If I were a spam bot reading your code, I would see <span class=”st0″>”mail_link”>, which would trigger my attention.
Then I would see : <span class=””>data-server=</span><span class=”st0″>”bar”</span> , where “bar” in reality would be “gmail” or similar, further arousing my interest.
The extension “.com” would remove my doubts.
Ok maybe if you’re that paranoid you could use more subtile names for your attiributes, removing the classname (you can just select your DOM element from the attribute) AND encode your datas into base64 to completely fuck the bot. And if you’re even more paranoid, randomize the name of you’re attribute (easy to do in php but I’m not sure that you can do that easily on a static website) like facebook does (just look at the name of the classes on a facebook page and reload…)
But for a bit of experience, bots are not that clever. From now. Indeed we use this technique to obfuscate links to google bots in SEO. And it works like a charm. We replace by <span data-target> and the location.href do the job.
But once again, the best solution is to use a form with a honeypot (I hate captchas). Prevents 100% of spam from now on every websites I developed.