RE: I would like to keep our business directory public but a few of my members are getting spammed
What leads you to believe that the spammers scrapped email addresses from your directory vs using the readily available massive email address databases that scammers use to send their spam? There are email harvesting bots but from my casual reading there are far more efficient methods in building such databases.
RE: Do you have any suggestions so that email addresses can’t be copy and pasted and spammed?
Generally speaking, email address harvesting bots do not copy/paste. Implementing such schemes on a website only effectively prevent the users of whom you actually want to be able to use the email address from actually using it.
A few times a year I get the request to “hide” the email address behind a link. That effectively does nothing to deter a email harvesting bot. That email address is still plainly visible to the bot while only making it harder for the users which you want to be able to actually be able to use the email address.
The only way to foil such bots is to not actually make the email address visible to begin with. In Connections terms, that means setting the email address to “Private”. This way a the user must be logged in to view them.
Another solution to allow your users to contact your entries without making the email address public is to use the Contact extension. That will hide all email addresses from the public. The user can still email the directory entries by using the form that is added to the entries profile/detail page.
There is also the ROT13 Email Encryption extension. This still allows the email to be shown on the page normally for your users while using a very simple encryption in the page source where the bots actually scrape email addresses from. The user’s browser does the decryption which is how it appears normal to the user. Studies done by those in the security field have proven that this simple deterrent is enough to foil most simple bots which also happened to be the most common used by spammers. More advanced bots will still see the address and will be able to scrape it.
This is the best advice I can give. I hope you find it useful.