i'd guess that bots these days harvest domain names and then human names associated with them and then spam tools try common schemes for constructing email addresses. don't know for sure though.
i always thought the hotness would be to encrypt the address in source text and render/decrypt it client side in javascript, but i suppose scrapers these days use full blown headless browsers complete with javascript runtimes.
i always thought the hotness would be to encrypt the address in source text and render/decrypt it client side in javascript, but i suppose scrapers these days use full blown headless browsers complete with javascript runtimes.