mail to or form?

B

bowler

Does the "mailto" code work in every country? Is it better to use a
form if you are directing your page to Polish or other East European
readers? I am not really an expert but I can make a basic page. I will
have to figure out how to make a form if mailto isn't universal.
 
A

Adrienne Boswell

Does the "mailto" code work in every country? Is it better to use a
form if you are directing your page to Polish or other East European
readers? I am not really an expert but I can make a basic page. I will
have to figure out how to make a form if mailto isn't universal.
Click to expand...

Mailto works if the user has an email client. Mailto does not work if
the user only has web mail, is at an Internet cafe or library, or not at
their own computer.

Usually, when I make contact forms, I include an option to cc the sender.

As an aside, I find it really bothersome when there is no email address
listed for a company, and ONLY a form. There are plenty of email
cleaning programs out there that can clean up any spam as a result of
this.
 
B

Beauregard T. Shagnasty

Adrienne said:
Actually, I've never had a problem.
Click to expand...

One of the first lines of defense is to not use:
contact.html/php/asp/whatever
as your file name. Or: formmail.html/pl <g>

I have one old site that uses contact.php, and a spammer regularly
(about once a week) tries to abuse it. Normally, he tries to stuff bcc:
addresses into a radio button field. <g>

The rest of my sites do not use that word and have never been found.
 
B

bowler

On May 21 said:
Mailto works if the user has an email client. Mailto does not work if
the user only has web mail, is at an Internet cafe or library, or not at
their own computer.
Click to expand...

I assumed that everybody who pays for a connection also gets their own
email address. Do some people set up their system so webmail comes up
when they click the mailto link?
As an aside, I find it really bothersome when there is no email address
listed for a company, and ONLY a form.
Click to expand...

ME TOO!
 
A

Adrienne Boswell

I assumed that everybody who pays for a connection also gets their own
email address. Do some people set up their system so webmail comes up
when they click the mailto link?
Click to expand...

Some people don't pay for a connection, for whatever reason, or their
parents have the connection. For example, my friend pays for
cable/Internet and uses only cable. Her 14 year old daughter uses
Internet, but has only a Yahoo address.

I have a Yahoo account (as you can see in the message header), and I use
it because I don't have to worry about notifying everyone if I change
service providers (talk about a PITA). I also have a email address from
my service provider, but I rarely, if ever, use it.

Webmail will not come up when clicking on a mailto link (unless you're
using a propritary browser). The application that is configured for the
browser will come up.
 
C

Cynode

Some people don't pay for a connection, for whatever reason, or their
parents have the connection. For example, my friend pays for
cable/Internet and uses only cable. Her 14 year old daughter uses
Internet, but has only a Yahoo address.
Click to expand...

Yeah, I have 5 computers in my house, we have one email address from
our cable company that no one uses (it's forwarded to my address, but
in the two years i've had this ISP i've gotten maybe 4 emails, all
from the ISP). Everyone in my house uses hotmail/yahoo type mail or
our own domain mail.
 
D

dorayme

bowler said:
ME TOO!
Click to expand...

Like sending personal information to a PO box address? Or like
the unease some people feel in seeing women in Western countries
in head to toe Burquas?
 
B

Beauregard T. Shagnasty

dorayme said:
Care to elaborate?
Click to expand...

An unscrupulous person can fill in the form using a victim's address and
have that "cc:" go to the victim. I'd also envision that the spammer
would make a local copy of the form, and blast it at the "action" script
with continuous submissions.
 
D

dorayme

"Beauregard T. Shagnasty said:
An unscrupulous person can fill in the form using a victim's address and
have that "cc:" go to the victim. I'd also envision that the spammer
would make a local copy of the form, and blast it at the "action" script
with continuous submissions.
Click to expand...

Trying to get my head around these points. A spammer who already
knows the email address of people can do all manner of things,
what is so attractive to a spammer of a form that has a CC input?
That he gets also to send info to the form's owner?

Perhaps the penny will drop for me, but it is still early here.

I have learnt something from this thread: that it is likely many
people don't like a mere contact form without a proper email
address as an alternative means of communication. And that there
is some downside (which I don't fathom completely) to putting in
a CC field.
 
B

Beauregard T. Shagnasty

dorayme said:
Trying to get my head around these points. A spammer who already
knows the email address of people can do all manner of things, what
is so attractive to a spammer of a form that has a CC input?
Click to expand...

Spammers never send from their own accounts. They use botnets of
clueless Windows users; they use open relays on mail servers; and they
use insecure web forms, where they inject bcc: lists. They forcefeed to
get maximum output in the shortest amount of time, before the
compromised source is shut down.

In this case, there is already a cc: field so they can annoy anyone even
if the form itself is secure.
That he gets also to send info to the form's owner?
Click to expand...

He doesn't care about that. Adrienne probably would, as soon as her
Inbox filled up. :-0
Perhaps the penny will drop for me, but it is still early here.
Click to expand...

I have learnt something from this thread: that it is likely many
people don't like a mere contact form without a proper email address
as an alternative means of communication. And that there is some
downside (which I don't fathom completely) to putting in a CC field.
Click to expand...

The downside is spammers can use it. The upside is .. well, the poster
gets a copy of hir submission to the web form, for the records.
Personally, I don't think it is necessary, so long as the web site owner
responds in a timely fashion.
 
J

John Hosking

dorayme said:
Trying to get my head around these points. A spammer who already
knows the email address of people can do all manner of things,
what is so attractive to a spammer of a form that has a CC input?
That he gets also to send info to the form's owner?
Click to expand...

No. The advantage is that the spammer can use the site owner's SMTP
server to send all the spam for him/her/it. It (the spammer) doesn't
need to obfuscate the source or routing of its spam messages, since
they're all coming from the poor sap who put up the Web site with the
sieve-like contact form. The recipients can't possibly determine the
spammer's identity or location.
 
D

dorayme

"Beauregard T. Shagnasty said:
dorayme wrote:

Spammers never send from their own accounts.
Click to expand...

Right, the penny dropped. It was a second cup of tea that helped
too. Thanks B.
 
D

dorayme

.... snip my q for obvious reasons of pride ...

No. The advantage is that the spammer can use the site owner's SMTP
server to send all the spam for him/her/it. It (the spammer) doesn't
need to obfuscate the source or routing of its spam messages, since
they're all coming from the poor sap who put up the Web site with the
sieve-like contact form. The recipients can't possibly determine the
spammer's identity or location.
Click to expand...

I guess I was thinking that spammers had no end of means of
obscuring their addresses without realising that this form way
with a CC is also a good one for them and has the advantage you
mention.
 
A

Adrienne Boswell

If you allow a fill in email where message can be CC'd your could put
nice lists like:

(e-mail address removed);[email protected],[email protected]...

and then put their SPAMing message in message field

"See Britney's ***** at http://www....."

and your form is now used to broadcast SPAM, yum!
Click to expand...

That's where server side check is most important. Email addresses have
to be a valid format. I can also do a mx check before the message even
gets to the SMTP server.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Contact form question 2
Login form no longer working 2
Mandatory Elements To Conduct JavaScript Form Manipulation 7
Issue with passing fetched data to POST form. How can I? 0
How to get education and coding job coming from abroad starting new in the US? Advice of courses or places to look? 2
Release form like IOS app to a group of people 0
Image shifts to the right when export the page to pdf 4
FOSS or Freeware, Prefferably Runs on Linux Mint: Search US Goverment Records, Legally to Find Literarary Work 8

Members online

No members online now.
Total: 31 (members: 0, guests: 31)
Robots: 334

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,022
Latest member
MaybelleMa

Latest Threads

Top