Re: [WSG] Encoded mailto links
On 10/19/07, Michael MD [EMAIL PROTECTED] wrote: not much good for someone using a device without sound I'm guessing that a person who uses a screen reader has sound on his device. I'm not saying use only sound, but more like using a gif that has your email in it, and when you click on it sound comes out. *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links - and mail sender
Designer, I'd advise you to use some comprehensive PHP mailing libraries (classes): * PHPMailer (http://phpmailer.sourceforge.net/) * Swift mailer (http://www.swiftmailer.org/) Regards, on 10/19/2007 01:43 PM Designer said the following: Ray Leventhal wrote: Patrick H. Lauke wrote: my approach is usually not to put the email address on there and instead provide a contact form, one major annoyance of contact forms for me: as a sender, i don't have a copy of the email in my email client's sent items folder. depending on the complexity of what i'm emailing, this can be quite annoying. P Good point, Patrick. I'll certainly consider offering a checkbox as a UI option for 'send me a copy of the contents of this form'. ~R I'd certainly be interested if this could be done in php by assigning the user's mail address as a string, then posting to it. Anyone done that? -- Abdulrahman Al-Otaiba *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
[WSG] Javascript focus()...cursor at start of space-filled field in IE, but at end of space-filled in Firefox
Hi /* It's Friday - hurrah! */ PROBLEM: Javascript focus()...puts cursor at START of space-filled field in IE 6, but at END of space-filled in Firefox 2. Any way (without changing the field value to be ) to get the cursor to appear at the start of the field in Firefox? !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html head titleFocus bungle/title meta http-equiv=Content-Type content=text/html;charset=utf-8 script type=text/javascript function init () { alert(focusing...); document.getElementById('fld1').focus(); } /script /head body onload=init() form id=form1 action= onsubmit=return false; div input type=text title=fld1 value= id=fld1 name=fld1 size=025 maxlength=025 /div /form /body /html Cheers, Si *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links - and mail sender
Ray Leventhal wrote: Patrick H. Lauke wrote: my approach is usually not to put the email address on there and instead provide a contact form, one major annoyance of contact forms for me: as a sender, i don't have a copy of the email in my email client's sent items folder. depending on the complexity of what i'm emailing, this can be quite annoying. P Good point, Patrick. I'll certainly consider offering a checkbox as a UI option for 'send me a copy of the contents of this form'. ~R I'd certainly be interested if this could be done in php by assigning the user's mail address as a string, then posting to it. Anyone done that? -- Bob www.gwelanmor-internet.co.uk *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links
Taking a slightly different approach, any bot visiting your site knows your domain name so at that point they don't need to find any addresses to send to or from [EMAIL PROTECTED] Also, they'll likely assume that things like [EMAIL PROTECTED] exist without you ever publishing an address so obviously what we are trying to protect here are bots discovering actual mailbox addresses. Therefore, never use actual email addresses and only ever one or 2 generic addresses on a website. Use something like a href='mailto:[EMAIL PROTECTED]'email us/a and if it starts to get spammed, change it to [EMAIL PROTECTED] and bounce [EMAIL PROTECTED] If you then needed a few different addresses on a site that appeared across multiple pages, you could have a central config file on the server that mapped addresses like: marketing = [EMAIL PROTECTED] sales = [EMAIL PROTECTED] then when one of these starts getting spam, change it. It's only good for mailto links though and doesn't solve the problem of publishing an address for people to save to their address books. It also means when you click a mailto link the address in the message may look strange to the user. I guess the other thing is if a user saves the address and reuses it later it may bounce. Anyway, just an idea to try and tackle the issue differently. -- Chris Knowles *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links
I was just about to post an idea, then i thought, it dont matter what you do if a spam bot gets your email address, which they always do, your going to get spam anyway. So its best to just control it on your end. In the real world businesses in prime locations get bombarded with junk mail, so its just something we have to accept and try to block out with software. On 10/19/07, Chris Knowles [EMAIL PROTECTED] wrote: Taking a slightly different approach, any bot visiting your site knows your domain name so at that point they don't need to find any addresses to send to or from [EMAIL PROTECTED] Also, they'll likely assume that things like [EMAIL PROTECTED] exist without you ever publishing an address so obviously what we are trying to protect here are bots discovering actual mailbox addresses. Therefore, never use actual email addresses and only ever one or 2 generic addresses on a website. Use something like a href='mailto:[EMAIL PROTECTED]'email us/a and if it starts to get spammed, change it to [EMAIL PROTECTED] and bounce [EMAIL PROTECTED] If you then needed a few different addresses on a site that appeared across multiple pages, you could have a central config file on the server that mapped addresses like: marketing = [EMAIL PROTECTED] sales = [EMAIL PROTECTED] then when one of these starts getting spam, change it. It's only good for mailto links though and doesn't solve the problem of publishing an address for people to save to their address books. It also means when you click a mailto link the address in the message may look strange to the user. I guess the other thing is if a user saves the address and reuses it later it may bounce. Anyway, just an idea to try and tackle the issue differently. -- Chris Knowles *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] *** *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links - and mail sender
