Jump to content

Avoiding The Use Of Mailto:

webgyrl

By webgyrl
in CPanel and Site Maintenance

 Share

Recommended Posts

webgyrl Mentor

webgyrl

Posted
Posted

Been doing some reading on spam, web forms etc... I keep reading that it is best to avoid using mailto: in order for people to send email to a recipient from a web page.

 

I keep reading that the best way to have someone send email from a web site is to make use of a form.

 

One place I was reading stated the following:

"Create the form to get the input from your visitors. The form can email you the results or add them directly to a database. Just make sure the script DOES NOT get passed the email address in a hidden field. The email address should be either coded in the script itself or in a parameter file of some kind."

 

The site where I read the above also noted:

"Don't use those special email encoding JavaScript's - These convert an email address into Unicode. It becomes unreadable to human beings, but it's pretty simple to find and convert these. if the spammers haven't figured it out yet then it's just a matter of time."

 

My question is how do you make sure that the email address cannot be harvested by these email address harvesters? Is there a specific bit of code that can protect email addresses completely?

 

Also, what if the site has a whole email contact directory? It is so much easier to use mailto: to list multiple contacts and also to do an advanced email link with subject.

 

Is it still better to do up a form for each contact? Are there any other ways to protect email addresses?

 

Thanks for any suggestions you might have.

 

Nat

Link to comment
Share on other sites
kaseytraeger Proficient

kaseytraeger

Posted
Posted

Nat,

 

I use forms for all email submissions. The email message is then processed through a PHP script. The email address is only known by the PHP script and is posted no where on the web page.

 

If you look here, you'll see what I'm talking about.

www.kaseyscreations.com/villagepantry/test-contactus.htm

 

Note that this page is not complete because the submit button will not actually send mail. But all I need to do is add an action to my form tag, such as <form action="mailscript.php">

 

I use a PHP mail script called Jack's FormMail. You can read about it here -- www.dtheatre.com/scripts. This script is very easy to set up. If you want to use it and need any help, please feel free to ask. I'll help you set up the script and customize it for your web site. Also, please feel free to copy the form coding I've used on the sample web page to create your own email form.

 

Have fun!

:D

Link to comment
Share on other sites
kaseytraeger Proficient

kaseytraeger

Posted
Posted

Nat,

 

Here's another page where I've customized the form to send mail to more than one person by selecting a radio button....

www.kaseyscreations.com/travisandkaseywedding/mailpage.htm

 

This page can easily be adapted to accomodate a large email contact directory.

:dance:

Link to comment
Share on other sites
webgyrl Mentor

webgyrl

Posted
  • Author
Posted

Kasey,

 

Thanks for the examples. I have used Jacks form mail for another site.

 

You made my day with the radio button suggestion. Exactly what I was seeking.

 

Will,

 

I will check that site out. Thanks

 

Nat

Link to comment
Share on other sites
kaseytraeger Proficient

kaseytraeger

Posted
Posted

Will,

 

Just be aware that Obfuscator encodes each letter of your email address into a 4 (or sometimes 3) character ISO-coded value. For example, my name, kasey, would be encoded as: (k)#107; (a)#97; (s)#115; (e)#101; (y)#121;

Note that I've removed the ampersand "&" from the front of each character so that you'd see the actual code value and not the translated HTML character.

 

While I don't know of too many spambots that can currently "decode" these characters, I wouldn't be too surprised if sometime in the near future they become more prevalent.

 

I've seen a number of HTML encoders that are supposed to encode your source code so that others can't read it. Many of them just translate each character into it's ISO-encoded brother. By typing a simple JavaScript command into my web browser's URL window, I can completely decode their "encoded" source code. I see this type of technology, if not already widely in use by email harvesters and spambots, to become SOP in the near future.

 

For what it's worth, there's some fat to chew on!!

 

:)

Link to comment
Share on other sites
kaseytraeger Proficient

kaseytraeger

Posted
Posted
Kasey,

 

...

 

You made my day with the radio button suggestion. Exactly what I was seeking.

Glad I could be of some assistance. Please let me know if you need help setting up the form or the script for your own application.

 

:dance:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...