SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Enthusiast
    Join Date
    Aug 2011
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Is mailto: a universal code?

    Hi,

    To avoid spam sent in through forms, I was thinking about deleting the mail form and replacing it with the good old-fashioned mailto:, of course with the e-mail address encrypted with javascript. That's a lot easier than captchas. But is mailto: a universal code? Does it also work if people have an Apple, or have Thunderbird as mail program?

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,789
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    mailto: only works inside the <a> tag in web pages and not with forms.

    Expect about 1000000 times as much spam if you use mailto: as you get with a contact form as that's the first thing the spambots look for.

    Also with a form you can use measures to block spammers after they start using the form. With mailto: once the spammer finds it the only solution is to delete the email address completely.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    Non-Member
    Join Date
    Apr 2011
    Location
    no fixed address
    Posts
    851
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by felgall View Post
    mailto: only works inside the <a> tag in web pages and not with forms.
    That is blatantly not true.

    For starters, this works in my IE9

    Code:
    <body>
            <form action="mailto:me@mydomain.xyz" method="post" enctype="text/plain">
                <input type="text" name="txt1" />
                <input type="submit" name="submit" value="Send" />
            </form>
        </body>
    When the send button is clicked, all the name/value pairs in the form are sent to the email address.

    However, there are disadvantages to using mailto: including

    1) Some older browsers don't support it

    2) It requires the user to have an email client program installed on their computer and to have it configured to work with a POP mail account

    3) The contents of the email are not encrypted for privacy.

  4. #4
    SitePoint Enthusiast
    Join Date
    Aug 2011
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Expect about 1000000 times as much spam if you use mailto:
    Like I wrote, I was gonna encrypt the email address with javascript, so I'd think that's not correct.

    It requires the user to have an email client program installed on their computer and to have it configured to work with a POP mail account
    I guess that's a compelling reason to keep using forms. Thanks. But just out of curiosity: would mailto:, whether used inside a form or as an <a> tag, work with all mail programs, also on Apples?

  5. #5
    Non-Member
    Join Date
    Apr 2011
    Location
    no fixed address
    Posts
    851
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Frank S View Post
    I guess that's a compelling reason to keep using forms. Thanks. But just out of curiosity: would mailto:, whether used inside a form or as an <a> tag, work with all mail programs, also on Apples?
    I would expect it would but I don't know for sure.

    My understanding of how mailto works is that it sends a "message" to the operating system to startup whatever email client program it has set as the default email program. Whether it works this way in all environments I am not sure. Bottom line - imho it's better and safer to send emails from a server side script where it will work in all cases.

  6. #6
    SitePoint Enthusiast
    Join Date
    Aug 2011
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Indeed. I might miss potential clients that are using web mail rather than a mail program.

    Thanks again.

  7. #7
    Mouse catcher silver trophy Stevie D's Avatar
    Join Date
    Mar 2006
    Location
    Yorkshire, UK
    Posts
    5,882
    Mentioned
    122 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by Frank S View Post
    To avoid spam sent in through forms, I was thinking about deleting the mail form and replacing it with the good old-fashioned mailto:, of course with the e-mail address encrypted with javascript. That's a lot easier than captchas. But is mailto: a universal code? Does it also work if people have an Apple, or have Thunderbird as mail program?
    As felgall says, there are ways to stop spam send through forms, but once an email address starts to get serious spam, it's dead.

    That said, you can significantly improve the chances of the email address not being harvested by using &#064; instead of @ in the text link and the mailto address.

    There are pros and cons of both mailto links and forms. Ideally you would offer both, and put suitable security measures and filters in place.

    If you only use mailto links then you are ruling out anyone who isn't at their home computer, and a fair number of people who are. Anyone who doesn't have an account (that they want to use) configured on the default mail client will be unable to contact you. That includes anyone at a library or internet cafe, anyone who is borrowing a friend's computer, a significant proportion of people using mobile phones and anyone using their work computer who doesn't want to use their work email.

    If you use Javascript-obfuscated mailto links then you can also rule out anyone who isn't running Javascript, including a large chunk of people using assistive technology and more mobile phone users.

    Do you really want to lose such a large proportion of potential contacts?

    If you only use forms then you rule out people who are too inept to type their email address in correctly. That turns out to be a frighteningly high number. You also annoy people who like to keep a copy of all emails they've sent, although that's less of a big deal.

  8. #8
    Non-Member
    Join Date
    Apr 2011
    Location
    no fixed address
    Posts
    851
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Stevie D View Post
    Do you really want to lose such a large proportion of potential contacts?
    "large proportion" compared to what? Can you quote the source of data you used to arrive at your opinion the proportion of users would be large?

    In my experience the number of users with javascript disabled or using assistive technology is relatively tiny.

  9. #9
    Mouse catcher silver trophy Stevie D's Avatar
    Join Date
    Mar 2006
    Location
    Yorkshire, UK
    Posts
    5,882
    Mentioned
    122 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by webdev1958 View Post
    "large proportion" compared to what? Can you quote the source of data you used to arrive at your opinion the proportion of users would be large?

