diff --git a/bbot/modules/emailformat.py b/bbot/modules/emailformat.py
index 67e1a3806f..e1d7d74aff 100644
--- a/bbot/modules/emailformat.py
+++ b/bbot/modules/emailformat.py
@@ -15,13 +15,29 @@ class emailformat(BaseModule):
 
     base_url = "https://www.email-format.com"
 
+    async def setup(self):
+        self.cfemail_regex = self.helpers.re.compile(r'data-cfemail="([0-9a-z]+)"')
+        return True
+
     async def handle_event(self, event):
         _, query = self.helpers.split_domain(event.data)
         url = f"{self.base_url}/d/{self.helpers.quote(query)}/"
         r = await self.api_request(url)
         if not r:
             return
-        for email in await self.helpers.re.extract_emails(r.text):
+
+        encrypted_emails = await self.helpers.re.findall(self.cfemail_regex, r.text)
+
+        for enc in encrypted_emails:
+            enc_len = len(enc)
+
+            if enc_len < 2 or enc_len % 2 != 0:
+                continue
+
+            key = int(enc[:2], 16)
+
+            email = "".join([chr(int(enc[i : i + 2], 16) ^ key) for i in range(2, enc_len, 2)]).lower()
+
             if email.endswith(query):
                 await self.emit_event(
                     email,
diff --git a/bbot/test/test_step_2/module_tests/test_module_emailformat.py b/bbot/test/test_step_2/module_tests/test_module_emailformat.py
index fdac8cb42a..4f3189f516 100644
--- a/bbot/test/test_step_2/module_tests/test_module_emailformat.py
+++ b/bbot/test/test_step_2/module_tests/test_module_emailformat.py
@@ -5,7 +5,7 @@ class TestEmailFormat(ModuleTestBase):
     async def setup_before_prep(self, module_test):
         module_test.httpx_mock.add_response(
             url="https://www.email-format.com/d/blacklanternsecurity.com/",
-            text="<p>info@blacklanternsecurity.com</a>",
+            text="""<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0a63646c654a68666b6961666b647e6f7864796f697f78637e7324696567">[email&#160;protected]</a>""",
         )
 
     def check(self, module_test, events):
diff --git a/bbot/test/test_step_2/module_tests/test_module_emails.py b/bbot/test/test_step_2/module_tests/test_module_emails.py
index 44b9ab0787..820b5a15f1 100644
--- a/bbot/test/test_step_2/module_tests/test_module_emails.py
+++ b/bbot/test/test_step_2/module_tests/test_module_emails.py
@@ -1,13 +1,13 @@
 from .base import ModuleTestBase
 
 
-class TestEmais(ModuleTestBase):
+class TestEmails(ModuleTestBase):
     modules_overrides = ["emails", "emailformat", "skymem"]
 
     async def setup_before_prep(self, module_test):
         module_test.httpx_mock.add_response(
             url="https://www.email-format.com/d/blacklanternsecurity.com/",
-            text="<p>info@blacklanternsecurity.com</p>",
+            text="""<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0a63646c654a68666b6961666b647e6f7864796f697f78637e7324696567">[email&#160;protected]</a>""",
         )
         module_test.httpx_mock.add_response(
             url="https://www.skymem.info/srch?q=blacklanternsecurity.com",