Gunnar Hjalmarsson wrote:
Randal L. Schwartz wrote:
Werner Otto writes:
Randal L. Schwartz wrote:
Do *not* send email to addresses taken from forms. Ever.
why is that?
Because you have no authentication of the requestor. Any fool can go
to your website, enter [EMAIL PROTECTED], and all of a sudden, I
get a big PDF shoved down my email box. Repeatedly. And yet it
wasn't *me* that requested that. And yet I'll have no clue, except
"it came from you" and you'll have no clue except "it came from this
IP addr".
No. Do not go from web to mail. Bad idea, unless you've fully
round-tripped the web requestor from a real mail address.
I think you are exaggerating, Randal. How much convenience are you
ready to sacrifice in order to fight possible abusers?
If you want to contact me privately, you can click the link below. If
you fill the form, including your own email address, and submit it,
you'll receive a copy of the message. That's for your record, for your
convenience. Personally I think that makes sense.
That said, spammers and other abusers should certainly be taken into
consideration when dealing with mail via the web.
I think Randall has a point. It may behoove you to send a confirmation
email with a link that when clicked will opt in a user. This "double
opt-in" procedure has become standard operating procedure for
considerate marketers and an integral part of customer relations management.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