Mike at Green-Beast.com skrev: That said, even though people are the most difficult to control, they don't seem to be the real problem. The problem seems to be with 'bots so that's the form's main focus. You're right, bots are the real problem to focus on. /anders *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links - and mail sender
Hello Anders, Is there any way to protect this from being used as a way to send out spam? You can't really know that people enter their own emailaddress ... A person could use it to send the copy to someone else, but then again people are the most difficult to control. I do offer an IP blacklist with this to deal with people if necessary (a weak control at best since not everyone has a static IP). A robot shouldn't be able to do it, though. The form has a number of measures to prevent 'bot submissions and exploitation, one of which is a honeypot (a baited input) which someone had mentioned before. That said, even though people are the most difficult to control, they don't seem to be the real problem. The problem seems to be with 'bots so that's the form's main focus. Cheers. Mike - Original Message - From: Anders Nawroth [EMAIL PROTECTED] To: wsg@webstandardsgroup.org Sent: Friday, October 19, 2007 10:46 AM Subject: Re: [WSG] Encoded mailto links - and mail sender Hi! Mike at Green-Beast.com skrev: I offer that in my contact form. It's a config option. The contact form owner can enable/disable offering a get-a-copy option to his/her visitors. Is there any way to protect this from being used as a way to send out spam? You can't really know that people enter their own emailaddress ... /anders *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] *** *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
RE: [WSG] Encoded mailto links
Thanks for that Nick, I changed the example domain. If you do want to test it though you would need to copy the code, change it to you own domain and email addresses, and put it on your own server. Best Regards, Kepler -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Fitzsimons Sent: Friday, October 19, 2007 9:06 AM To: wsg@webstandardsgroup.org Subject: Re: [WSG] Encoded mailto links On 19 Oct 2007, at 04:59, Kepler Gelotte wrote: I created a test page that demonstrates the technique. I tested it with my email but changed it to a dummy domain so I won't get flooded with emails. Kepler, mydomain.com isn't a dummy domain: http://www.whois.net/whois_new.cgi?d=mydomaintld=com If you need to use a dummy domain name, example.com and others have been reserved for exactly that purpose: To reduce the likelihood of conflict and confusion, a few top level domain names are reserved for use in private testing, as examples in documentation, and the like. In addition, a few second level domain names reserved for use as examples are documented. http://www.ietf.org/rfc/rfc2606.txt Regards, Nick. -- Nick Fitzsimons http://www.nickfitz.co.uk/ *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] *** *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links
Hi! Chris Knowles skrev: Plus you're still putting the email address in the source code albeit a modified version. If this became a popular way to handle mailtos a harvester is sure to be written to pattern match http://.../com/... or http://.../com/au/... or whatever at some stage and attempt to construct an email address from it. You could either use a key in the URL. http://example.com/mail/key which the server resolves to an emailaddress stored in a database backend, or you could add some arbitrary string to make it more difficult for harvesters: http://example.com/mail/me/arbitrary/stuff/to/confuse/harvesters The domain shouldn't be needed, your server sould already know it. It's a pity that the support for mailto: locations isn't better, though. As for now I still wouldn't attempt using it. /anders *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links
Andrew Maben wrote: On Oct 18, 2007, at 4:19 PM, Dejan Kozina wrote: Anybody (Mac Linux browsers...) wants to take a ride? The thing is up there at http://www.kozina.com/mailtest/ . Let us know of your results. worked for me: MacOS 10.4.9/Safari 2.0.4 Andrew I noticed this page also uses entity encoding. This is a solution I have used myself but the more I think about it the more I realise realise how ineffective it is really. take the following PHP code: // some page fetching function $html = fetchPage($url); // convert any entites in the page to plain text $html = html_entity_decode($html); now $html contains plain email addresses - with one line of code surely any harvester performs this operation first? -- Chris Knowles *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links
Andrew Maben wrote: On Oct 18, 2007, at 4:19 PM, Dejan Kozina wrote: Anybody (Mac Linux browsers...) wants to take a ride? The thing is up there at http://www.kozina.com/mailtest/ . Let us know of your results. worked for me: MacOS 10.4.9/Safari 2.0.4 Not mac or linux but... win xp, firefox 2, thunderbird 2 opens 2 mail messages, both with the correct email address redirects to this url: http://www.kozina.com/mailtest/example/com/me with this content: Found The document has moved here. I tried setting this up myself on win xp, apache 2.2 and fiddled a lot with the rewrite rules and i got mixed results at best. As far as I'm concerned it's too unreliable to use. Plus you're still putting the email address in the source code albeit a modified version. If this became a popular way to handle mailtos a harvester is sure to be written to pattern match http://.../com/... or http://.../com/au/... or whatever at some stage and attempt to construct an email address from it. -- Chris Knowles *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links - and mail sender
