An adversary can harvest email address for spamming.

The website is displaying email address. These email address can be harvested by automated programs called bots and then used as a target for spamming. 1. Use any Email extractor tool or Add on. Here I have used Chrome Email Extractor Add on offered by Mr. Alien. 2. In Browser open "https://gratipay.com/about/contact" 3. Observe that Email Extractor, extracts "[email protected]" and “[email protected]” Solution: 1. Captcha is one solution but not recommened. 2. Use email id as support(at)gratipay(dot)com (Not recommended) 3. Use images, in case of plain text (Not recommended) 4. To reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. 5. Code Obfuscation. Nice read: http://www.plynt.com/resources/learn/merchants/#entry-235 http://hivelogic.com/enkoder/ https://javascriptobfuscator.com/