Vintners.net: sendemail script use
Page last updated: 24-Dec-2002
Vinters.Net has provided (at no charge to its customers) a special
application for the sole purpose of protecting email addresses from
"spam" harvesting "robot"s. It is intended to be generic enough to
suit all email addresses. This page details how a customer would go
about setting up their web pages to use this application.
Click here for more general information about
spam management at Vintners.Net.
The way spam email harvesting robots work is to simply fetch every
page they can find, and search for
"<A href="mailto:..."> links. Some will also look
for anything that looks like an Internet email address, namely
letters, dashes, dots, numbers followed by an @, followed by letters,
dots, dashes, numbers.
The theory behind this app is that spam robots are not likely to
"push buttons". To do so would mean many more possible permutations
of any given page, with unlikely possibilities of getting more
addresses, so it's unlikely that commonly ever done.
However, if you wish to be conservative and assume that buttons are
indeed pushed by spam robots, we can accomodate you. Depending on how
you configure your page, the email address can either be a ready-to-go
directly clickable link, a link that must be manually modified by the
sender, or no address offered but instead a fillin form that will be
mailed by the server with the users info.
On your page -- as a button:
It's a bit tricky to set up, but not hard. In your HTML, for each
email address, you add a GET or POST action <FORM
...> directive with a few hidden fields.
Here's a sample:
<form method="POST" ACTION="http://vintners.net/cgi-bin/sendemail.pl">
<input type="hidden" name="user" value="username">
<input type="hidden" name="domain" value="domain.com">
<input type="submit" value="get email address">
</form>
And here's what it actually looks like:
yielding text (not a mailto: link) of "username@domain.com".
You may add the hidden options= values.
- none -- the default action is to simply display, as text (not as a
clickable link), the email address. This is better than nothing,
but is not recommended.
- 'a' -- Causes the address to be displayed as a clickable "mailto"
link. Doing this without any other modifiers defeats the entire
purpose, thus will cause an error unless other options are
specified as well.
- 'b' -- Adds the magic incantation "sendemail-remove." after the @,
thus creating an address that will bounce.
- 'c' -- Adds a space before and after the @ so as to make
the address unparsable.
- 'd' -- Never offers an email address at all -- simply puts up a
web form that takes the info for them, and emails it to the
supplied address. When using this uption, you'll probably
want to include the "page=..." value -- see below
There are also several optional text changes you may add to the
resulting email link.
- If a "page=http://<your-domain>/dir/page.htm" value is
present, this will be included in the email you receive (option 'd'
only). The value should be the URL of the web page that contains this
sendemail.pl link.
- Adding a "remove=value" arg. allows you to set your own
"sendemail-remove" value -- as an example, I've seen "NOSPAM" used
fairly commonly. (The presence of this implies option 'b'.) This will
work nicely for now, but if everyone uses "nospam", robots will soon
start stripping that when encountering it, making it moot.
- Adding "atsign=value" allows you to replace the "@" used
in the email address with your own chosen string -- this is often done
with "(at)". This is very effective as the text no longer looks like
an email address at all to the harvester robots. However, it's only a
matter of time before they start checking for this as well.
- Adding "title=value" will add a line like the following
to the option 'd' form screen:
This email will be sent to: "value"
Line-by-line description:
- The <FORM> line can be "GET" or "POST" method, however, we
recommend the latter for security reasons; all the data is
included in the URL with "GET" method. The action must be the
path in the sample.
- The hidden "user" line is where you put everything that goes to
the left of the @. (Be careful to match the upper/lower case
correctly.)
- The next hidden line is where you include everything to the right
of the @. (Be careful to match the upper/lower case
correctly.)
- The text in the submit button can say whatever you wish, simply
enter it into the "value" section.
Samples -- as a button:
Options="ab": The person sending email can simply click on the link
which will bring up their mailer program, but they must then go into
the address bar and delete the word "sendemail-remove." from the
address. eg;
<input type="hidden" name="options" value="a">
which yields "username@sendemail-remove.domain.com"
Options=c:
<input type="hidden" name="options" value="c">
which yields "username @ domain.com"
Using as a link:
If you really don't want to use it as a button, you can use it as
normal old HREF link, by calling out the URL from the ACTION above,
following it with a question mark, then your settings, seperated by
ampersands. eg;
<a href="http://vintners.net/cgi-bin/sendemail.pl?user=username&domain=domain.com&options=ac">options AC</a>
options AC
which yields: "user @ domain.com"
Most importantly, if using this latter method, you must use one of the
options. Spam robots will not be able to interpret this HREF as an
email address on its own, however as it is a normal link, they will
follow it. With no options, the resultant page does have the
legitimate mailto: HREF which would completely defeat the purpose of
using the script.
Here's a sample which replaces the "@" with "(at)":
<a href="http://vintners.net/cgi-bin/sendemail.pl?user=username&domain=domain.com&atsign=(at)&options=ac">options AC, atsign=(at)</a>
options AC, atsign=(at)
which yields: a clickable mailto: link,
"user (at) domain.com"
This method is a sure winner as the spam robots will no longer even
consider this to be an email address -- it's just more text. However,
it's only a matter of time before the robots start looking for this
too. (Doing this in a button is merely another "hidden"
field, just like "user" and "domain".)
The safest method all around, is to never offer an email address at
all. This may be less convenient for the sender as they're stuck with
their web browsers' editor instead of their favorite email editor. The
following method does this:
<a href="http://vintners.net/cgi-bin/sendemail.pl?user=user&domain=domain.com&options=d&page=http://vintners.net/webhelp/sendemailuse.html">options D</a>
options D
Lastly, you can choose to have a graphical confirmation string to
protect from spam robots that fill in forms. Simply add the following two lines:
<input type="text" size=4 name="confirm">
<!--#include virtual="/cgi-bin/numsgetimg.pl?gen=4" -->
The number 4 in this example dictates how many graphical characters to
display, and require them to enter.
You can also create a sendemail.cfg file in your data directory. This file may contain:
- MailServer: the mail server to use, typically localhost
- VendorDomain: the domain name that mail should appear to come from
- RequireNumbersConfirm: number of graphical numbers to display/require
Don't hesitate to call if you have problems with it or think of features you'd like to see added to it.
Contact us.
Copyright © 1997-2024
Vintners.Net
(running on host bayanus)