Mike at Green-Beast.com wrote: Good point, Patrick. I'll certainly consider offering a checkbox as a UI option for 'send me a copy of the contents of this form'. I'd certainly be interested if this could be done in php by assigning the user's mail address as a string, then posting to it. Anyone done that? I offer that in my contact form. It's a config option. The contact form owner can enable/disable offering a get-a-copy option to his/her visitors. http://green-beast.com/blog/?page_id=71 (Stand alone version) http://green-beast.com/blog/?page_id=136 (WordPress version) Cheers. Mike Cherim Thanks Mike, that looks wonderful! (I've downloaded the zip!) -- Bob www.gwelanmor-internet.co.uk *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links
On Oct 18, 2007, at 4:19 PM, Dejan Kozina wrote: Anybody (Mac Linux browsers...) wants to take a ride? The thing is up there at http://www.kozina.com/mailtest/ . Let us know of your results. worked for me: MacOS 10.4.9/Safari 2.0.4 Andrew *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links
On 10/19/07, Chris Knowles [EMAIL PROTECTED] wrote: I noticed this page also uses entity encoding. This is a solution I have used myself but the more I think about it the more I realise realise how ineffective it is really. take the following PHP code: // some page fetching function $html = fetchPage($url); // convert any entites in the page to plain text $html = html_entity_decode($html); now $html contains plain email addresses - with one line of code surely any harvester performs this operation first? Hi Chris, I often see the same argument about Javascript. That is, it is trivial to embed a Javscript interpreter in an email address harvester, so Javascript-protected email addresses are (or soon will be) vulnerable. IMHO, arguments based on the cost of programming the harvester are misguided. Far more important is the CPU and memory cost of running the harvester over the long term. For the harvester, both increased throughput and increased intelligence imply increased addresses harvested. But the former buys them much more simply in sheer numbers -- most addresses are presented unprotected. And the latter (clever harvesting, like running html_entity_decode) is only likely to harvest the addresses of Net-savvy individuals who are the least likely (we hope!) to respond to spam and phishing. One could even argue that a clever harvester is counterproductive in that it will pollute its database with the addresses of these Net-savvy individuals. In short, I think harvesters download HTML pages and run a regex that looks for '@' with text on either side. They care about getting as many email addresses as possible as quickly as possible. Just my $.02, -- Philip http://NikitaTheSpider.com/ Whole-site HTML validation, link checking and more *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links
On 19 Oct 2007, at 04:59, Kepler Gelotte wrote: I created a test page that demonstrates the technique. I tested it with my email but changed it to a dummy domain so I won't get flooded with emails. Kepler, mydomain.com isn't a dummy domain: http://www.whois.net/whois_new.cgi?d=mydomaintld=com If you need to use a dummy domain name, example.com and others have been reserved for exactly that purpose: To reduce the likelihood of conflict and confusion, a few top level domain names are reserved for use in private testing, as examples in documentation, and the like. In addition, a few second level domain names reserved for use as examples are documented. http://www.ietf.org/rfc/rfc2606.txt Regards, Nick. -- Nick Fitzsimons http://www.nickfitz.co.uk/ *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links
djn, I tested on Kubuntu 7.04 using the following browsers: * Konqueror 3.5.6, correct behavior, opens the default mail application with the email in the TO field * Firefox 2.0.0.6, incorrect, goes to a 302 Found page with a matilto link to the email specifies. Regards, on 10/18/2007 11:19 PM Dejan Kozina said the following: Anybody (Mac Linux browsers...) wants to take a ride? The thing is up there at http://www.kozina.com/mailtest/ . Let us know of your results. djn -- Abdulrahman Al-Otaiba http://www.mawqey.com/ *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links - and mail sender
Good point, Patrick. I'll certainly consider offering a checkbox as a UI option for 'send me a copy of the contents of this form'. I'd certainly be interested if this could be done in php by assigning the user's mail address as a string, then posting to it. Anyone done that? I offer that in my contact form. It's a config option. The contact form owner can enable/disable offering a get-a-copy option to his/her visitors. http://green-beast.com/blog/?page_id=71 (Stand alone version) http://green-beast.com/blog/?page_id=136 (WordPress version) Cheers. Mike Cherim *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***
Re: [WSG] Encoded mailto links - and mail sender
Hi! Mike at Green-Beast.com skrev: I offer that in my contact form. It's a config option. The contact form owner can enable/disable offering a get-a-copy option to his/her visitors. Is there any way to protect this from being used as a way to send out spam? You can't really know that people enter their own emailaddress ... /anders *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] ***