HTML code is used to write the commands and insert the content that your web-browser then uses to paint the pretty pictures and text on your screen. If you want to scare yourself silly, right-click on this screen and "View Source" (Windows, IE ... other software may require you to select Edit, then View Source) ... all that wildly wicked stuff is the code your browser asked for (and received) when you clicked on the Topic Title to come here and see what was typed in. Somewhere in all that garbage, if you look hard and long enough, you'll eventually see these words mixed in there <g>

So, the answer to the question asked, a spider looking for certain data, say e-mail addresses, has not a care in the world what the web page actually looks like when displayed in a screen ... it's simply going to look for certain text in this data stream ... in the example of an e-mail address, it'll be looking for the @ symbol, then grab the data surrounding it, up to the space character in front of and after that string of text. Recent virus / trojan tools will simply be sitting off to one side, monitoring all this code as it streams into an infected computer and pluck that same data out of the stream to add to its use later on, be it for the To:, Reply-To:, and/or From: address in the next batch of spew that gets sent out from that computer.

Most of the methods suggesting ways to "hide" an e-mail address on a web site are basically based on a way to prevent the @ sign showing up in that data stream, be it hiding in a graphic, a bit of java scri_pt to 'build' something that 'looks and acts' like a displayed e-mail address, or a routine / form that handles user input and converts that to an e-mail in the background ....

Which is not to say a spider might not also render what a browser sees, regardless of the code tricks in the page code. Last time I looked, off-page processing was the recommended security of address method (or the obvious-to-human bits in a posted address to be manually removed or altered, remembering the munging advice so as not to inadvertently create someone else's actual address). Worth bearing in mind that "survival of the fittest" applies to spiders too, and their "generations" can be very short - odds are "they" are ahead of "us".

Loads of programming to render a page the way people see it? Not so, consider a programmer's opinion (not specialized in internet) - one of my sons, actually: As they say, it's all very well to be paranoid - but are we paranoid enough?

[Added - Gad's Wazoo, some bounder's half-inched your "Admin." shingle at the time of this edit. I trust the replacement to be appropriately imposing!]

Just for the record, the "@" replace with "[at]" Wazoo finally implemented in our forums is actually being done at the code level, so there is no translation required when rendering the page. Both contain the same "[at]" data
Note: his first version maintained the "@" at the code level but was displayed as "[at]"
So if you want to save key stokes it is OK to type email address using the "@" as the software will write the code and display it as "[at]" and if you wish to confirm it, just edit your post.
If you preview your post before posting it the display will read "[at]" but the code will remain "@". The code gets translated when you actually post (submit) it.

Wazoo's account is having some problems at present, and I have verified that the "bounder" is the right person.

The story is truely heart-rending <g> On the other hand, I beat the thing senseless and walked away grinning .... I'll be honest, still looking for some answers <g> ... http://forums.invisionpower.com/index.php?showtopic=193443

That he did <g> Absolutely horrible connection at first, couldn't understand what was being said, didn't recognize the voice, I started with the 'hell of a time of night for a wrong number' routine ... Got that straightened out ... he was concerned about waking me <g> ... pointed out I was on IBP looking for answers, whipping up on the Forum server ... he offered up some suggestions on an easy way around it (admitting that those thoughts / actions had not even crossed my mind) .. as it turns out, that catching a bit of data sliding up the screen offered up something a bit odd, as it turns out, that odd bit of text plugged right into a fix .. well enough that I could log in again as myself <g>

Thanks for watching out and noticing the strange activity ...