    In my experience the number of users with javascript disabled or using assistive technology is relatively tiny.
    I was counting all the people you would lose from having only a mailto link, not just those who wouldn't cope with the requirement for Javascript.

  10. #10
    Non-Member
    Join Date
    Apr 2011
    Location
    no fixed address
    Posts
    851
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In the absence of supporting data, I am not convinced it will be a "large proportion" although obviously some potential contacts will be lost.

  11. #11
    om nom nom nom Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,275
    Mentioned
    50 Post(s)
    Tagged
    2 Thread(s)
    you can also rule out anyone who isn't running Javascript, including a large chunk of people using assistive technology
    We need to keep in mind here that, if "assistive technology" means screen readers, screen magnifiers and speech-control programs like Dragon Naturally Speaking, then Javascript is enabled for a majority of those people (for the same reasons it's enabled for the majority of any random web user: it's on by default in the browser and *most* people are not behind a script-blocking firewall or some such).

    The group of disabled who will have Javascript turned off are the people with things like photosensitive epilepsy, balance problems, extreme motion sickness and possibly people with attention disorders (because Javascript is often used to create distractions and goofy animations on pages than real direct basic functionality). If the site fights them that much, they'll leave.

    Mailto links are retarded, and don't work on my machine (after Evolution did a final, spectacular crash, I removed it from my computer entirely... what a worthless steaming pile of code that is), I highlight the link and copy it, and paste into my mail editor. Problem solved. I do hate accidentally clicking on the things though. Annoying.

    In the absence of supporting data,
    I don't think you'll ever get good data on that... even Yahoo's "test" was seriously flawed, but in general most analytics on web sites are performed by... you guessed it, Javascript. And tests like the one Yahoo did are too stupid to account for users whose Javascript is disabled via firewalls and plugins rather than in the browser itself. Almost every browser comes with a Javascript parser and such browsers have it enabled by default.

    In my experience the number of users with javascript disabled or using assistive technology is relatively tiny.
    The number of users with Javascript disabled is probably tiny. The number using assisitive technology, you cannot know, for they are not measurable via analytics in any way, shape or form (well, unless you want to add a survey to your site... but then, most people don't bother answering surveys which is why they are unreliable in representing *all* your users). You cannot detect if someone is using a screen reader or other application on their computer on top of their browser. Which is disappointing, for we'd all love to know the stats on these folks.

  12. #12
    SitePoint Enthusiast
    Join Date
    Aug 2011
    Posts
    85
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Frank S View Post
    But just out of curiosity: would mailto:, whether used inside a form or as an <a> tag, work with all mail programs, also on Apples?
    Yes, it works in my mail program on my mac.

  13. #13
    SitePoint Addict
    Join Date
    Nov 2009
    Posts
    308
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have no idea how spam messages are sent through forms but my guess will be the use of id or name attributes in the form elements. Wouldn't it help to fight spammers if you use unique attribute names other than the mostly used "name, email, message, submit" type of words?

  14. #14
    om nom nom nom Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,275
    Mentioned
    50 Post(s)
    Tagged
    2 Thread(s)
    ademmeda: have you heard of a honeypot?

    These are for the bots that automatically fill in forms. Usually they don't have Javascript abilities. You add a label-input pair where the label says "don't fill in! leave blank!" and the input is just a text input. You hide those using CSS or Javascript. Robots will fill it in, since they don't bother reading directions. Labels will get heard by humans who don't have CSS or Javascript, so screen reader users might hear the label but know not to fill it in.
    Your back-end script processing the form either dumps forms where that input is filled in, or sets those aside so you can check them later, whatever you make it do.

    Won't stop human spammers using a JS-enabled and/or CSS-ready browser though. Those get askime or whatever it's called.

  15. #15
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,121
    Mentioned
    448 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by Frank S View Post
    To avoid spam sent in through forms, I was thinking about deleting the mail form and replacing it with the good old-fashioned mailto:, of course with the e-mail address encrypted with javascript.
    Unfortunately, there's no surefire way to stop spam. Encoding the mailto link may help a bit, but it won't stop spam entirely. If nothing else, there are individuals out there who visit sites and send spam through forms or grab the visible email address and add it to a spam list. As mentioned, a form with a honeypot (a hidden tripwire field that a bot will fill in) does a good job, but it won't stop individuals posting spam through your form. The internet is a playground for scumbags, and you can't avoid them unless you keep away from the web entirely.
    Facebook | Google+ | Twitter | Web Design Tips | Free Contact Form

    Forum Usage: Tips on posting code samples, images and more

    Forrest Gump: "IE is like a box of chocolates: you never know what you're gonna get."

  16. #16
    SitePoint Enthusiast
    Join Date
    Aug 2010
    Posts
    57
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes, it will work with all the mail applications. Of cource it will not work with webmail applications.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •