As I have just learned, using HTML encoding to hide email address from spammers does not work. This scheme replaces letters and symbols with HTML escapes, so "a" becomes "a". I know this doesn't work, because I recently created a new web site with encoded email addresses on it, and I just received a spam at that address. Maybe more complex schemes using JavaScript could work, at least until a spam harvester implements Javascript. Of course, if a web browser can read it, then a spammer can write software to do the same thing. These tricks just make it harder for them. The only remedy is using an image of your email address or a good spam filter.