SVG in email is cursed and I love it

There’s a technique for hiding your email address from spam harvesters that I came across on Hacker News recently. Instead of JavaScript obfuscation or HTML entity encoding, you serve your email address inside an SVG file loaded via an <object> tag.

The email address lives in the SVG. The SVG is loaded as an external document. Bots scraping your HTML just see a data URI or a file reference — not an email address. Browsers render it as a clickable mailto link. Screen readers handle it correctly.

It blocks 100% of harvesters in live testing. So I implemented it on this site.

The key constraint: you must use <object>, not <img> (non-interactive) or inline SVG (puts the address back in the HTML where bots find it). The whole trick lives in the boundary between document contexts.

Sometimes the dumbest-sounding constraint produces the most interesting solution.