Mailto links in Web Pages

  Taff™ 12:41 08 Jan 2008

I know these are a target for spam but what is the best way to get round the problem? I want to generate a simple enquiry and so far I have managed to set up a hyperlink that opens up the default email program addressed to a recipient with the subject "Website Enquiry"

If heard that if I set up the e-mail address as an image and made it a hot spot this might solve the problem.

Ideally I`d like a simple form with maybe four form fields but will this also be a target for spammers?

  CodeMeister 12:51 08 Jan 2008

If you have a server-side programming language such as PHP or ASP.Net available as part of your hosting package, then create a proper "contact" form via which a user may enter their email address and message and this then gets submitted back to the server and the server-side code sends the email rather than the client-side code.

Alternatively, you could embed the email address with a Flash movie or a GIF image, neither of which will be readable by spambots.

If you can give us a bit more information about your hosting setup then we will be in a better position to propose solutions.

  Kemistri 12:53 08 Jan 2008

There are three things to be born in mind with e-mail options: avoiding spam and hijacking; providing convenience for your visitors in a guided way; and supporting accessibility needs.

Folks who don't bite the bullet and use an HTML form that calls a securely coded PHP file have limited options that tend to involve obfuscation. These include the use of a graphical representation of the e-mail address with no plain text equivalent (hidden or otherwise -- this fails accessibility in a fundamental way -- or plain text that people have to type into their mail client -- this is unfriendly and does not prevent harvesting.

So, it's a form that you need and nothing else will cut it. When written properly, a form is fully accessible to screen readers and those with poor eyesight; it guides the user to input the information that you want; and a properly coded PHP file will minimise spam or even cut it out entirely, and hijacking will not be possible. The only way of sending spam in a well coded form is to enter it directly, and even this can be blocked pretty effectively by keyword filtering.

  SimpleSimon1 14:49 09 Jan 2008

Although I'm a relative newbie to all this, I'd agree with Kemistri that non-form solutions either impact on accessibility or are only partially effective.

For example, you will find many sites which claim to be able to obfuscate your mailto address for you (they convert the readable address into extended HTML, or use JAVA routines). However, it is fairly widely accepted that modern spambots can unscramble the result and harvest the decoded address (at least, for HTML and, possibly JAVA). This is likely to lead to an 'arms race' where the obfuscators constantly tweak their coding routines, the harvesters constantly tweak their decoding routines and the poor old web site maintainer has to regularly update their mailto links :-)

Forms seem a bit scary but, when you've read a couple of articles, you realise that they're actually pretty easy. I achieved this (click here) with no knowledge of PERL or PHP. All I used was a standard drop-in mail script which can be downloaded from many places on the web (whoever's hosting your site will almost certainly have a copy available to you).

Generating the form was pretty easy cos Dreamweaver did all work. However, even if you're coding by hand, a quick glance at my HTML code should show you how it's done.

Once you've got the form, you need a script to actually send the email. Generally people will tell you to use the FormMail script (download from the developers website) and your hosting ISP will almost certainly have a copy, as well.

However, many people (including the author of FormMail) suggest that the original FormMail script is now generally recognised as insecure (see few few paras of article here click here).

Consequently, the recommend using nmsFormMail as a drop-in replacement (available here click here)

Take a look at the html source on my contact form and you should see how it all hangs together. The key line you're looking for (which actually links the form to the script) is:

<form name="ContactForm" id="ContactForm" method="post" action="scripts/LetsTalk.cgi">

LetsTalk.cgi is simply the renamed FormMail script.

Lastly, the people on my second link (Horizon Web Developement) have come up with a neat way of stopping spambots using your form (thus saving you having to set up keyword filtering). The article describes exactly how it is done but basically, it's a very simple script mod (two lines of code) (plus a hidden field on your form).

Although I know nothing about PERL, after reading the article at the link (and the 'rwedge solution' in the associated codingforums link), it took me slightly less than 2 mins to configure the script and implement the anti-spam changes in it and the form. IMPORTANT: If you are going to do this, don't forget to comment out the as described in the blog comments.

The result seems to work perfectly (so far, at least!).

The nice thing about this approach was that it needed no coding skill - the hidden field mod was done by cut and paste from the blog. Kemistri is one of our resident PHP experts and he can do the same sort of thing via a PHP script. However, I get the impression that PHP isn't for novices like me.

Anyway, nmsFormMail PERL script or PHP script....either should work so the choice is yours.

  Taff™ 08:14 10 Jan 2008

Thanks for the input and apologies for the delay in responding, I was on a mission yesterday.

I`ve got a bit of reading to do and I`ll post back later this week.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5T review: Hands-on

Illustrator Andrés Lozano on his improv line work, brazen use of colours & hand sketching

iPhone X review

Comment envoyer gratuitement des gros fichiers ?