I use JavaScript obfuscation: a tiny WordPress plugin I wrote that essentially embeds the email address on the web page in scrambled form, and then transforms it to a clickable `mailto:` link client-side in the user's web browser. A message describing how to contact me is seen if the visitor has JavaScript disabled.
In theory an address harvester could easily work around such simple obfuscation, but in practice this seems to raise the bar just enough to make it not worthwhile for them. Email addresses I've posted in plaintext receive much more spam than the one I have obfuscated on my web page. (But greylisting plus SpamAssassin seems to take care of that spam quite well, so it's not as though the obfuscation itself is my only line of defense.)
In theory an address harvester could easily work around such simple obfuscation, but in practice this seems to raise the bar just enough to make it not worthwhile for them. Email addresses I've posted in plaintext receive much more spam than the one I have obfuscated on my web page. (But greylisting plus SpamAssassin seems to take care of that spam quite well, so it's not as though the obfuscation itself is my only line of defense.)