address to be included in the tag for proper validation. Hello to all the harvesters and goodbye to keeping email addresses secure.
If you use WordPress and RSS2, don’t worry. The RSS2 feeds for comments and posts use the preferred ‘dc:creator’ tag which doesn’t require the author’s email address to validate. If you are using another blogging platform, pull up your feed and view the source. If you see the ‘author’ tag, someone’s email address is floating out there. Not good.
I came across this issue when I was looking at the source feed for my SMF (version 1.1.1) message board. Sure enough, there was the ‘author’ tag and all the members had their email addresses hanging out there. Changing the default feed to RDF or even better, hacking the SMF feed generating code to remove the ‘author’ tag will secure your feed and keep it validated.